Flashcards in Chapter 2 Deck (61)
Authentication, authorization, and accounting (AAA)
If you understand identification (claiming an identity, such as with a username) and authentication (proving the identity, such as with a password),
track user activity and record the activity in logs.
re-create the events that preceded a security incident.
Something you know, such as a password or (PIN)
Something you have, such as a smart card or USB token •
Something you are, such as a fingerprint or other biometric identification •
Somewhere you are, such as your location using geolocation technologies •
Something you do, such as gestures on a key pad
something you know authentication
shared secret, such as a password or even a PIN.
the least secure form of authentication
manage multiple users and computers in a domain.
Administrators use it to create password policies, implement security settings, configure host-based firewalls, and much more.
Administrators also use Group Policy to target specific groups of users or computers.
Group Policy Object (GPO)
allows an administrator to configure a setting once in a GPO and apply this setting to many users and computers
Active Directory Domain Services
directory service Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Administrators implement domain Group Policy on domain controllers.
Something You Have authentication
refers to something you can physically hold. This section covers many of the common items in this factor, including smart cards, Common Access Cards, and hardware tokens. It also covers two open source protocols used with both hardware and software tokens.
The embedded certificate holds a user’s private key (which is only accessible to the user) and is matched with a public key (that is publicly available to others). The private key is used each time the user logs on to a network.
Public Key Infrastructure (PKI).
supports issuing and managing certificates.
users have something (the smart card) and know something (such as a password or PIN).
Common Access Card
Personal Identity Verification
token or key fob
token is synced with a server that knows what the number is at any moment.
Hash-based Message Authentication Code (HMAC)
uses a hash function and cryptographic key for many different cryptographic functions.
One-Time Password (HOTP)
open standard used for creating one-time passwords, similar to those used in tokens or key fobs.
Does not expire until used
Time-based One-Time Password
(TOTP) is similar to HOTP, but it uses a timestamp instead of a counter. One-time passwords created with TOTP typically expire after 30 seconds.
something you are authentication
uses biometrics (physical characteristic) for authentication. Biometric methods are the strongest form of authentication
False acceptance. This is when a biometric system incorrectly identifies an unauthorized user as an authorized user. (FAR false acceptance rate)
False rejection. This is when a biometric system incorrectly rejects an authorized user. The false rejection rate (FRR, also known as a false nonmatch rate)
somewhere you are authentication
identifies a user’s location. Geolocation is a group of technologies used to identify a user’s location and is the most common method used
Many authentication systems use the Internet Protocol (IP) address for geolocation.
something you do authentication
refers to actions you can take such as gestures on a touch screen.
uses two or more factors of authentication.
network authentication mechanism used within Windows Active Directory domains and some Unix environments known as realms.
provides mutual authentication that can help prevent man-in-the- middle attacks and uses tickets to help prevent replay attacks.
uses a database of objects such as Active Directory and a KDC (or TGT server) to issue timestamped tickets that expire after a certain time period.
uses a ticket-granting ticket (TGT) server, which creates tickets for authentication.
New Technology LAN Manager (NTLM)
protocols that provide authentication, integrity, and confidentiality within Windows systems. At their most basic, they use a Message Digest hashing algorithm to challenge users and check their credentials. There are three versions of NTLM:
NTLM, NTLMv2, NTLM2
simple MD4 hash of a user’s password. MD4 has been cracked and neither NTLM nor MD4 are recommended for use today.
NTLMv2 creates an HMAC-MD5 hash composed of a combination of the username, the logon domain name (or computer name), the user’s password, the current time, and more.
mutual authentication. In other words, the client authenticates with the server, and the server also authenticates with the client.
Lightweight Directory Access Protocol (LDAP)
specifies formats and methods to query directories.
LDAP string: LDAP://CN=Homer,CN=Users,DC=GetCertifiedGetAhead,DC=com •
CN=Homer. CN is short for common name. • CN=Users. CN is sometimes referred to as container DC=GetCertifiedGetAhead. DC is short for domain component.
DC=com. This is the second domain