Section 19 - Authentication Flashcards
What is multi-factor authentication?
Use of two or more authentication factors to prove a user’s identity
What is exponentially more secure than long passwords?
Multi-factor authentication
There are five basic factors of authentication that you can consider when determining if somebody is who they say they are. What are they?
Knowledge - the user provides a piece of memorized information
Ownership - the user proves that they have something in their possession that identifies them
Characteristic - something that the person is (usually accomplished with a biometic technology like fingerprint, iris or facial recognition)
Location - refers to where a person is when they’re trying to log into their account
Action - something that a user does (like signing your name)
What is TOTP?
Time Based One Time Password
A password is computed from a shared secret and current time
What is HOTP?
HMAC Based One Time password
A password is computer from a shared secret and is synchronized between the client and the server
*** HMAC - Hash-based Message Authentication Code
What is the difference between TOTP and HOTP?
Time-based One-time Password (TOTP) is a time-based OTP. The seed for TOTP is static, just like in HOTP, but the moving factor in a TOTP is time-based rather than counter-based.
Aside from multi-factor authentication, there are three other options that can be utilized by an organization. What are they?
Context-aware authentication
Single sign-on authentication
Federated Identity Management
What is Context-aware Authentication?
Process to check the user’s or system’s attributes or characteristics prior to allow it to connect?
*** The most common form of this is limiting the time or day that the user is able to log onto a particular client or server or to limit the geographic location that the user can log in from
What is Single Sign-On (SSO)?
A default user profile for each user is created and linked with all of the resources needed
*** It’s where an organization establishes a default user profile and links that profile to all of the different resources the user wants to access. Under this system, the user then creates a single long, strong password that they can memorize. This eliminates the need to remember different login credentials.
What is FIDM?
Federal Identity Management
A single identity is created for a user and shared with all of the organization in a federation
***Each organization that joins this Federation has agreed to a common set of standards and policies for the use of identification. This allows a Federated Identity to be created for that user. This identity can then be used across all of those different businesses that are part of the Federation,
What are the two models of FIDM?
Cross Certification
Trusted Third Party
What is the Cross Certification model?
Utilizes a web of trust between organizations where each one certifies others in the federation
*** Each organization is going to certify every other organization inside the Federation.
This works well when there’s just a small number of organizations inside the Federation. But once that number gets large, anything above 5 or 10 organizations, it becomes pretty difficult to manage.
Thinking back to your early network studies,
you can relate the Cross Certification model to a full mesh network model. Anything higher than about five organizations and this model is going to break down really, really quickly.
What is the Trusted Third-Party model?
Organizations are able to place their trust in a single third-party
*** This third party, then, manages the verification and certification for all of the organizations within the Federation.
This is more similar to the way a traditional certificate authority on the Internet is going to work.
In this model, it’s quite efficient even with a large number
of organizations within the Federation,
because everybody goes to that one trusted person
to get their verification done.
The Trusted Third Party model is also referred to as?
The Bridge Model
What is SAML?
Security Assertion Markup Language
Attestation model built upon XML used to share federated identity management information between systems
*** This supports FIDM. It is used to authenticate and authorize between different systems especially over the internet using Single Sign-On method. This is used across the web by many large organizations.
What is OpenID?
An open standard and decentralized protocol that is used to authenticate users in a federated identity management system
*** This allows users to log into an identity provider and they can then utilize that same account across all of the cooperating websites. These websites are known as RP’s or Relying Parties. The largest and most well known of these is Google.
What is 802.1x?
MUST KNOW FOR TEST
Standardized framework used for port-based authentication on wired and wireless networks
This is an IEEE standard
Is a data link layer device
*** This is just the framework so it utilizes other mechanisms to do the real authentication for us. Such as, RADIUS and TACACS+
What does RADIUS stand for?
Remote Authentication Dialing User Service
What does TACACS+ stand for?
Terminal Access Controller Access Control System Plus
There are three roles that are required for an authentication to occur under 802.1x. What are they?
- Supplicant - the device or user that’s requesting access to the network
- Authentication - the device through which the supplicant is attempting to access the network
- Authentication Server - the centralized device that performs the authentication which is usually your RADIUS or TACACS+ server
What is considered to be one of the best protections that you can add to your internal network connectivity to prevent rogue devices from gaining access to your organization’s devices and connections?
802.1x
What is EAP?
Extensible Authentication Protocol
A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure
*** 802.1x allows for us to encapsulate EAP when we’re using a wired or wireless connection
What is EAP-MD5?
A variant of EAP that utilizes simple passwords and the challenge handshake authentication process to provide remote access authentication
*** This is a one way process and does not provide mutual authentication
What is EAP-TLS?
A variant of EAP that’s going to use public key infrastructure with a digital certificate being installed on both the client and the server as a method of authentication
*** This makes it immune to password based attacks since it uses digital certificates to identify. This is considered a form of mutual authentication.
