Section 19: Authentication Flashcards

1
Q

what are the five different kinds of authentication?

A

Knowledge

Ownership

Characteristic

Location

Action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Username and password are only considered ________ authentication

A

single-factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Time-based one time password

A

a password is computed from a shared secret and current time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

HMAC based on time password

A

a password is computed from a shared secret and is synchronized between the client and the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

context aware authentication

A

process to check the user’s or system’s attributes or characteristics prior to allowing it to connect (limiting time or day you can log on or location)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Single sign on

A

a default user profile for each user is created and linked with all of the resources needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Federated Identity Management

A

A single identity is created for a user and shared with all of the organizations in a federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cross Certification

A

Utilizes a web of trust between organizations where each one certifies the other (smaller batch of corporations)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Trusted ThirdiParty

A

Organizations are able to place their trust in a single third part

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SAML

A

Built upon XML and used for authentication (Security Assertion Markup Language)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

OpenID

A

An open standard and decentralized protocol to authenticate users (Google uses this)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

802.1x

A

Standardized framework used for port based authentication (uses RADIUS and TACACS+, your choice)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

802.1x is great for preventing

A

Rogue devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

LDAP

A

Database used to centralize information about clients and objects on the network (active directory is Microsoft’s version of this)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Kerberos

A

An authentication protocol used by Windows to provide for two-way or mutual authentication (port 88) a domain controller can be a single point of failure for Kerberos (to combat people have primary and secondary DC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Password Authentication Protocol

A

Really old protocol, not really considered secure, unencrypted

17
Q

Challenge Handshake Authentication Protocol

A

Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers

18
Q

Site to Site VPN

A

Connecting two different offices together

19
Q

VPN concentrator

A

Allows hundreds of VPN connections

20
Q

Split Tunneling

A

A remote worker’s machine diverts internal traffic over the VPN but external traffic over their own internet connection

21
Q

RADIUS

A

operates at the application layer; runs on a server; authenticates users; utilizes UDP for connections; 1812 for authentication and 1813 for accounting

22
Q

TACACS+

A

Cisco’s proprietary version of RADIUS that operates over port 49

23
Q

How do you restrict password attacks?

A

Restrict logon attempts

24
Q

Password Spraying

A

Brute force attack where many passwords are used f

25
Q

Credential Stuffing

A

Brute force attack in which stolen user account names and passwords are tested against multiple websites

26
Q

Broken Authentication

A

A software vulnerability where the authentication mechanism allows an attacker to gain entry