1. Radius - open protocol - de facto of Internet
  2. TACACS - cisco - proprietary protocol
  3. Cognative password
    • Cognative password - user asked several questions - don't
    • need to remember one password
  4. Virtual Password
    Virtual Password is the length and format that is required by the application. could be used as the key in an algorithm
  5. simplest technolgy and least secure - single
    sign-on - scripting
  6. Diameter
    • more diverse centralized access control administration than RADIUS and TACAS+
    • supports PPPP, sLIP ...
  7. Kerberos - not proprietary
    • Kerberos - user enters credentials and obtains a TGT
    • timestamp that makes it valid for 8 hours

    • Kerberos client sends the TGT to the TGS which creates a second ticket.
    • His ticket is used by the user to authenticate to the network resource

    Kerberos - users sends authentication information to Authentication Service (AS)

    AS creates a ticket granting ticket (TGT). which is encrypted with the user's secret key.

    The TGT is used to communicate to THE ticket granting service (TGS)

    TGS creates a ticket that contains two instances of the same session key that is encrypted with the individual principal's secret keys.

    It is the second ticket that allows the 2 principals to obtain their session keys
  8. Synchronous token device

    asynchronous token device
    • Synchronous token device - driven by time or events to authenticate users
    • asynchronous token device uses a challenge-based mechanismduring authentication
  9. Salt
    Salt - random value that is added during enryptinog process on non-windows systems.
  10. Iris and retina scan
Card Set
CIssp - Access control - Practice questions