Summarize authentication and authorization design concepts

Question 1

Authentication methods

Answer 1

Directory services
Federation
Attestation
Technologies
Smart card authentication

Question 2

Directory services

Answer 2

What is directory services in cyber security?
Directory services are software systems that store, organize and provide access to directory information in order to unify network resources. Directory services map the network names of network resources to network addresses and define a naming structure for networks.

Question 3

Federation

Answer 3

A collection of realms (domains) that have established trust among themselves. The level of trust may vary, but typically includes authentication and may include authorization.

Question 4

Attestation

Answer 4

Attestation is a mechanism for software to prove its identity. The goal of attestation is to prove to a remote party that your operating system and application software are intact and trustworthy.

Question 5

Technologies

Answer 5

Time-based onetime password (TOTP)
HMAC-based one-time password (HOTP)
Short message service (SMS)
Token key
Static codes
Authentication applications
Push notifications
Phone call

Question 6

Time-based onetime password (TOTP)

Answer 6

Its a temporary password

Question 7

HMAC-based one-time password (HOTP)

Answer 7

Put in layman’s terms, HMAC-based One-time Password algorithm (HOTP) is an event-based OTP where the moving factor in each code is based on a counter. Each time the HOTP is requested and validated, the moving factor is incremented based on a counter.

An algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message.

Question 8

Short message service (SMS)

Answer 8

Texting the temporary password

Question 9

Token key

Answer 9

A physical or virtual item that contains authentication and/or authorization data, commonly used in multifactor authentication.

Question 10

Static codes

Answer 10

There are also simpler token keys and smart cards that simply transmit a static token programmed into the device. For example, many building entry systems work on the basis of static codes. These mechanisms are highly vulnerable to cloning and replay attacks.

Question 11

Authentication applications

Answer 11

Authentication applications are downloaded to your device and generate secure, six-digit codes you use to sign in to your accounts. … Download and install an authentication app to your device. Some popular options include: Android options: Google Authenticator, Authy, LastPass, 1Password.

Question 12

Push notifications

Answer 12

Push Notification Authentication enables user authentication by sending a push notification directly to a secure application on the user’s device, alerting them that an authentication attempt is taking place. Users can view authentication details and approve or deny access, typically via a simple press of a button.

Question 13

Phone call

Answer 13

the code is delivered as an automated voice call to the registered phone number.

Question 14

Smart card authentication

Answer 14

means programming cryptographic information onto a card equipped with a secure processing chip. The chip stores the user’s digital certificate, the private key associated with the certificate, and a personal identification number (PIN) used to activate the card.

Question 15

Biometrics

Answer 15

Fingerprint
Retina
Iris
Facial
Voice
Vein
Gait analysis
Efficacy rates
False acceptance
False rejection
Crossover error rate

Question 16

Fingerprint

Question 17

Retina

Answer 17

an infrared light is shone into the eye to identify the pattern of blood vessels. The arrangement of these blood vessels is highly complex and typically does not change from birth to death, except in the event of certain diseases or injuries.

Question 18

Iris

Answer 18

matches patterns on the surface of the eye using near-infrared imaging and so is less intrusive than retinal scanning (the subject can continue to wear glasses, for instance) and a lot quicker.

Question 19

Facial

Question 20

Voice

Question 21

Vein

Question 22

Gait analysis

Question 23

Efficacy rates

Answer 23

Calculated efficiency

Question 24

False acceptance

Answer 24

Biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.

Question 25

False rejection

Answer 25

Biometric assessment metric that measures the number of valid subjects who are denied access.

Question 26

Crossover error rate

Answer 26

Biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.

Question 27

Multifactor authentication (MFA) factors and attributes

Answer 27

Factors

Attributes

Question 28

Factors

Answer 28

Something you know
Something you have
Something you are

Question 29

Attributes

Answer 29

Somewhere you are
Something you can do
Something you exhibit
Someone you know

Question 30

Authentication, authorization, and accounting (AAA)

Answer 30

It is a framework used to control and track access within a computer network.

Question 31

Cloud vs. on-premises requirements