Security & Authentication Flashcards
What is mTLS?
Mutual TLS is a method for mutual authentication ensuring that both client and server are who they claim to be.
Why would you need mTLS compared to other authentication solutions?
mTLS is useful for applications or devices that do not follow a login process. It also serves as an additional layer of security for an organization’s network or applications where a Zero Trust approach - which does not trust any user, device, or request by default - is necessary.
How does mTLS work?
mTLS works with the following:
1. Client connects to server
2. Server presents its TLS certificate
3. Client verifies the server cert
4. Client presents its TLS cert
5. Server verifies client’s cert
6. Server grants access
7. Client and server exchange info over encrypted TLS connection.
What is TLS?
An encryption protocol in wide use on the Internet, formerly called SSL, that authenticates the server in a client server connection and encrypts communications between client and server.
How does TLS (SSL) work?
A TSL certificate is issued to a server by a certificate authority. The certificate contains a public key, a statement of who issued the cert, and expiration date.
TLS works via the process of a handshake:
1. Client connects to server
2. Server presents TLS cert
3. Client verifies cert with cert authority
4. Client and server exchange information over a connected encrypted by the public key, which only the server can decrypt with its private key.
What does mTLS prevent?
On-path attacks, spoofing attacks, credential stuffing, brute force attacks, Phishing attacks, malicious API requests
What is an on-path attack?
On-path attacks, also known as man-in-the-middle attacks, are a type of cybersecurity threat that occurs when an attacker positions themselves between two devices and intercepts or modifies the communication between them
What does SSH stand for?
Secure shell protocol
How does SSH authentication work?
Using a public private key pair and a handshake process when the following steps:
1. Client presents server a public key
2. Server asks client to sign a random message with their private key.
3. The client asks the ssh agent to sign the message and return the result back to the server.
4. The server checks the signature using the client’s public key.
5. The server now has proof that the client is in possession of their private key.
6. A set of we ephemeral symmetric keys are generated and used to encrypt the SSH traffic, sometimes requiring a rekey event.
What is an ssh agent?
A helper program that keeps track of users’ identities and their passphrases.
What is the ssh-keygen command
It is a command used to generate a public private key pair.
What is open SSH?
An open source implementation of the SSH protocol.
What are the different algorithms used to encrypt an SSH key?
id_rsa (the default RSA algorithm), id_dsa, or id_ecdsa.