Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

SecurityCHPT10

terms

QuestionAnswer
authentication process of ensuring that the person desiring resources is who they say they are
authentication can be based on what a user knows password
what a user has token or a card
what a user is biometrics
what you know passwords
passwords most common type of authentication
attacks on passwords social engineering
attacks on passwords capturing
attacks on passwords resetting
attacks on passwords online guessing
brute force attack password attack in which every possible combinations of letters,numbers,and characters used to create a password
hybrid attack variation of the dictionary attack by adding numbers to the end of the password,spelling words backward,slight misspelling words or including special characters
rainbow tables make password attacks easier by creating a large pregenerated data set of encrypted passwords
attacks on passwords offline cracking
dictionary attack begins with the attacker creating encrypted versions of common dictionary words and then comparing them against those in a stolen password file
using a ainbow table to crack a password also requires two steps
three types of authentication credentials what he has
three types of authentication credentials what he is
three types of authentication credentials what he knows
the weakness of passwords is human memory
examples of password policy settings enforce password istory
examples of password policy settings maximum password age
examples of password policy settings minimum password age
examples of password policy settings minimum password length
examples of password policy settings complexity requirements
examples of password policy settings store using reversible encryption
examples of account lockout policy settings lockout duration
examples of account lockout policy settings lockout threshold
examples of account lockout policy settings reset lockout counter
behavioral biometrics authenticating a user by the notmal actions that a user performs
cognitive biometrics authenticating a user thru the perception,thought process,and understanding of the user
multifactor authentication using more then one type of authentication credential
rainbow tables large pregenerated data sets of encrypted passwords used in password attacks
trusted os a hardened operating system that can keep attackers from accessing and controlling critical parts of a computer system
standard biometrics using fingerprints or other unique characteristics of a persons face,hands, or eyes for authentication
piv personal identify verification
piv a government standard for smart cards that covers all government employees
common access card a department of defense smart card
common access card for active duty and reserve military personnel along with civilian employees and special contractors
rainbow table compressed representation of plaintext passwords that are related and organized in a sequence caled a chain
steps involved in password defenses create strong passwords
steps involved in password defenses properly manage passwords
good password management techniques change passwords frequently
good password management techniques do not reuse passwords
good password management techniques never write passwords down
good password management techniques have a unique password for each account
good password management techniques never enter a password while connected over an unencrypted network
good password management techniques do not enter passwords on public computers
password management application equivalent to a digital post it note
token generates a code from the algorithim once every thirty to sixty seconds
token generates a code that is valid for a bried period of time,displayed on the device
reason to use a token regular passwords are static in nature, which makes it easier for an attacker to get
advantage to using a token passwords are dynamic,which make it harder for attackers to get
one time passwords passwords that change frequently
multifactor authentication using more then one type of authentication
biometrics what you are
standard biometrics uses a persons unique physical characteristics for authentication
fingerprints most common type of standard biometric device
types of fingerprint scanners static and dynamic
behavioral biometrics authenticates by normal actions that the user performs
types of behavioral biometrics keystroke dynamics
types of behavioral biometrics voice recognition
types of behavioral biometrics computer footprinting
keystroke dynamics attempts to recognize a users unique typing rhythm
dwell time the time it takes for a key to be pressed and then released
flight time the time between keystrokes
phonetic cadence speaking two words together in a way that one word bleeds into the next word ,becomes part of the users speech pattern
identity management using a single authentication credential that is shared across multiple networks
single sign on using one authentication credential to access multiple accounts or applications
examples of single sign on applications windows live id
examples of single sign on applications openID
examples of single sign on applications OAuth
OAuth permits users to share resources stored on one site with a second site with out forwarding their authentication credentials to the other site
OAuth relies on token credentials
openID provides a means to prove that the user owns that specific url.
Created by: cgeaski