Operations and Incident Responses Flashcards
How do hardware-based authentication methods enhance security?
Hardware-based authentication methods, such as password keys, provide an additional layer of security - requiring a physical key to be present for login. Password vaults, or password managers, securely store all passwords in one location and allow the use of unique passwords across different sites.
What are some common account policies for enhancing security?
Account policies include password complexity and length requirements, account lockout and disablement after too many incorrect login attempts, location-based policies for network access, routine audits to ensure policy compliance, and auditing permissions and resource usage.
How does Kerberos enable single sign-on (SSO)?
Kerberos is a network authentication protocol that allows users to authenticate once and be trusted by the system without needing to re-authenticate for every service. This eliminates the need for constant username and password input, providing a seamless SSO experience across multiple services.
What is the purpose of RADIUS in authentication management?
RADIUS (Remote Authentication Dial-in User Service) is an AAA protocol that centralizes authentication for different platforms and devices. It can be used to authenticate users for routers, switches, firewalls, server access, remote VPN connections, and 802.1X network access.
What are PAP and CHAP, and how do they differ in terms of security?
PAP (Password Authentication Protocol) is a basic authentication method used in legacy operating systems. It transmits passwords in clear text, making it a weak authentication scheme. CHAP (Challenge-Handshake Authentication Protocol) uses encrypted challenges and password hashes, providing stronger security than PAP
How does dnsenum contribute to network reconnaissance?
dnsenum is used to enumerate DNS information, such as finding host names and viewing host information from DNS servers. It can help discover hosts listed in DNS.
What is knowledge-based authentication (KBA) and how does it work?
Knowledge-based authentication uses personal knowledge as an authentication factor. Static KBA relies on pre-configured shared secrets, often used for account recovery. Dynamic KBA generates questions based on an identity verification service. Questions can be specific to the user’s history or personal information.
What is the purpose of scanless tool in reconnaissance?
Scanless allows you to run port scans from a different host, acting as a port scan proxy. It provides options for choosing the option for scan origination.
What are some hardware-based cryptographic functions used for authentication management?
Trusted Platform Module (TPM) provides cryptographic functions such as random number generation, key generation, and secure storage. It comes with unique keys burned in during production. Hardware Security Modules (HSMs) are high-end cryptographic hardware devices that offer key backup, cryptographic accelerators, and are commonly used in large environments.
How can theHarvester tool be used to gather OSINT?
theHarvester scrapes information from search engines, social media platforms, DNS servers, and other sources to gather open-source intelligence (OSINT).
What is the purpose of route command in networking?
The route command allows you to view the device’s routing table, which shows the paths that packets will take when traveling through the network.
How does the Challenge-Handshake Authentication Protocol (CHAP) work?
How CHAP works:
1. An encrypted challenge is sent by the server to authenticate the client.
2. The client responds with a password hash calculated from the challenge and the password.
3. The server compares the received hash with the stored hash to verify the client’s identity.
MS-CHAP is Microsoft’s implementation of CHAP, commonly used in PPTP connections.
How does Address Resolution Protocol (ARP) help in determining MAC addresses?
ARP allows you to determine the MAC address based on an IP address, which is necessary for communication at the hardware level.
What is the purpose of Nessus in vulnerability scanning?
Nessus is an industry-leading vulnerability scanner that identifies known vulnerabilities in systems, helping to find and address potential security risks before they can be exploited.
What are some common AAA protocols used for centralizing authentication?
RADIUS (Remote Authentication Dial-in User Service) is a widely supported AAA protocol that centralizes authentication for various platforms and devices. It can be used for routers, switches, firewalls, server authentication, remote VPN access, and 802.1X network access. TACACS+ and XTACACS are Cisco-created versions of TACACS with additional features like accounting and auditing.
How do IP scanners contribute to network reconnaissance?
IP scanners are used to search a network for IP addresses, locate active devices, and gather information about services and hosts that are listed in DNS.
What is Kerberos and how does it enable single sign-on (SSO)?
<div>Kerberos is a network authentication protocol that allows users to authenticate once and be trusted by the system without needing to re-authenticate for every service. It provides mutual authentication between the client and server, protecting against on-path or replay attacks. SSO with Kerberos eliminates the need for constant username and password input, saving time for users.</div>
What are some common uses of netcat tool in networking?
<div>Netcat can be used to read from or write to the network, listen on a port number, transfer data, scan ports, send data to a port, and even become a backdoor for remote access.</div>
How do hardware-based authentication methods and password vaults enhance security?
<div>Hardware-based authentication methods, such as password keys and Trusted Platform Modules (TPM), provide an additional layer of security by requiring a physical key or secure storage for credentials. Password vaults, also known as password managers, securely store all passwords in one location, encrypting them and allowing the use of unique passwords across different sites.</div>
How does netstat help in troubleshooting network connections?
<div>Netstat provides network statistics and allows you to view active connections, binaries associated with those connections, and additional IP details.</div>
What is the purpose of using ping tool in networking?
<div>Ping is used to test reachability and determine round-trip time by sending ICMP (Internet Control Message Protocol) packets to a host.</div>
What are some important considerations for account policies?
<div>Account policies go beyond usernames and passwords and include factors like password complexity and length, account lockout and disablement, location-based policies, auditing, and routine audits. Routine audits help ensure policy compliance, while auditing checks permissions and resource usage.</div>
How does Nmap contribute to network mapping and vulnerability scanning?
<div>Nmap is a network mapper that can scan for devices, identify open ports, discover the operating system without logging in, and provide details about services running on a device.</div>
What are the different types of user accounts and their characteristics?
<div>User accounts are associated with specific individuals on a computer and have private storage and files. Shared and generic accounts are used by multiple people but lack proper audit trails and make password management difficult. Guest accounts provide limited access to guests, while service accounts are used exclusively by services running on a computer. Privileged accounts have elevated access to one or more systems and should be highly secured.</div>
What is the purpose of theHarvester tool in reconnaissance?
<div>theHarvester is used to gather open-source intelligence (OSINT) by scraping information from search engines, social media platforms, DNS servers, and other sources.</div>
