Section 19 - Authentication

Question 1

What is multi-factor authentication?

Answer 1

Use of two or more authentication factors to prove a user’s identity

Question 2

What is exponentially more secure than long passwords?

Answer 2

Multi-factor authentication

Question 3

There are five basic factors of authentication that you can consider when determining if somebody is who they say they are. What are they?

Answer 3

Knowledge - the user provides a piece of memorized information

Ownership - the user proves that they have something in their possession that identifies them

Characteristic - something that the person is (usually accomplished with a biometic technology like fingerprint, iris or facial recognition)

Location - refers to where a person is when they’re trying to log into their account

Action - something that a user does (like signing your name)

Question 4

What is TOTP?

Answer 4

Time Based One Time Password

A password is computed from a shared secret and current time

Question 5

What is HOTP?

Answer 5

HMAC Based One Time password

A password is computer from a shared secret and is synchronized between the client and the server

*** HMAC - Hash-based Message Authentication Code

Question 6

What is the difference between TOTP and HOTP?

Answer 6

Time-based One-time Password (TOTP) is a time-based OTP. The seed for TOTP is static, just like in HOTP, but the moving factor in a TOTP is time-based rather than counter-based.

Question 7

Aside from multi-factor authentication, there are three other options that can be utilized by an organization. What are they?

Answer 7

Context-aware authentication

Single sign-on authentication

Federated Identity Management

Question 8

What is Context-aware Authentication?

Answer 8

Process to check the user’s or system’s attributes or characteristics prior to allow it to connect?

*** The most common form of this is limiting the time or day that the user is able to log onto a particular client or server or to limit the geographic location that the user can log in from

Question 9

What is Single Sign-On (SSO)?

Answer 9

A default user profile for each user is created and linked with all of the resources needed

*** It’s where an organization establishes a default user profile and links that profile to all of the different resources the user wants to access. Under this system, the user then creates a single long, strong password that they can memorize. This eliminates the need to remember different login credentials.

Question 10

What is FIDM?

Answer 10

Federal Identity Management

A single identity is created for a user and shared with all of the organization in a federation

***Each organization that joins this Federation has agreed to a common set of standards and policies for the use of identification. This allows a Federated Identity to be created for that user. This identity can then be used across all of those different businesses that are part of the Federation,

Question 11

What are the two models of FIDM?

Answer 11

Cross Certification

Trusted Third Party

Question 12

What is the Cross Certification model?

Answer 12

Utilizes a web of trust between organizations where each one certifies others in the federation

*** Each organization is going to certify every other organization inside the Federation.
This works well when there’s just a small number of organizations inside the Federation. But once that number gets large, anything above 5 or 10 organizations, it becomes pretty difficult to manage.
Thinking back to your early network studies,
you can relate the Cross Certification model to a full mesh network model. Anything higher than about five organizations and this model is going to break down really, really quickly.

Question 13

What is the Trusted Third-Party model?

Answer 13

Organizations are able to place their trust in a single third-party

*** This third party, then, manages the verification and certification for all of the organizations within the Federation.
This is more similar to the way a traditional certificate authority on the Internet is going to work.
In this model, it’s quite efficient even with a large number
of organizations within the Federation,
because everybody goes to that one trusted person
to get their verification done.

Question 14

The Trusted Third Party model is also referred to as?

Answer 14

The Bridge Model

Question 15

What is SAML?

Answer 15

Security Assertion Markup Language

Attestation model built upon XML used to share federated identity management information between systems

*** This supports FIDM. It is used to authenticate and authorize between different systems especially over the internet using Single Sign-On method. This is used across the web by many large organizations.

Question 16

What is OpenID?

Answer 16

An open standard and decentralized protocol that is used to authenticate users in a federated identity management system

*** This allows users to log into an identity provider and they can then utilize that same account across all of the cooperating websites. These websites are known as RP’s or Relying Parties. The largest and most well known of these is Google.

Question 17

What is 802.1x?

Answer 17

MUST KNOW FOR TEST

Standardized framework used for port-based authentication on wired and wireless networks

This is an IEEE standard

Is a data link layer device

*** This is just the framework so it utilizes other mechanisms to do the real authentication for us. Such as, RADIUS and TACACS+

Question 18

What does RADIUS stand for?

Answer 18

Remote Authentication Dialing User Service

Question 19

What does TACACS+ stand for?

Answer 19

Terminal Access Controller Access Control System Plus

Question 20

There are three roles that are required for an authentication to occur under 802.1x. What are they?

Answer 20

1. Supplicant - the device or user that’s requesting access to the network
2. Authentication - the device through which the supplicant is attempting to access the network
3. Authentication Server - the centralized device that performs the authentication which is usually your RADIUS or TACACS+ server

Question 21

What is considered to be one of the best protections that you can add to your internal network connectivity to prevent rogue devices from gaining access to your organization’s devices and connections?

Answer 21

802.1x

Question 22

What is EAP?

Answer 22

Extensible Authentication Protocol

A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure

*** 802.1x allows for us to encapsulate EAP when we’re using a wired or wireless connection

Question 23

What is EAP-MD5?

Answer 23

A variant of EAP that utilizes simple passwords and the challenge handshake authentication process to provide remote access authentication

*** This is a one way process and does not provide mutual authentication

Question 24

What is EAP-TLS?

Answer 24

A variant of EAP that’s going to use public key infrastructure with a digital certificate being installed on both the client and the server as a method of authentication

*** This makes it immune to password based attacks since it uses digital certificates to identify. This is considered a form of mutual authentication.

Question 25

What is mutual authentication?

Answer 25

When both devices, the client and the server, are going to authenticate with one another.

Question 26

What is EAP-TTLS?

