Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
AAA
cnit 242 exam 1-authentication, authorization, accounting
| Term | Definition |
|---|---|
| what is authentication? | Do you have the credentials necessary to access this system? |
| how is authentication accomplished? | • What you know • Where you are • What you have • What you are |
| what is two-factor authentication (+ multifactor)? | Using two or more methods of proving authentication (ex: password + security token) |
| what are the two main parts of authentication? | identification and proof of identification |
| identification vs proof of identification? | Identification • User ID (UID) • Physical Object (e.g. - ATM card) • Biometrics • Digital Certificates Proof of Identification • Passwords • Access Code (e.g. - PIN number) • One-Time Tokens • Biometrics • Digital Certificates |
| User ID strategies | - shouldn't be simple names or computer generated -usually created based on algorithm LNI or ILN -ideally shouldn't be email address |
| Password strategies and rules | Rule #1 - Don’t write passwords down!!!!! Avoid easy to guess passwords Complexity requirements: cannot contain username or FN/LN, contain mixed-casing, numbers, special characters, Unicode char |
| password security through changes | force periodic password changes -optimal time of 90 days (anywhere from 30 days to a year are common) -disallow last x passwords -mix case, use non-alpha chars -disallow plain english |
| what security tradeoff comes with password requirements | -the more strict password rules, the higher the chances users will violate the first rule of secure passwords |
| biometrics auth | Functions as both ID and Proof of ID Separated into two groups: Physiological -Includes fingerprints, hand scans, retina scans Behavioral -Include speech, signature or keystroke recognition Issues with false negatives and false positive |
| digital certificates auth | Encrypted data file that uses a Certificate Authority to guarantee the identity of the holder If you trust the CA, you trust the certificates the CA issues -Also includes an encryption key for secure transmissions |
| authentication across the network | some known good object, compare input to that object -can exist on local computer (Default) -or in enterprise, can be stored on different server |
| Domain Logon | authenticate against the domain, not the local machine |
| TACACS+ | Cisco-proprietary TCP AAA are separate processes |
| RADIUS | (Remote Authentication Dial In User Service) -used to authenticate to network access devices to gain network access Open standard UDP Combines authentication and authorization Only encrypts password |
| KERBEROS | authentication only, no author or account ing -has at least 3 servers: Authentication Server (AS), Ticket Granting Server (TGS), 1+ Application Server -typically reliant on symmetric key encryption, can be configured to use public key encryption |
| what is authorization? | Once authenticated, what do you have permission to do? -users should only be allowed to access resources they are supposed to be able to access |
| how is authorization accomplished? | rights and permissions |
| how should rights and permissions be assigned? to individual users or groups? | best to assign permission to groups, not individual users, for efficiency and future expansion of enterprise |
| Group policy | assigns RIGHTS at the system level |
| Access Control Lists (ACLs) | assign PERMISSIONS at the objects level -simplest method of providing authorization -requires separate authentication method -contains a list of authorized users and their authorization level |
| KERBEROS Realm | admins create realms that encompass all that is available to access -client, server/host being accessed, and KDC exist in it |
| KERBEROS communication | -when requesting a service/host, there are 3 interactions between user and AS, TGS, server/host -each interaction sends 2 messages, one that can be decrypted and that cannot -server/host never communicates directly with KDC |
| KDC | Key Distribution Center-encrypted with master key to prevent keys from being stolen -stores all of the secret keys for user machines + servers-gen by admin during setup -secret key= hashed (password + salt) -no passwords for services/hosts |
| According to lecture, _____ days is typically the optimal duration between password changes. A. 30 B. 90 C. 120 D. 60 | B. 90 days |
| The number one rule of passwords is: Do not write them down. True or False? | True |
| The two basic parts of authentication are usernames and passwords. True or False? | False, The two basic parts of authentication are identity and proof of identity. |
| In an enterprise environment, it is best to assign permissions to individual users. True or False? | False. It is best to assign permissions to groups and place the applicable user(s) in the group. |
| RADIUS is typically only used for authentication to network equipment for configuration purposes and terminal access. True or False? | False. RADIUS is typically used to authenticate to network access devices to gain network access. |
Created by:
hallerobin
Popular Computers sets