Chapter 2 Flashcards

(61 cards)

1
Q

Authentication, authorization, and accounting (AAA)

A

If you understand identification (claiming an identity, such as with a username) and authentication (proving the identity, such as with a password),

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Accounting

A

track user activity and record the activity in logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

audit trail

A

re-create the events that preceded a security incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Authentication Factors

A

Something you know, such as a password or (PIN)

Something you have, such as a smart card or USB token •

Something you are, such as a fingerprint or other biometric identification •

Somewhere you are, such as your location using geolocation technologies •

Something you do, such as gestures on a key pad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

something you know authentication

A

shared secret, such as a password or even a PIN.

the least secure form of authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Group Policy

A

manage multiple users and computers in a domain.

Administrators use it to create password policies, implement security settings, configure host-based firewalls, and much more.

Administrators also use Group Policy to target specific groups of users or computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Group Policy Object (GPO)

A

allows an administrator to configure a setting once in a GPO and apply this setting to many users and computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Active Directory Domain Services

AD DS)

A

directory service Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Administrators implement domain Group Policy on domain controllers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Something You Have authentication

A

refers to something you can physically hold. This section covers many of the common items in this factor, including smart cards, Common Access Cards, and hardware tokens. It also covers two open source protocols used with both hardware and software tokens.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Embedded certificate.

A

The embedded certificate holds a user’s private key (which is only accessible to the user) and is matched with a public key (that is publicly available to others). The private key is used each time the user logs on to a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Public Key Infrastructure (PKI).

A

supports issuing and managing certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

dual-factor authentication

A

users have something (the smart card) and know something (such as a password or PIN).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

(CAC)

A

Common Access Card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

(PIV)

A

Personal Identity Verification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

token or key fob

A

token is synced with a server that knows what the number is at any moment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Hash-based Message Authentication Code (HMAC)

A

uses a hash function and cryptographic key for many different cryptographic functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

One-Time Password (HOTP)

A

open standard used for creating one-time passwords, similar to those used in tokens or key fobs.

Does not expire until used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Time-based One-Time Password

A

(TOTP) is similar to HOTP, but it uses a timestamp instead of a counter. One-time passwords created with TOTP typically expire after 30 seconds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

something you are authentication

A

uses biometrics (physical characteristic) for authentication. Biometric methods are the strongest form of authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Biometric Errors

A

False acceptance. This is when a biometric system incorrectly identifies an unauthorized user as an authorized user. (FAR false acceptance rate)

False rejection. This is when a biometric system incorrectly rejects an authorized user. The false rejection rate (FRR, also known as a false nonmatch rate)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

somewhere you are authentication

A

identifies a user’s location. Geolocation is a group of technologies used to identify a user’s location and is the most common method used

Many authentication systems use the Internet Protocol (IP) address for geolocation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

something you do authentication

A

refers to actions you can take such as gestures on a touch screen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Multifactor authentication

A

uses two or more factors of authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Kerberos

A

network authentication mechanism used within Windows Active Directory domains and some Unix environments known as realms.

provides mutual authentication that can help prevent man-in-the- middle attacks and uses tickets to help prevent replay attacks.

uses a database of objects such as Active Directory and a KDC (or TGT server) to issue timestamped tickets that expire after a certain time period.