Answer 26

A variant of EAP that uses a server-side digital certificate and a client-side password for mutual authentication

*** This is more secure than EAP-MD5 which just uses password but less secure than EAP-TLS because that one removes password vulnerability entirely.

Question 27

What is EAP-FAST?

Answer 27

EAP Flexible Authentication provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication

Question 28

What are the five variants of EAP?

Answer 28

EAP-TLS
EAP-TTLS
EAP-FAST
EAP-MD5
PEAP

Question 29

What is PEAP?

Answer 29

Protected EAP supports mutual authentication by using server certificate and Microsoft’s Active Directory to authenticate a client’s password

Question 30

In addition to all of the variants of EAP, there’s a proprietary protocol from Cisco called what?

Answer 30

LEAP

Lightweight EAP

Question 31

What is LDAP?

Answer 31

MUST KNOW FOR TEST

Lightweight Directory Access Protocol

A database used to centralize information about clients and objects on the network

Is an application layer protocol

** This is essentially a directory service which contains a hierarchical organization of the users, groups, servers and systems inside your network.

Question 32

LDAP communicates over which port?

Answer 32

389 - unencrypted
636 - encrypted

Question 33

Microsoft created its own implementation of LDAP known as…?

Answer 33

AD or Active Directory

Question 34

What is Active Directory?

Answer 34

In the Windows domain, this is used to organize and manage everything on the network, including those clients, servers, devices, users and groups.

** It is an example of a single sign-on system

Question 35

What is Kerberos?

Answer 35

MUST KNOW FOR TEST

An authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets

Question 36

Kerberos utilizes which port?

Answer 36

Port 88

Question 37

What is RDP?

Answer 37

Remote Desktop Protocol

Microsoft’s proprietary protocol that allows administrators and users to remotely connect to another computer via a GUI

Question 38

RDP doesn’t provide ___ natively.

Answer 38

authentication

*** It provides encryption but not authentication. Therefore you must enable SSL or TLS for service authentication and require digital certificates for increased security.

Question 39

What is VNC?

Answer 39

Virtual Network Computing

Cross-platform version of the Remote Desktop Protocol for remote user GUI access

*** Where RDP works on Windows machines, VNC works on Linux, OSX or Windows.

Question 40

What port does VNC work over?

Answer 40

5900

Question 41

What port does RDP work over?

Answer 41

3389

Question 42

When implementing remote access to your network, you have to carefully select the method of network authentication. What are your options?

Answer 42

PAP
CHAP
EAP

Question 43

What is PAP?

Answer 43

Password Authentication Protocol

Used to provide authentication but is not considered secure since it transmits the login credentials unencrypted (in the clear)

Question 44

What is CHAP?

Answer 44

MUST KNOW FOR TEST

Challenge Handshake Authentication Protocol is the evolution of PAP that provides authentication by using the user’s password to encrypt a challenge string of random numbers

This authentication scheme is used in dial up connections

Question 45

What is a VPN?

Answer 45

Virtual Private Network allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network

Question 46

This is commonly used by teleworkers and traveling employees so that they can remotely access the corporate resources, like intranet and file servers.

Answer 46

Remote Access VPN or Client-to-Site VPN

Question 47

VPN’s rely on two different protocols when they’re being operated. What are they?

Answer 47

Point to Point Tunneling Protocol

Layer Two Tunneling Protocol

Question 48

One area of concern that exists with VPNs is ensuring that clients aren’t using what?

Answer 48

Split Tunneling

Question 49

What is Split Tunneling?

Answer 49

A remote worker’s machine diverts internal traffic over the VPN but external traffic over their own internet connection

Question 50

What is RADIUS?

Answer 50

Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the EAP

*** A client/server protocol that runs over the 7th layer of the OSI model, the application layer. IT is used to authenticate users, authorize them to services and account for their usages of those services. It is an example of an AAA.

Question 51

RADIUS uses which port?

Answer 51

Authentication - 1812 (proprietary port 1645)
Accounting - 1813
(proprietary port 1646)

UDP

Question 52

What is Cisco’s proprietary version of RADIUS?

Answer 52

TACACS+

Terminal Access Controller Access Plus

Question 53

TACACS+ uses which port?

Answer 53

49

TCP

Question 54

What is RAS?

Answer 54

MUST KNOW FOR TEST

Remote Access Services

Service that enables dial-up and VPN connections to occur from remote clients

Question 55

What is TACACS+?

Answer 55

Cisco’s proprietary version of RADIUS that provides seperate authentication and authorization functions over port 49 (TCP)

*** Because it is Cisco only, it is not considered cross platform

Question 56

What is spoofing?

Answer 56

A software-based attack where the goal is to assume the identity of a user, process, address, or other unique identifier

Question 57

What is a Man-in-the-Middle attack?

Answer 57

An attack where the attacker sits between two communicating hosts and transparently captures, monitors, and relays all communication between the hosts

Question 58

What is a Man-in-the-browser (MitB) attack?

Answer 58

An attack that intercepts API calls between the browser process and its DLLs

Question 59

What is the difference between a Man-in-the-Middle and a Man-in-the-browser attack?

Answer 59

If you’re attacking the network or between two clients, you’re a man in the middle.

If you’re using the browser to do it, you’re a man in the browser.

Question 60

What is password spraying?

Answer 60

Brute force attack in which multiple user accounts are tested with a dictionary of common passwords

Question 61

What is credential stuffing?

Answer 61

Brute force attack in which stolen user account names and passwords are tested against multiple branches

Question 62

What is Broken Authentication?

Answer 62

A software vulnerability where the authentication mechanism allows an attacker to gain entry

*** essentially, the coders did a bad job

Question 63

What is session hijacking?

Answer 63

This is when the application is vulnerable because you’re using session keys that aren’t strong and are easy to guess