MODULE 3 Flashcards
1
Q
User authentication:
A
Establishing confidence in user identities
2
Q
Claimant:
A
A party to be authenticated
3
Q
User authentication methods:
A
- Password-based
- Token-based
- Static biometrics
- Dynamic biometrics
4
Q
Risk assessment for user authentication:
A
- Assurance level
- Potential impact
- Areas of risk
5
Q
Password vulnerabilities:
A
- Popular password attack
- Offline dictionary attack
- Workstation hijacking
- Guessing password against single user
- Exploiting user mistakes
- Exploiting multiple password use
- Specific account attack
- Electronic monitoring
6
Q
Countermeasures for password vulnerabilities:
A
- Intrusion detection
- Encrypted networks
- Policies against common passwords
- Account lockout
- Stop unauthorized access to password file
- Training
- Automatic logout
6
Q
Need for a salt value:
A
- Prevent duplicates in password file
- Increase difficulty of offline dictionary attack
7
Q
Dictionary attack:
A
Comparing each word in a dictionary against hash in password file
7
Q
John the Ripper:
A
Open-source password cracker that combines brute-force and dictionary techniques
8
Q
Rainbow table:
A
A large dictionary of possible passwords and all salt values hashes of them
9
Q
Password file access control vulnerabilities:
A
- Exploit OS bug
- Permission accident
- Users reusing passwords
- Unprotected backup
- Unprotected networks
10
Q
Drawbacks of memory cards:
A
- Needs special readers
- Loss of token
- User dissatisfaction
10
Q
Techniques for better passwords:
A
- User education
- Computer-generated passwords
- Reactive password checking (periodic)
- Proactive password checking (at selection)
11
Q
Smartcard authentication types:
A
- Static
- Dynamic
- Challenge-response
12
Q
Biometric authentication:
A
Authenticate user based on physical characteristics
