Chapter 2 Flashcards Preview

Security + > Chapter 2 > Flashcards

Flashcards in Chapter 2 Deck (61)
Loading flashcards...

Authentication, authorization, and accounting (AAA)

If you understand identification (claiming an identity, such as with a username) and authentication (proving the identity, such as with a password),



track user activity and record the activity in logs.


audit trail

re-create the events that preceded a security incident.


Authentication Factors

Something you know, such as a password or (PIN)

Something you have, such as a smart card or USB token •    

Something you are, such as a fingerprint or other biometric identification •    

Somewhere you are, such as your location using geolocation technologies •    

Something you do, such as gestures on a key pad


something you know authentication

shared secret, such as a password or even a PIN.

the least secure form of authentication


Group Policy

manage multiple users and computers in a domain.

Administrators use it to create password policies, implement security settings, configure host-based firewalls, and much more.

Administrators also use Group Policy to target specific groups of users or computers.


Group Policy Object (GPO)

allows an administrator to configure a setting once in a GPO and apply this setting to many users and computers


Active Directory Domain Services

directory service Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Administrators implement domain Group Policy on domain controllers.


Something You Have authentication

refers to something you can physically hold. This section covers many of the common items in this factor, including smart cards, Common Access Cards, and hardware tokens. It also covers two open source protocols used with both hardware and software tokens.


Embedded certificate.

The embedded certificate holds a user’s private key (which is only accessible to the user) and is matched with a public key (that is publicly available to others). The private key is used each time the user logs on to a network.


Public Key Infrastructure (PKI).

supports issuing and managing certificates.


dual-factor authentication

users have something (the smart card) and know something (such as a password or PIN).



Common Access Card



Personal Identity Verification


token or key fob

token is synced with a server that knows what the number is at any moment.


Hash-based Message Authentication Code (HMAC)

uses a hash function and cryptographic key for many different cryptographic functions.


One-Time Password (HOTP)

open standard used for creating one-time passwords, similar to those used in tokens or key fobs.

Does not expire until used


Time-based One-Time Password

(TOTP) is similar to HOTP, but it uses a timestamp instead of a counter. One-time passwords created with TOTP typically expire after 30 seconds.


something you are authentication

uses biometrics (physical characteristic) for authentication. Biometric methods are the strongest form of authentication


Biometric Errors

False acceptance. This is when a biometric system incorrectly identifies an unauthorized user as an authorized user. (FAR false acceptance rate)

False rejection. This is when a biometric system incorrectly rejects an authorized user. The false rejection rate (FRR, also known as a false nonmatch rate)


somewhere you are authentication

identifies a user’s location. Geolocation is a group of technologies used to identify a user’s location and is the most common method used

Many authentication systems use the Internet Protocol (IP) address for geolocation.


something you do authentication

refers to actions you can take such as gestures on a touch screen.


Multifactor authentication

uses two or more factors of authentication.



network authentication mechanism used within Windows Active Directory domains and some Unix environments known as realms.

provides mutual authentication that can help prevent man-in-the- middle attacks and uses tickets to help prevent replay attacks.

uses a database of objects such as Active Directory and a KDC (or TGT server) to issue timestamped tickets that expire after a certain time period.

uses a ticket-granting ticket (TGT) server, which creates tickets for authentication.


New Technology LAN Manager (NTLM)

protocols that provide authentication, integrity, and confidentiality within Windows systems. At their most basic, they use a Message Digest hashing algorithm to challenge users and check their credentials. There are three versions of NTLM:




simple MD4 hash of a user’s password. MD4 has been cracked and neither NTLM nor MD4 are recommended for use today.



NTLMv2 creates an HMAC-MD5 hash composed of a combination of the username, the logon domain name (or computer name), the user’s password, the current time, and more.



mutual authentication. In other words, the client authenticates with the server, and the server also authenticates with the client.


Lightweight Directory Access Protocol (LDAP)

specifies formats and methods to query directories.

LDAP string: LDAP://CN=Homer,CN=Users,DC=GetCertifiedGetAhead,DC=com •
CN=Homer. CN is short for common name. •     CN=Users. CN is sometimes referred to as container DC=GetCertifiedGetAhead. DC is short for domain component.
DC=com. This is the second domain



uses encryption to protect LDAP transmissions. When a client connects with a server using LDAPS, the two systems establish a Transport Layer Security (TLS) session before transmitting any data. TLS encrypts the data before transmission.