1. Identification
    Occurs when users claim or profess their identity with identifiers such as usernames or email addresses
  2. Authentication
    Users prove their identity with a password
  3. AAA
    • Authentication
    • Authorization
    • Accounting
    • Worked together with identification to provide a comprehensive access management system
  4. Accounting
    Message track user activity and record activity in logs
  5. Audit trail
    Allow security professionals to re-create the events that preceded a security incident
  6. When does identification occur?
    It occurs when a user claims an identity such as with a username or email address
  7. When does authentication occur?
    Authentication occurs when the user proves the claimed identity and the credentials are verified
  8. What is the best way to provide accounting?
  9. What is that something you know factor?
    • This factor typically refers to a shared secret such as a password or even a pen
    • This is the least secured form of authentication
  10. What is a strong password?
    • Sufficient length
    • Doesn't include words found in the dictionary
    • Combines at least three of the following for character types
  11. Complex passwords use a mix of character types. Strong passwords use a mixes character types and have a minimum password length of at least 14 characters
  12. What needs to happen before resetting passwords for users?
    • Verify the user's identity
    • It is best to create a temporary password expires on the first use
  13. What is a group policy?
    • Group policy is implemented on a domain controller with a domain
    • Administrators use it to create password policies implement security settings configure host-based firewalls and more
  14. Password policy
    • Enforce password history
    • Maximum password age
    • Minimum password age
    • Minimum password length
    • Password must meet complexity requirements
    • Store password using reversible encryption
  15. How do you prevent users from using the same password again?
    Password history
  16. How do you prevent users from guessing password?
    • Account lockout threshold
    • Account lockout duration
  17. The first factor of authentication is the weakest factor
  18. What is the something you have authentication factor?
    This authentication factor refers to something you can physically hold
  19. What is a smartcard?
    Smart cards are credit card sized cards that have an embedded microchip and a certificate
  20. What are two requirements for a smartcard?
    • Embedded certificate which holds a users private key
    • Public key infrastructure which supports issuing and managing the certificates
  21. What is a CAC?
    • Common access card
    • Specialized types of smartcard used by the US department of defense
    • Includes a picture of the user and other readable information
    • Used to gain access into secure locations and to log onto computer systems
  22. Personal identity verification card
    • specialized type of smartcard used by federal agencies
    • Includes photo identification and provides confidentiality integrity authentication and non-repudiation for the users
  23. Smartcard is an example of two factor authentication
  24. Token
    • In an electronic device about the size of a remote key for the car
    • Displays a number that expires every 60 seconds
    • This is used for authentication via a website
  25. HOTP
    • Open standard used for creating one time passwords
    • Uses a hash
  26. TOTP
    Generates password that expires in 30 seconds
  27. What is a significant benefit of one-time passwords?
    • Price
    • Dual factor authentication
    • HOTp and T OTP can be used as software tokens for authentication
  28. What is the something you are authentication factor?
    • Uses biometrics for authentication
    • Biometric methods are the strongest form of authentication because they're the most difficult for an attacker to falsify
  29. Fingerprint scanner
    Usually used for identification not authentication
  30. False acceptance
    When a biometrics system incorrectly identifies an authorized user as an authorized user
  31. False rejection
    When a biometrics system incorrectly rejects an authorized user
  32. What is that somewhere you are authentication factor?
    Uses geolocation to identify a users location
  33. What are the strongest biometric methods methods?
    • Iris and retina scans
    • Crossover error rates measure the accuracy of a system
  34. What can a company implement to combat weak passwords?
    A technical password policy
  35. What can an organization due to combat forgotten passwords?
    Password recovery procedure
  36. kerberos
    • Network authentication mechanism used within Windows active directory domain and some UNIX environments known as realms
    • Provides mutual authentication that can help prevent men in the middle attacks and uses tickets to help prevent replay attacks
