Section 19: Authentication

Question 1

what are the five different kinds of authentication?

Answer 1

Knowledge

Ownership

Characteristic

Location

Action

Question 2

Username and password are only considered ________ authentication

Answer 2

single-factor

Question 3

Time-based one time password

Answer 3

a password is computed from a shared secret and current time

Question 4

HMAC based on time password

Answer 4

a password is computed from a shared secret and is synchronized between the client and the server

Question 5

context aware authentication

Answer 5

process to check the user’s or system’s attributes or characteristics prior to allowing it to connect (limiting time or day you can log on or location)

Question 6

Single sign on

Answer 6

a default user profile for each user is created and linked with all of the resources needed

Question 7

Federated Identity Management

Answer 7

A single identity is created for a user and shared with all of the organizations in a federation

Question 8

Cross Certification

Answer 8

Utilizes a web of trust between organizations where each one certifies the other (smaller batch of corporations)

Question 9

Trusted ThirdiParty

Answer 9

Organizations are able to place their trust in a single third part

Question 10

SAML

Answer 10

Built upon XML and used for authentication (Security Assertion Markup Language)

Question 11

OpenID

Answer 11

An open standard and decentralized protocol to authenticate users (Google uses this)

Question 12

802.1x

Answer 12

Standardized framework used for port based authentication (uses RADIUS and TACACS+, your choice)

Question 13

802.1x is great for preventing

Answer 13

Rogue devices

Question 14

LDAP

Answer 14

Database used to centralize information about clients and objects on the network (active directory is Microsoft’s version of this)

Question 15

Kerberos

Answer 15

An authentication protocol used by Windows to provide for two-way or mutual authentication (port 88) a domain controller can be a single point of failure for Kerberos (to combat people have primary and secondary DC)

Question 16

Password Authentication Protocol

Answer 16

Really old protocol, not really considered secure, unencrypted

Question 17

Challenge Handshake Authentication Protocol

Answer 17

Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers

Question 18

Site to Site VPN

Answer 18

Connecting two different offices together

Question 19

VPN concentrator

Answer 19

Allows hundreds of VPN connections

Question 20

Split Tunneling

Answer 20

A remote worker’s machine diverts internal traffic over the VPN but external traffic over their own internet connection

Question 21

RADIUS

Answer 21

operates at the application layer; runs on a server; authenticates users; utilizes UDP for connections; 1812 for authentication and 1813 for accounting

Question 22

TACACS+

Answer 22

Cisco’s proprietary version of RADIUS that operates over port 49

Question 23

How do you restrict password attacks?

Answer 23

Restrict logon attempts

Question 24

Password Spraying

Answer 24

Brute force attack where many passwords are used f

Question 25

Credential Stuffing

Answer 25

Brute force attack in which stolen user account names and passwords are tested against multiple websites

Question 26

Broken Authentication

Answer 26

A software vulnerability where the authentication mechanism allows an attacker to gain entry