Topic 4 and 5 Flashcards

Integrating Advanced Authentication and Authorization Techniques Implementing Cryptographic Techniques

1
Q

What is the three-level hierarchy used for XACML?

A
  • Rules (define action permissions)
  • Policies (sets of *rules* used in conjunction)
  • PolicySets (group of *policies* used together)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When discussing XACML, define PEP and DEP

A

Policy Enforcement Point (protects resource), Policy Decision Point (Review request, compare to policies and provide answer)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What two kinds of VPN’s can you deploy?

A

Hardware VPN and Software VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define “Advanced Authentication”

A

A complex process required to authenticate users, grant permissions and control access to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is SPML and what two components make it up?

A

Service Provisioning Markup Language used for automating and managing the provision of network and organization resources Made up of a Requesting Authority which is a client that creates a request and Provisioning Service Point (PSP) that processes the request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Authorization

A

Process of determining what rights and privileges an entity has, usually after the system has authenticated them. There are three primary types of access control: Discretionary, Mandatory and Role-based.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Crossover Error Rate (CER)?

A

Point at which the FRR & FAR are equal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain PEAP

A

Protected EAP - Encapsulates EAP in TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What components make up an XACML rule?

A

Subject (entity requesting access), Resource (service or application being requested), Action (examples include database reading or writing, file modification)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the components of “Kerberos”?

A

Key Distribution Center (KDC) - trusted 3rd party authentication service made up of Authentication Server (AS) - verifies and accepts/rejects tickets, Ticket Granting Server (TGS) - issues tickets to authorized users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Explain USB OTG

A

Flash drive storage with a physical interface that can be connected to almost any smartphone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is “tethering” and what forms does it come in?

A

Connecting a device to the Internet by leveraging/sharing another devices connection. Can tether by Bluetooth, Wired Connection and USB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When talking about “RADIUS”, what is a call back system?

A

A system that called back the user at a predefined phone number for added security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are Kerberos concerns?

A

Replayed credentials, physical security, single point of failure, length of the keys, encryption process is based on passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define “PAP” and explain why it shouldn’t be used

A

Password Authentication Protocol transmits credentials in clear text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is SPML used with?

A

Security Assertion Markup Language (SAML) and XACML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What port does “Back Orifice” use?

A

UDP/31337

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is “SMTP” and what port does it use?

A

Simple Mail Transfer Protocol sends mail from clients and relays mail between servers. It uses TCP/25

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is XACML?

A

Extensible Access Control Markup Language is an XML-based standard for access control and authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Name and explain the 2 biometric error types

A

FRR - False Rejection Rate - Valid subject denied FAR - False Acceptance Rate - Invalid subject allowed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Explain “RADIUS”

A

Remote Access Dial In User Service provides centralized remote access authentication, authorization and auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is OAuth and what is the latest version?

A

An authorization standard used by many websites that allows a user to authorize access to a third-party resource without providing the user’s credentials, instead using a token. Current version is 2.0 Example, a Facebook app being allowed access to your Facebook account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Define “Authentication”

A

Method of validating the identity of a person or asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Generally describe a “Remote Assistance” program?