What is mutual authentication?
When both devices, the client and the server, are going to authenticate with one another.
What is EAP-TTLS?
A variant of EAP that uses a server-side digital certificate and a client-side password for mutual authentication
*** This is more secure than EAP-MD5 which just uses password but less secure than EAP-TLS because that one removes password vulnerability entirely.
What is EAP-FAST?
EAP Flexible Authentication provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication
What are the five variants of EAP?
EAP-TLS
EAP-TTLS
EAP-FAST
EAP-MD5
PEAP
What is PEAP?
Protected EAP supports mutual authentication by using server certificate and Microsoft’s Active Directory to authenticate a client’s password
In addition to all of the variants of EAP, there’s a proprietary protocol from Cisco called what?
LEAP
Lightweight EAP
What is LDAP?
MUST KNOW FOR TEST
Lightweight Directory Access Protocol
A database used to centralize information about clients and objects on the network
Is an application layer protocol
** This is essentially a directory service which contains a hierarchical organization of the users, groups, servers and systems inside your network.
LDAP communicates over which port?
389 - unencrypted
636 - encrypted
Microsoft created its own implementation of LDAP known as…?
AD or Active Directory
What is Active Directory?
In the Windows domain, this is used to organize and manage everything on the network, including those clients, servers, devices, users and groups.
** It is an example of a single sign-on system
What is Kerberos?
MUST KNOW FOR TEST
An authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets
Kerberos utilizes which port?
Port 88
What is RDP?
Remote Desktop Protocol
Microsoft’s proprietary protocol that allows administrators and users to remotely connect to another computer via a GUI
RDP doesn’t provide ___ natively.
authentication
*** It provides encryption but not authentication. Therefore you must enable SSL or TLS for service authentication and require digital certificates for increased security.
What is VNC?
Virtual Network Computing
Cross-platform version of the Remote Desktop Protocol for remote user GUI access
*** Where RDP works on Windows machines, VNC works on Linux, OSX or Windows.
What port does VNC work over?
5900
What port does RDP work over?
3389
When implementing remote access to your network, you have to carefully select the method of network authentication. What are your options?
PAP
CHAP
EAP
What is PAP?
Password Authentication Protocol
Used to provide authentication but is not considered secure since it transmits the login credentials unencrypted (in the clear)
What is CHAP?
MUST KNOW FOR TEST
Challenge Handshake Authentication Protocol is the evolution of PAP that provides authentication by using the user’s password to encrypt a challenge string of random numbers
This authentication scheme is used in dial up connections
What is a VPN?
Virtual Private Network allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network
This is commonly used by teleworkers and traveling employees so that they can remotely access the corporate resources, like intranet and file servers.
Remote Access VPN or Client-to-Site VPN
VPN’s rely on two different protocols when they’re being operated. What are they?
Point to Point Tunneling Protocol
Layer Two Tunneling Protocol
One area of concern that exists with VPNs is ensuring that clients aren’t using what?
Split Tunneling
What is Split Tunneling?
A remote worker’s machine diverts internal traffic over the VPN but external traffic over their own internet connection
What is RADIUS?
Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the EAP
*** A client/server protocol that runs over the 7th layer of the OSI model, the application layer. IT is used to authenticate users, authorize them to services and account for their usages of those services. It is an example of an AAA.
RADIUS uses which port?
Authentication - 1812 (proprietary port 1645)
Accounting - 1813
(proprietary port 1646)
UDP
What is Cisco’s proprietary version of RADIUS?
TACACS+
Terminal Access Controller Access Plus
TACACS+ uses which port?
49
TCP
What is RAS?
MUST KNOW FOR TEST
Remote Access Services
Service that enables dial-up and VPN connections to occur from remote clients
What is TACACS+?
Cisco’s proprietary version of RADIUS that provides seperate authentication and authorization functions over port 49 (TCP)
*** Because it is Cisco only, it is not considered cross platform
What is spoofing?
A software-based attack where the goal is to assume the identity of a user, process, address, or other unique identifier
What is a Man-in-the-Middle attack?
An attack where the attacker sits between two communicating hosts and transparently captures, monitors, and relays all communication between the hosts
What is a Man-in-the-browser (MitB) attack?
An attack that intercepts API calls between the browser process and its DLLs
What is the difference between a Man-in-the-Middle and a Man-in-the-browser attack?
If you’re attacking the network or between two clients, you’re a man in the middle.
If you’re using the browser to do it, you’re a man in the browser.
What is password spraying?
Brute force attack in which multiple user accounts are tested with a dictionary of common passwords
What is credential stuffing?
Brute force attack in which stolen user account names and passwords are tested against multiple branches
What is Broken Authentication?
A software vulnerability where the authentication mechanism allows an attacker to gain entry
*** essentially, the coders did a bad job
What is session hijacking?
This is when the application is vulnerable because you’re using session keys that aren’t strong and are easy to guess