Authentication Flashcards

1
Q

TOTP

A

Time-Based One-Time Password:

A password is computed from a shared secret and current time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

HOTP

A

HMAC-based One-Time Password:

A password is computed from a shared secret and is synchronized between the client and the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Context-Aware Authentication

A

Process to check the user’s or system’s attributed or characteristics prior to allowing it to connect

Restrict authentication based on the time of day or location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

FidM

A

Federated Identity Management:

A single identity is created for a user and shared with all of the organizations in a federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

FidM: Cross-Certification

A

Utilizes a web of trust between organizations where each one certifies others in the federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

FidM: Trusted Third-Party

A

Organizations are able to place their trust in a single third-party (also called the bridge model)

Trusted third-party model is more efficient than a cross certification or web of trust mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

FidM: SAML

A

Security Assertion Markup Language:
Attestation model built upon XML used to share federated identity management information between systems

Open standard for authentication & authorization
Authenticate via third-party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

FidM: OpenID

A

An open standard and decentralized protocol that is used to authenticate users in a federated identity management system

Used in conjunction with OAuth2

User logs into an Identity Provider (IdP) and uses their account at Relying Parties (RP)

OpenID is easier to implement than SAML
SAML is more efficient than OpenID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

802.1x

A

Standardized framework used for port-based authentication on wired and wireless networks

Helps prevent rogue devices

(Ex: RADIUS, TACACS+)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

EAP

A

Extensible Authentication Protocol:
A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure

EAP-MD5 uses simple passwords for its challenge-authentication

EAP-TLS uses digital certificates for mutual authentication

EAP-TTLS uses a server-side digital certificate and a client-side password for mutual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

EAP-FAST

A

Provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

PEAP & LEAP

A

Protected EAP:
Supports mutual authentication by using server certificates and Microsoft’s Active Directory to authenticate a client’s password

Lightweight EAP:
Proprietary to Cisco-based networks (supposedly FAST is an upgrade from LEAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

LDAP

A

Lightweight Directory Access Protocol:
A database used to centralize information about clients and objects on the network

Unencrypted: Port 389
Encrypted: Port 636

Active Directory is Microsoft’s version

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Kerberos

A

An authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets

Port 88

A domain controller can be a single point of failure for Kerberos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CHAP

A

Challenge-Handshake Authentication Protocol:
Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers

3-way handshake
After link, server sends challenge message
Client responds with password hash calculated from challenge & password
Server compares hash with stored hash
Occurs periodically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

VPN Concentrator

A

Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers

17
Q

Split Tunneling

A

A remote worker’s machine diverts internal traffic over the VPN but external traffic over their own internet connection

Prevent split tunneling through proper configuration and network segmentation

18
Q

RADIUS

A

Centralization administration system for dial-up, VPN, and wireless authentication that uses either ports 1812/1813 (UDP) or 1645/1646 (UDP)

Operates at layer 7

19
Q

TACACS+

A

Cisco’s proprietary version of RADIUS that provides separate authentication and authorization functions over port 49 (TCP)

20
Q

MitB

A

Man-in-the-Browser Attack:

Intercepts API calls between the browser process and its DLLs

21
Q

Password Spraying

A

Brute force attack in which multiple user accounts are tested with a dictionary of common passwords

22
Q

Credential Stuffing

A

Brute force attack in which stolen user account names and passwords are tested against multiple websites

Credential stuffing can be prevented by not reusing passwords across different websites

23
Q

Broken Authentication

A

A software vulnerability where the authentication mechanism allows an attacker to gain entry

Weak password credentials
Weak password reset methods
Credential exposure
Session hijacking

24
Q

OAuth

A

Authorization framework
Determines what resources a user can access
Created by Google/Twitter/others
Used with OpenID - handles the SSO authentication

25
Q

PAP

A

Password Authentication Protocol:
Used to provide authentication but is not considered secure since it transmits the login credentials unencrypted (in the clear)