Section 19 Authentication Flashcards
Use of two or more authentication factors to prove a user’s identity.
Multifactor Authentication
A password is computed from a shared secret and current time.
Time based one time password (TOTP)
A password is computed from a shared secret and is synchronized between the client and server.
HMAC based One Time Password (HOTP)
Process to check the user’s or system’s attributes or characteristics prior to allowing it to connect.
Context Aware Authentication
A default user profile for each user is created and linked with all of the resources needed.
Single Sign On (SSO)
A single identity is created for a user and shared with all of the organizations in a federation.
Federated Identity Management (FIDM)
Utilizes a web trust between organizations where each one certifies others in the federation.
Cross Certificaiton
Organizations are able to place their trust in a single third party. (Also called a bridge model.)
Trusted Third Party
Attestation model built upon XML used to share federated identity management information between systems.
Security Assertion Markup Language (SAML)
An open standard and decentralized protocol that is used to authenticate users in a federated identity management system.
Open ID
Standardized framework used for part based authentication on wired and wireless networks.
802.1x
A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure.
Extensible Authentication Protocols (EAP)
Provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication.
EAP FAST
Supports mutual authentication by using server certificates and Microsoft’s Active Directory to authenticate a client’s passwords.
Protected EAP (PEAP)
A database used to centralize information about clients and objects on the networks.
Lightweight Directory Access Protocol (LDAP)
An authenticated protocol used by Windows to provide for two ways (mutual) authentication using a system of tickets.
Kerberos
Microsoft’s proprietary protocol that allows administrators and users to remotely connect to another computer via GUI.
Remote Desktop Protocol (RDP)
Cross platform version of the Remote Desktop Protocol for remote user GUI access.
Virtual Network Computing (VNC)
Used to provide authentication but is not considered secure since its transmits the login credentials undecrypted (in the clear).
Password Authentication Protocol (PAP)
Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers.
Challenge Handshake Authentication Protocol (CHAP)
Allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network.
Virtual Private Network (VPN)
Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers.
VPN Concentrator
A remote workers machine diverts internal traffic over the VPN but external traffic over their own internet connection.
Split Tunneling
Provides centralized administrator of dial up, VPN, and wireless authentication services for 802.1x and the Extensible.
Remote Authentication Dial In User Service (RADIUS)
Brute force attack in which multiple user accounts are tested with a dictionary of common passwords.
Password Spraying
Brute force attack in which stolen user account names and passwords are tested against multiple websites.
Credential Stuffing
A software vulnerability where the authentication mechanism allows an attacker to gain entry.
Broken Authentication