A

Programs that can be used to provide temporary control of a remote computer over a network or the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is "Domain Bridging"?
The connecting of two different network connections. Example home network and VPN to the office.
26
"SPIM" is an acronym for receiving what types of messages?
Spam over Instant Message
27
IntServ has what three classes?
Guaranteed services, controlled load and best effort.
28
Name examples of collaboration sites and platforms.
Social media sites, storage and document sites
29
Define "LDAP"
Lightweight Directory Access Protocol
30
Define "SSO"
Single sign-on allows a user to authenticate once and then access all of the resources that a user is authorized to use
31
In relation to VOIP, what is "convergence"?
Running voice over data lines
32
What is a Trust Model and what types exist?
Defines relationships between authentication services so that they may accept each other's assertions of users' id's and permissions. Two types are hierarchical (one authority that can very all resources under it) and peer (resources establish a transitive relationship)
33
Explain the 3 different TACAS types
TACAS - Terminal Access Controller Access-Control System - Original - Integrates authentication & authorization XTACAS - Allows separation of authentication, authorization and accounting TACAS+ - Adds 2 factor authentication and uses TCP 49
34
Explain EAP
Extensible Authentication Protocol - it's actually a framework for wireless and wired networks
35
What is "cramming"
Making unauthorized phone charges
36
What is "slamming"
Switching a user's long-distance phone carrier without their knowledge
37
IAAA stands for what?
Identity Authentication Authorization Access (or Audit)
38
Name the Apple product that is similar to Windows Remote Desktop
Presence
39
Define "S/MIME"
Secure Multipurpose Internet Mail Extensions
40
What is "SPIT"?
Spam over Internet Telephony
41
What is Baseband on a mobile device?
All communication that requires radio transmission.
42
What protocol was designed to be an improvement over "RADIUS" but isn't widely accepted yet?
Diameter Benefits - Has failover due to TCP use, mandates IPSec and TLS
43
What is "IMAP" and what port does it use?
Internet Message Access Protocol can work with mail remotely without retrieving it from the server. IMAP uses TCP/143
44
Define "MS-CHAP" and which version is to be used today
Microsoft Challenge Handshake Authentication Protocol is currently running version 2.0 for secure authentication.
45
What are centralized remote authentication services?
Services that keep separate the autnetication & authorization process for remote clients and LAN based clients
46
List the 3 categories of Authentication
Something you know, something you have, something you are
47
The 802.1x authentication process involves what 3 roles?
Supplicant (client), Authenticator (switch), Authentication Server (RAIDUS server)
48
What are the terms "slamming" and "cramming" associated with?
Telephony
49
What is "POP3" and what port does it use?
Post Office Protocol retrieves mail from a mail server and uses TCP/110
50
Wireless authentication protocol is known as...
802.1x
51
Define RADIUS and it's ports
Remote Access Dial-In User Service UDP 1812 (unsecured) and TCP 2083 (secured)
52
Outline the Kerberos logon process
1) User provides username and pw through a client, 2) client encrypts only the username using AES and transmits to KDC, 3) KDC verifies the username, 4) KDC generates a symmetric key to be used by the client encrypted with a hash of the users pw and generates a TGT, 5) KDC transmits encrypted symmetric key and the TGT to the client, 6) client installs the TGT and uses till expiration
53
What are two early VPN tunneling protocols you want to avoid?
Layer 2 Forwarding (L2F) and Point-to-Point Tunneling Protocol (PPTP)
54
What are "Assertions"?
Claims that a subject will make or provide about their identity.
55
Define "CHAP" and explain why it shouldn't be used
Challenge Handshake Authentication Protocol utilizes MD5 and isn't considered secure
56
"PGP" stands for?
Pretty Good Privacy
57
"BO" stands for what early desktop sharing program?
Back Orifice
58
Describe "Tickets" used by "Kerberos"
Ticket - An encrypted message that provides a form or type of proof. There are 2 types: Ticket-Granting Ticket (TGT) - Proof that a subject has been authenticated (Passport) Service Ticket (ST) - Proof that a subject is authorized (Plane ticket)
59
What does "SPAN" stand for?
Switched Port Analyzer
60
List the four different OAuth2.0 roles
User, Application, Resource Server, Authorization Server
61
What are current VPN tunneling protocols you should use?
Layer 2 Tunneling Protocol (L2TP) and IP Security (IPsec)
62
What are the 3 types of access modes?
Read, read/write, execute
63
What is eFuse?
Developed by IBM Always the alteration of chips in real time
64
Explain LEAP
Lightweight EAP - CISCO proprietary, used in wireless in conjunction with WEP. Shouldn't be used
65
List authentication methods/factors
Token, pin code/password, swipe gesture and biometric
66
What is SOAP?
Simple Object Access Protocol is a protocol for exchanging structured information and relies on XML
67
What attack is meant to sidestep a TPM?
A cold boot attack
68
In relation to access control, explain what Subjects and Objects are
Subject - User/thing that is requesting access to data Object - Data
69
QoS prioritizes traffic by what two models?
IntServ and DiffServ
70
Explain the difference be tween "Jitter" and "Latency"
Jitter is the variation in transmission latency that can cause packet loss. Latency is a delay in the transmission of data packets
71
Context based authentication is authentication controlled by what factors?
Their location, time, job role or even behavior
72
Does VoIP rely on TCP or UDP for call transmission?
UDP
73
List the 4 different OAuth2.0 grant types
Authorization code (server-side apps), implicit (used in mobile apps), Resource owner password credentials (typically used if the user trusts the app), Client credentials (typically used when an app needs to access it's own service account)
74
Explain "OEM/carrier Android fragmentation"
A wide variation on the version of Android operating systems in use.
75
What tool deciphers any voice traffic on the same VLAN?
Voice Over Misconfigured Internet Telephones (VOMIT)
76
Name federated identity schemes
XACML, SOAP, SSO, Federated Identity, certificate based authentication
77
Describe "Unified Communications and Collaboration"
All forms of call and multimedia used for personal and business
78
What term is used for defined by “proving a user is who they claim they are”?
Authentication
79
What is the name of the framework where certificates are generated for each user and service, who then use the certificates to authenticate actions?
Certificate-based Authentication Framework
80
Explain the differences between user-focused and resource-focused attestation
* Resource-focused: An attestation agent will look over each application or system and see which users have which access privileges * User-focused: Attestation agent monitors the privileges that specific users have
81
Define Least privileges
Has the ability to do what is needed to complete a task or job, but nothing more
82
What is Itentity propagation?
The technique of replicatin an authenticate identity through variious processes in a system
83
What is Identity Federation?
The practice of linking a siingle entity accross multiple disparate systems
84
Explain the most common identity federation methods
* SAML * XML based framework * Sends assertions over HTTPS * OpenID * Allows a single account for participating sites (login to Spotify with Facebook creds) * Used with OAuth * Shibboleth * Used in education/public institutions * Uses SAML * Where are you from (WAYF) * Asks where you are from before being sent to the service providers (e.g. please choose your country \> state \> city when visiting a website)