Module 4 / Unit 5 / Authentication and Endpoint Security Flashcards
What element is missing from the following list and what is its purpose: identification, authentication, accounting.
Authorization - assigning privileges over the network object to the subject.
Why do malicious insider threats often pose greater risk than malicious users generally?
Malicious insiders are trusted users, meaning they have existing privileges to work on the network and access resources.
Why is a logic bomb unlikely to be detected by anti-virus software?
Most anti-virus software depends on signatures of known malware to detect threats. A logic bomb is a specially crafted script or program that runs according to specific triggers, ususally perpetrated by an insider threat, and so unlikely to be detectable by routine scans.
What is the purpose of SSO?
Single Sign-on allows users to authenticate once to gain access to different resources. This reduces the number of logins a user has to remember.
How do social engineering attacks succeed?
They generally depend on lack of security awareness in users. An attacker can either be intimidating (exploiting users’ ignorance of technical subjects or fear of authority) or persuasive (exploiting the “customer service” mindset to be helpful developed in most organizations).
How might an attacker recover a password from an encrypted hash?
By using a password cracking tool. This may recover the password if it uses a simple dictionary word or if it is insufficiently long and complex (brute force).
What are the main features of a digital certificate?
A digital certificate contains the subject’s public key, which can be used to cryptographically authenticate the subject and encrypt messages sent to it. The certificate is signed by a Certificate Authority (CA) that has validated the subject’s identity. The certificate contains other information to identify the subject and describe its purpose.
What are the main features provided by Kerberos authentication?
Single sign-on and support for mutual authentication.
What is a RADIUS client and how should it be configured?
A device or server that accepts user connections. Using RADIUS architecture, the client does not need to be able to perform authentication itself; it passes the logon request to an AAA server. The client needs to be configured with the RADIUS server address and preshared key.
How does the “ARP inspection” security feature of a switch mitigate against ARP flooding?
It maintains a trusted database of IP:ARP mappings and blocks any nonconforming gratuitous ARP replies from untrusted ports.
True or false? A switch implementing 802.1X would be described as an “authenticator”.
True.
What is meant by “remediation” in the context of NAC?
The options provided to a client that does not meet the health policy - for example, allowed basic internet access only, given access to required patches, and so on.
