What’s the concept behind “access control”?
Let the right ones in, keep the wrong ones out.
Tell me the difference between identification and authentication.
identification - finding out who someone is
authentication - verifying the identification
You have two or more parties authenticating each other. What is this called?
You have an authentication process, and in that process, two or more access methods are included. What kind of authentication system is this?
Tell me the 5 “factors” you have to work with when building your authentication system.
something you know, have, are, or do
somewhere you are
What does NAC stand for?
network access control
True/False: Security tokens are used to identify and authenticate the user, and because of this, they are similar to certificates.
You have a group of computer networks that all agree on standards of operation. What do you call this?
hint: Star Wars
Your identity, linked with your priveleges, allows you to cross business units and business boundaries. What kind of identity is this?
a federated identity
You are a user on a client PC communicating with an authentication server. Tell me the steps involved in the security token authentication.
server presents a challenge to the pc pc provides a response server sends a token device challenge pc sends back a valid certificate server grants authentication
You have an Active Directory and the domains of your forest trust each other. By default, these trusts are _______ and _______.
Tell me the difference between PAP and SPAP.
PAP sent stuff in plain text. SPAP encrypts stuff, THEN sends it.
A protocol was designed to stop man-in-the-middle attacks. What is that protocol?
There is another protocol that uses the aforementioned protocol to provide authentication. which protocol is that?
Which protocol uses a time based factor for the creation of new passwords?
Which protocol is based on a hash message algorithm?
Tell me the lockout policies at the local level. There are three of them
account lockout duration
account lockout threshold
reset account lockout counter after
Explain to me what SLIP is.
Serial Line Internet Protocol. It’s an older protocol, was used in early remote access situations, was not secure, and could only be used to pass TCP/IP traffic.
Tell me 4 options that are common for remote authentication.
hint: tacks in a circle
TACACS, TACACS+, XTACACS, RADIUS
We’ve talked about tunneling protocols like PPTP, L2TP and SSH. How is IPSec different from these?
It isn’t a tunneling protocol, but is used alongside a tunneling protocol. It is primarily used in LAN to LAN connections, but can also be used with some remote connections.
Tell me the major difficulty with a single-server RADIUS environment.
If the server malfunctions, the entire network may refuse connections.
What is SAML for?
authentication and authorization, based on XML
You are using a KDC to get authentication to receive services from a server. What’s the problem with this?
the KDC is a single point of failure
Tell me the 4 primary methods of access control.
mandatory access control - predefined
discretionary access control - some flexibility
role-based access control - user’s role dictates access capabilities
rule-based access control - limits the user to settings in preconfigured policies
What is the SA account?
the system administrator
Why would you perform an access review?
To determine if someone’s access level is still appropriate.
There is a smart card used by the Department of Defense. What type of card is this?
Common Access Card
You are tweaking the tolerance for unanswered login attacks on your firewall. Which feature are you adjusting?
the flood guard
You want to prevent broadcast loops. Which feature will you use?
You have a trusted operating system that meets a set of requirements for security. Whose requirements are those?
You have Evaluation Assurance Levels 1-7. Tell me very briefly about each one of them.
1-threats to security aren’t viewed as serious
2-good design practices for products
3-moderate levels of security
4-common benchmark for commercial security
5-high level security, security engineering has been implemented
6-specialized security engineering
7-extremely high level security
You have a router that you need to configure securely. What three steps are you going to perform?
Change the default password
walk through the advanced settings
keep the firmware updated
Tell me about LDAP and secure LDAP.
4 - 147
Lightweight Directory Access Protocol. standardized directory access protocol that allows queries to be made of directories and is the main protocol used by Active Directory, port 389
secure LDAP - encrypted with SSL/TLS and port 636
In Kerberos, there are TGT and service ticket. tell me the difference.
4 - 148
ticket granting ticket, encrypted, time limit of 10 hours
service ticket - granted by the TGT, good for 5 minutes
Lattice Based Control. tell me about it.
4 - 150
variation of MAC, involves a lattice composed of users, systems, and so forth
what is DAC?
4 - 151
discretionary access control - allows users to share information dynamically with other users
You are going to implement the best access controlling practices. what are they?
4 - 152 thru 160
least privelages separation of duties time of day restrictions user access review smart cards access control lists (implicit deny, block the connection, allow the connection, allow the connection only if it is secured) port security
Port Security has three areas. what are they?
4 - 157
MAC Limiting and Filtering
what is the most basic form of authentication?
4 - 161
single factor authentication