4: 2 Authentication

Question 1

What are the three types of authenticators

Answer 1

Something you know, something you are, something you have

Question 2

Something you know

Answer 2

Most popular i.e. passwords, security questions

Question 3

Something you are

Answer 3

Biometrics

Question 4

Something you have

Answer 4

Physical possession of device i.e. keyFOB, smartphone

Question 5

Authentication Attributes

Answer 5

Weaker versions of the 3 main authenticators - somewhere you are, something you can do, someone know you, something you exhibit

Question 6

FAR

Answer 6

False Acceptance Rate - misidentifies as an authorized user

Question 7

FRR

Answer 7

False Rejection Rate - Fails to identify an authorized user

Question 8

HOTP

Answer 8

HMAC-based One-Time Password - based on hardware tokens

Question 9

TOTP

Answer 9

Time-based one time code - time of day with shared secret and only valid until the code works (both must have synched clocks)

Question 10

SMS and Phone-based authentication

Answer 10

Weaker than HOTP and TOTP

Question 11

Static Code

Answer 11

Becomes something you know

Question 12

PAP

Answer 12

Password authentication protocol, not encrypted

Question 13

CHAP

Answer 13

Challenge handshake authentication protocol - both server and user know password, challenge value sent from server to client. client merging the hash and value to create a value to send to the server. Server then computers hash itself and validates client’s response.

Question 14

MS-CHAP

Answer 14

Microsoft’s CHAP version, has been broken and is insecure.

Question 15

MS-CHAPv2

Answer 15

Microsoft’s second version of CHAP, has been broken and is insecure.

Question 16

Federated Identity Management

Answer 16

Individual has accounts across multiple systems that share identity information, reducing number of accounts needed (i.e. Facebook, Twitter logins)

Question 17

SSO

Answer 17

Single-Sign On - Shares authentication across systems so logins persist

Question 18

One Way Trust

Answer 18

Domain 1 trusts Domain 2, but D2 doesn’t trust D1

Question 19

Two Way Trust

Answer 19

D1 and D2 trust each other

Question 20

Transitive Trust

Answer 20

Trust Relationships that transfer across domains - automatically inferred

Question 21

Non-Transitive Trust

Answer 21

Trust relationships that do not transfer and aren’t automatically inferred

Question 22

RADIUS Protocols

Answer 22

Remote Access Dial In User Service - Centralized server could authenticate modem servers across the country

Question 23

Disadvantages of Radius

Answer 23

User Datagram Protocol is unreliable, and the entire sequence isn’t encrypted

Question 24

TACACS

Answer 24

Terminal Access Controller Access Control System

Question 25

TACACS+

Answer 25

Best version of access control similar to RADIUS but uses TCP (transmission control protocol) to fully encrypt authentication system

Question 26

Kerberos

Answer 26

Access Control that is core protocol of Microsoft Access Directory. Ticket based authentication system.

Question 27

What are the 4 parties in a Kerberos Access Request

Answer 27

End User - Authentication Server, Ticket Granting Server, Service

Question 28

LDAP

Answer 28

Lightweight Directory Access Protocol - Allows means to query a centralized directory service like Microsoft AD

Question 29

Kerberos Port

Answer 29

88

Question 30

LDAP Port

Answer 30

389

Question 31

Secure LDAP port

Answer 31

636

Question 32

NT LAN Manager

Answer 32

Old version of access protocol for windows that uses hashes, but weak encryption open to pass the hash vulnerability.

Question 33

SAML

Answer 33

Security Assertion Markup Language- allows browser based single sign-on.

Question 34

Who are the 3 parties in a SAML Request

Answer 34

Principal, Identity Provider, Service Provider

Question 35

OAuth, Open ID

Answer 35

Identity Protocols

Question 36

OpenID Connect

Answer 36

Authentication protocol that proves your identity

Question 37

OAuth

Answer 37

Authentication protocol that isn't for authorization, brings you to a 3rd party OAuth login screen where correct authentication redirects you to the initial party screen.

Question 38

Certificate-based AUthentication

Answer 38

Users a public-private key pair to grant access, same strength as a password but can be automated.