User-Authentication Methods Flashcards
What authentication method uses a certificate authority and asymmetric cryptography to establish confidentiality and integrity without knowing anything about the other party prior to the conversation?
PKI
List the 5 step Kerberos user-authentication method
1) REQUEST for TICKET granting ticket (TGT)
2) TGT RETURNED by authentication service
3) REQUEST for APPLICATION ticket (authenticated with TGT)
4) Application ticket returned
5) User then can Request for service with authenticated application ticket
What’s the name given to the conceptual model for managing network security through one central location?
AAA
what authentication server allows for domain-level authentication on both wired and wireless networks?
RADIUS
What are the two differences between RADIUS and TACACS+?
1) RADIUS combines authentication and authorization into one profile but TACACS separates the two
2) TACACS uses TCP whereas RADIUS uses UDP
Which of the following only encrypt the served page data and the submitted data like POST fields? HTTPS or S-HTTP?
S-HTTP
What are the two goals of Network Admission Control do?
1) Authenticates
2) ensures systems are safe and secure before they’re allowed to access the network (by checking for malware, os version etc)
Name a common example of Network Access Control used in wireless networks? (is also used in wired but less so)
802.1x (port-access)
Which client authentication method involves the requesting client using a nonce and an ID value and sequencing them with the shared text-phrase secret to generate a one-way hash value using the MD5 encryption algorithm?
CHAP
what framework provides a standardised way of authenticating onto a LAN?
Extensible Authentication Protocol
What cryptographic process provides data integrity and origin authentication?
Hashes
Which cryptographic algorithm is published by NIST?
SHA
Name two implementations of Network Access Control
1) Cisco’s Network Admission Control
2) Microsoft’s Network Policy and Access Services (NPAS)
In Network Access Control, Posture Assessment examines the devices when they connect to the network. What 3 items are commonly checked?
1) Anti-malware updates
2) Operating system updates
3) Windows reg settings
What is a guest network used for?
It is where a device is held during Posture Assessment during Network Access Control
In Network Access Control, what can help support the assessment of endpoints (devices) not owned by the organization and help make BYOD policy possible?
Nonpersistent agents
List two reasons why Access Control applied at the resource can be better than controlling access at the Edge/firewall?
1) controls are more granular and more easily controlled by the owner
2) A mistake made on the ACL can cause widespread access issues
What network access security method uses EAP and typically authenticates devices with a RADIUS server?
802.1x
In NAC, a persistent agent is one that…
is installed on a NAC client and starts when the OS loads.
It provides system wide notifications and alerts
In NAC, a nonpersistent or dissolvable agent is one that…
is used to access the device only during log-in, usually through a web portal. It is removed when authentication has taken place.
What is the key difference between MS-CHAP and MS-CHAPv2?
v2 can do mutual authentication of both client and server
What authentication method is used to overcome the limitations of RADIUS? How?
Diameter
It can encrypt the authentication process using EAP
What is one of the limitations of RADIUS authentication?
It only encrypts the password, but not the entire authentication conversation.
Which authentication method developed by Cisco allows for interaction with Kerberos?
TACACS+ (Terminal Access Controller, Access-Control System)
