Chapter 2 Flashcards
(61 cards)
Authentication, authorization, and accounting (AAA)
If you understand identification (claiming an identity, such as with a username) and authentication (proving the identity, such as with a password),
Accounting
track user activity and record the activity in logs.
audit trail
re-create the events that preceded a security incident.
Authentication Factors
Something you know, such as a password or (PIN)
Something you have, such as a smart card or USB token •
Something you are, such as a fingerprint or other biometric identification •
Somewhere you are, such as your location using geolocation technologies •
Something you do, such as gestures on a key pad
something you know authentication
shared secret, such as a password or even a PIN.
the least secure form of authentication
Group Policy
manage multiple users and computers in a domain.
Administrators use it to create password policies, implement security settings, configure host-based firewalls, and much more.
Administrators also use Group Policy to target specific groups of users or computers.
Group Policy Object (GPO)
allows an administrator to configure a setting once in a GPO and apply this setting to many users and computers
Active Directory Domain Services
AD DS)
directory service Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Administrators implement domain Group Policy on domain controllers.
Something You Have authentication
refers to something you can physically hold. This section covers many of the common items in this factor, including smart cards, Common Access Cards, and hardware tokens. It also covers two open source protocols used with both hardware and software tokens.
Embedded certificate.
The embedded certificate holds a user’s private key (which is only accessible to the user) and is matched with a public key (that is publicly available to others). The private key is used each time the user logs on to a network.
Public Key Infrastructure (PKI).
supports issuing and managing certificates.
dual-factor authentication
users have something (the smart card) and know something (such as a password or PIN).
(CAC)
Common Access Card
(PIV)
Personal Identity Verification
token or key fob
token is synced with a server that knows what the number is at any moment.
Hash-based Message Authentication Code (HMAC)
uses a hash function and cryptographic key for many different cryptographic functions.
One-Time Password (HOTP)
open standard used for creating one-time passwords, similar to those used in tokens or key fobs.
Does not expire until used
Time-based One-Time Password
(TOTP) is similar to HOTP, but it uses a timestamp instead of a counter. One-time passwords created with TOTP typically expire after 30 seconds.
something you are authentication
uses biometrics (physical characteristic) for authentication. Biometric methods are the strongest form of authentication
Biometric Errors
False acceptance. This is when a biometric system incorrectly identifies an unauthorized user as an authorized user. (FAR false acceptance rate)
False rejection. This is when a biometric system incorrectly rejects an authorized user. The false rejection rate (FRR, also known as a false nonmatch rate)
somewhere you are authentication
identifies a user’s location. Geolocation is a group of technologies used to identify a user’s location and is the most common method used
Many authentication systems use the Internet Protocol (IP) address for geolocation.
something you do authentication
refers to actions you can take such as gestures on a touch screen.
Multifactor authentication
uses two or more factors of authentication.
Kerberos
network authentication mechanism used within Windows Active Directory domains and some Unix environments known as realms.
provides mutual authentication that can help prevent man-in-the- middle attacks and uses tickets to help prevent replay attacks.
uses a database of objects such as Active Directory and a KDC (or TGT server) to issue timestamped tickets that expire after a certain time period.
uses a ticket-granting ticket (TGT) server, which creates tickets for authentication.