  37. What are three requirements for kerberos?
    • Method of issuing tickets used for authentication
    • Time synchronization
    • A database of subjects or users
  38. NTLM
    • New technology LAN manager
    • Suite of protocols that provide authentication integrity and confidentiality within Windows systems
  39. LDAP
    • Lightweight directory access protocol
    • Specifies formats and message to query directories
  40. LDAP is based on an earlier version of X.500
    • Windows active directory domains and unix realms use LDAP to identify objects in query strings with code such as CN DC
    • It also encrypts transmissions with TLS
  41. SSO
    • Single-sign-on
    • The ability of a user to log on or access multiple systems by providing credentials only once
    • One set of credentials is used throughout a users entire session
    • This can be used for different operating systems
  42. Transitive trust
    • Create an indirect trust relationship
    • Parent and child domain
  43. SAML
    • Security assertion markup language
    • This is a language to establish trust
    • This is used to exchange authentication and authorization information between different parties
  44. Three roles in SAML
    • Principal which is the typical user
    • Identity provider which creates maintains and manages identity information for the principal
    • Service provider provides services to principals
    • For example redirecting the principal to obtaining in identity
  45. How do you provide SSO for web-based applications?
    Use security assertion markup language
  46. Federation
    • This links and uses credentials from different networks or operating systems and treats it as one identity
    • This is useful for when parties want to access each others network but it is not feasible to join the networks
  47. Shibboleth
    • One of the federated identity solutions period
    • More affordable solution then commercially available federated identity solutions
    • Makes it easy for developers to expand its usefulness
  48. OAuth
    • Open standard for authorization many companies use to provide secure access to protected resources
    • Instead of creating a different account for each website you access you can often use the same account that you've created for different sites
  49. OpenID Connect
    • Works OAUTH 2.0 and it allows clients to verify the identity of an uses without managing their credentials
    • For example logging in with Facebook to a site that personalizes for you
  50. Least privilege
    • Lease privilege specifies that individuals and processes are granted only the Rights and permissions needed to perform assigned tasks or functions
    • Technical control
  51. end user accounts
    Accounts for a regular users
  52. Privileged account
    • Has additional rights and privileges beyond what a regular user has
    • For example administrative account
  53. Guest account
    Useful for when you want to grab some unlimited access to a computer or network without creating a new account
  54. Service account
    • Eight type of regular and user accounts that only is used by the service or application
    • For example SQL Server is a database application that runs on a server and it needs access to resources on the server and network
  55. Requiring administrators to use two accounts one with administrator privileges and another with regular user privileges helps prevent privilege escalation attacks.
    Users should not use shared accounts
  56. Account disablement policy
    • Disabling accounts once an employee leaves
    • Security keys associated with into account remains available when the account is disabled but are no longer accessible if the account is deleted
  57. What should a company implement if they only want users to access between 8 AM and 5 PM
    Time of day restrictions
  58. What should a company do if they are creating an account for a temporary contractor? Tab
    Create an account expiration date for temporary account
  59. What should a company do if users has many passwords?
    • Credential management
    • For example Google auto fill
  60. Role-based access control (role-BAC)
    • Uses roles to manage rights and permissions for users
    • This is useful for users within a specific department who perform the same job functions
  61. What does a company do if they want to simplify user administration?
    Apply group-based access control which is control based on groups and roles
  62. Group based privileges reduce the administrative work load of access management
    Administrators put user accounts into groups and assign privileges to the groups
  63. rule-based access control is based on what?
    a set of approved instructions, such as an access control list
  64. Some-ruleBAC systems use rules that trigger in response to an event, such as modifying access control lists after detecting an attack or granting additional permissions to a user in certain situations
  65. DAC
    • Discretionary access control
    • every object has an owner, and the owner establishes access for the objects.
    • Unix and windows use this
    • for example microsoft rtfs allowing users and administrators to restrict access to files and folders with permissions
  66. What is one flaw to using the DAC model?
    • Discretionary Access Control
    • Susceptiblity to trojans
  67. Mandatory Access Control
    • uses labels to determine access. 
    • labels must match to be able to see a file
    • higher level clearances unlock lower level clearances
    • used when access needs to be restricted on a need to know
  68. ABAC
    • Attribute-based access control values attributes and grants access based on the value of these attributes
    • usage of policies
    • commonly used in Software defined networks
  69. what are the five factors of authentication?
    • something you know
    • something you have
    • something you are
    • somewhere you are
    • something you do
Card Set