uses a ticket-granting ticket (TGT) server, which creates tickets for authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
New Technology LAN Manager (NTLM)
protocols that provide authentication, integrity, and confidentiality within Windows systems. At their most basic, they use a Message Digest hashing algorithm to challenge users and check their credentials. There are three versions of NTLM: NTLM, NTLMv2, NTLM2
26
NTLM
simple MD4 hash of a user’s password. MD4 has been cracked and neither NTLM nor MD4 are recommended for use today.
27
NTLMv2
NTLMv2 creates an HMAC-MD5 hash composed of a combination of the username, the logon domain name (or computer name), the user’s password, the current time, and more.
28
NTLM2
mutual authentication. In other words, the client authenticates with the server, and the server also authenticates with the client.
29
Lightweight Directory Access Protocol (LDAP)
specifies formats and methods to query directories. LDAP string: LDAP://CN=Homer,CN=Users,DC=GetCertifiedGetAhead,DC=com • CN=Homer. CN is short for common name. •     CN=Users. CN is sometimes referred to as container DC=GetCertifiedGetAhead. DC is short for domain component. DC=com. This is the second domain
30
(LDAPS)
uses encryption to protect LDAP transmissions. When a client connects with a server using LDAPS, the two systems establish a Transport Layer Security (TLS) session before transmitting any data. TLS encrypts the data before transmission.
31
Single sign-on (SSO)
refers to the ability of a user to log on or access multiple systems by providing credentials only once.
32
transitive trust
creates an indirect trust relationship.
33
Security Assertion Markup Language (SAML)
if the organizations trust each other, they can use SAML as a federated identity management system. Users authenticate with one web site and are not required to authenticate again when accessing the second web site. SAML provides SSO for web-based applications.
34
Principal.(SAML)
This is typically a user. The user logs on once. If necessary, the principal requests an identity from the identity provider.
35
An identity provider SAML
An identity provider creates, maintains, and manages identity information for principals.
36
Service provider.
A service provider is an entity that provides services to principals.
37
A federation
federated identity links a user’s credentials from different networks or operating systems, but the federation treats it as one identity.
38
OAuth
open standard for authorization many companies use to provide secure access to protected resources. Instead of creating a different account for each web site you access, you can often use the same account that you’ve created with Google, Facebook, PayPal, Microsoft, or Twitter.
39
OpenID Connect
works with OAuth 2.0 and it allows clients to verify the identity of end users without managing their credentials.
40
Need to Know
users are granted access only to the data and information that they need to know for their job. focused on data and information,
41
End user accounts.
Most accounts are for regular users. Administrators create these accounts and then assign appropriate privileges based on the user’s job responsibilities. Microsoft refers to this as a Standard user account.
42
Privileged accounts.
has additional rights and privileges beyond what a regular user has.
43
Guest accounts.
Windows operating systems include a Guest account. These are useful if you want to grant someone limited access to a computer or network without creating a new account.
44
Service accounts.
Some applications and services need to run under the context of an account One of the challenges with service accounts is that they often aren’t managed.
45
naming convention
homer.simpson and bart.simpson.
46
administrators to use two accounts,
helps prevent privilege escalation attacks. Users should not use shared accounts.
47
credential
is a collection of information that provides an identity (such as a username) and proves that identity (such as with a password).
48
Access control
ensures that only authenticated and authorized entities can access resources. For example, it ensures that only authenticated users who have been granted appropriate permissions can access files on a server.
49
Subjects.
Subjects are typically users or groups that access an object. Occasionally, the subject may be a service that is using a service account to access an object.
50
Objects.
Objects are items such as files, folders, shares, and printers that subjects access.
51
Role-based access control (role-BAC)
uses roles to manage rights and permissions for users. This is useful for users within a specific department who perform the same job functions.
52
Administrators.
have complete access and control over everything on the server, including all of the projects managed on the server.
53
Executives.
Executives can access data from any project held on the server, but do not have access to modify system settings on the server.
54
Project Managers.
Project managers have full control over their own projects, but do not have any control over projects owned by other project managers.
55
Team Members.
Team members can typically report on work that project managers assign to them, but they have little access outside the scope of their assignments.
56
Group-based privileges
reduce the administrative workload of access management.
57
Rule-based access control (rule-BAC)
Routers and firewalls use rules within access control lists (ACLs). These rules define the traffic that the devices allow into the network, such as allowing Hypertext Transfer Protocol (HTTP) traffic for web browsers. These rules are typically static. based on a set of approved instructions, such as an access control list.
58
discretionary access control (DAC)
New Technology File System (NTFS) used in Windows. NTFS provides security by allowing users and administrators to restrict access to files and folders with permissions.
59
Trojan horses
are executable files. They masquerade as something useful, but they include malware.
60
mandatory access control (MAC)
uses labels (sometimes referred to as sensitivity labels or security labels) to determine access. Security administrators assign labels to both subjects (users) and objects (files or folders). When the labels match, the system can grant a subject access to an object. When the labels don’t match, the access model blocks access. uses sensitivity labels for users and data. It is commonly used when access needs to be restricted based on a need to know.
61
attribute-based access control (ABAC)
evaluates attributes and grants access based on the value of these attributes. commonly used in software defined networks (SDNs).