acroynms Flashcards
EAP
Extensible Authentication Protocol; an authentication framework used in enterprise wireless networks authenticating to a Radius server.
PEAP
A protocol for wireless authentication.
Protected EAP; encapsulates the EAP in a TLS tunnel.
EAP-TLS
Provides authentication for wireless networks
It uses digital certificates for mutual authentication. Both client and server present and validate certificates to authenticate each other.
TLS is used to establish a secure and encrypted communication channel between the client and authentication server.
Not used that much because of the challenges.
EAP-TTLS
A tunneled transport layer, unlike EAP-TLS, it does not require the client to have a certificate. Inside the tunnel the client authentication credentials are exchanged.
the client needs to install extra software.
TACACS+
Terminal Access Controller Access Control System Plus;
A Cisco designed extension that uses TCP traffic for authentication, authorization and accounting services, it provides full packet control.
CHAP
A authentication protocol. Challenge Handshake Authentication Protocol;
uses an encrypted challenge and 3 way handshake to send credentials.
Instead of sending a password, the client proves it’s identity by correctly responding to a challenge.
RADIUS
it relies on a LDAP backend. Remote Authentication Dial In User Service. It can operate TCP or UDP
Kerberos
is a secure authentication protocol designed for networked environments.
It enables secure identity verification between clients and services by using symmetric key cryptography.
It uses authentication tickets to grant session keys for service.
OCSP
Online Certificate Status Protocol
protocol used to check the revocation status of an X.509 digital certificate in real-time
It allows clients, such as web browsers, to verify whether a certificate is still valid or has been revoked,
You need the serial number to check if the certificate is invalid.
RSA
Is a public key algorithm, it’s algorithm depends on the computational difficulty inherent in factoring large prime numbers. Commonly used in asymmetric cryptography.
TPM
Trusted Platform Module; data from booting is stored on a TPM hardware chip. The UEFI will hash everything that is in the boot process and store the data in the TPM chip and the logs can be validated remotely. The chip also provides encryption, remote attestation. Ensure devices boot with only trusted hardware.
HSM
Hardware Security Modules; are external devices or plugin cards to manage keys for cryptographic functions.
KMS
key management system; used to store keys and certifications as well as managing them.
Symmetric Encryption
uses the same shared key to encrypt and decrypt and does not implement non-repudiation. It uses the Diffie-Hellman algorithms
Asymmetric Encryption
each user uses a public and private key which uses the RSA algorithms.
The sender encrypts the message using the recipient’s public key.
Only the recipient, who holds the corresponding private key, can decrypt it.
Decryption:
The recipient uses their private key to decrypt the message.
Digital Signatures:
The sender can use their private key to sign a message.
The recipient verifies the signature using the sender’s public key.
Perfect Forward Secrecy
a method for anonymously routing traffic across the internet with layers of encryption.
preventing nodes in the relay chain from reading anything other than the traffic they need to accept or forward.
which ensures that the traffic sent between client and server is secured even if the password has been compromised.
Blockchain
a distributed and immutable open public ledger, it creates a datastore that nobody can tamper or destroy it.
If a mistake is made in a ledger, a new transaction must be processed.
SAML
Security Assertion Markup Language; xml based standard for exchange authentication and authorization information.
OpenID
Users authenticate with a trusted IdP such as Google or Facebook. It’s decentralized.
EDR
endpoint detection and response tools; it is monitoring capabilities on end points using a client software where data can be searchable. It prevents malicious software installs like ransomware. And they also use hashing to match known malicious files.
HIDS
host based detection system; can do what a HIPS does but it cannot take action.
HIPS
host based intrusion prevention system; analyzes traffic before it reaches its final destination – it can take action on the intrusion
WPA-2 Personal
allow wireless clients to authenticate without a authentication server infrastructure; it uses a pre-shared key. It uses CCMP, Counter Mode Cipher Block Chaining Message Authentication code protocol using AES.
WPA-2 Enterprise
allows wireless clients from large organization to authenticate to a Radius server; each user will have unique credentials.
It uses AES (Advanced Encryption Standard) for data encryption and EAP for authentication.
It uses CCMP, Counter Mode Cipher Block Chaining Message Authentication code