Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CYB1UofI_FISCH2.3
Authentication
| Question | Answer |
|---|---|
| what is authentication in information security | is the set of methods used to establish whether a claim of identity is true |
| what does authentication not decide | what the party being authenticated is permitted to do |
| what is authorization | what the party being authenticated is permitted to do |
| what are the several approaches to authentication | something you know, something you are, something you have, something you do, and where you are |
| what are factors | the approaches to authentication |
| what are authentication factors | something you know, something you are, something you have, something you do, and where you are |
| what do you want to use when your attempting to authenticate a claim of identity | as many factors as possible |
| why do you want to use as many factors as possible when attempting to authentication a claim of identity | the more factors you use, the more positive your result will be |
| what is common authentication factor | something you know |
| what is included in the authentication factor: something you know | passwords or PINs |
| describe the strength of the authentication factor something you know | somewhat weak |
| why is the something you know authentication factor weak | if the information the factor depends on is exposed, you authentication method may no longer be unique |
| what is the authentication factor: something you are | based on the relatively unique physical attributes of an individual (biometrics) |
| what is biometrics | unique physical attributes of an individual |
| what can biometrics include | simple attributes: height, weight, hair color, eye color complex identifiers: fingerprints, iris or retina patterns, facial characteristics |
| can biometrics simple attributes be used as identifiers | no, they aren't usually distinctive enough to make very secure identifiers |
| what biometric attributes are used as identifiers | complex identifiers |
| what are biometrics simple attributes | height, weight, hair color, eye color |
| what are biometrics complex identifiers | fingerprints, iris or retina patterns, facial characteristics |
| why are complex identifiers used more commonly as something you are for authentication factors | forging or stealing a copy of a physical identifier is somewhat more difficult although not impossible |
| why are biometrics stronger than a password | forging or stealing a copy of a physical identifier is somewhat more difficult although not impossible |
| Does biometrics truly count as an authentication factor | there is some debate about whether it does or doesnt |
| Does biometrics only constitute verification | there is some debate about whether it does or doesn't |
| what is the authentication factor: something you have | generally based on a physical possession although it an extend to some logical concepts |
| what are examples that can be used as the authentication factor: something you have | automatic teller machine (ATM) cards, state or fed issued identity cards, or software based security tokens access to logical devices: cell phones or mail accounts |
| what is a common authentication method | sending a security token to a mobile phone |
| describe the strength of the authentication factor something you have | this factor can vary in strength depending on the implementation |
| describe a scenario or implementation which would decrease the level of strength for the authentication factor: something you have | if the security token was sent to an email address, it would be much easier to intercept (be considerably less strength compared to other implementations) |
| describe a scenario or implementation which would increase the level of strength for the authentication factor: something you have | if you wanted to use a security token sent to a device that doesn't belong to you, you'd need to steal the device to falsify authentication |
| what is the authentication factor: something you do | factor based on the actions or behaviors of an individual |
| what is sometimes considered a variation of something you are | something you do |
| what is included in the factor: something you do | an analysis of the individuals gait or handwriting the time delay between keystrokes as they types a passphrase |
| describe the level of strength of the authentication factor: something you do | strong method of authentication and are difficult to falsify |
| what example factors present a strong method of authentication and are difficult to falsify | an analysis of the individuals gait or handwriting the time delay between keystrokes as they types a passphrase |
| what is the drawback of using the authentication factor: something you do | have the potential to incorrectly reject legitimate users at a higher rate than some of the other factors |
| what is the authentication factor: where you are | a geographically based authentication factor |
| how does the authentication factor; where you are operate differently than the other authentication factors | it requires a person to be present in a specific location |
| what is an example of an authentication factor: where you are | when changing an ATM PIN, most banks will require you to go into a branch, at which pt you will be required to present identification and account num. if bank allowed the pin 2 be reset online attacker could change your pin remotely and wipe account |
| what is potentially less useful than some of the other factors | authentication factor: where you are |
| what authentication factor is difficult to counter without entirely subverting the system performing authentication | where you are |
| what is multifactor authentication | uses one or more of the factors |
| what is the multifactor authentication process called when using only two factors | two-factor authentication |
| describe an ATM example that illustrates multifactor authentication | you use something you know (PIN) and something you have (ATM card). Your ATM card serves as both a factor for authentication and a form of identification |
| describe how writing checks illustrates multifactor authentication | your using something you have (checks) and something you do (signing them) |
| the two factors involved (something you have, something you do) in writing checks are | rather weak |
| what sometimes happens when two factors involved are rather weak | sometimes see a third factor |
| what is a third factor that is sometimes used when writing checks because the factors involved are rather weak | a fingerprint (something you are) |
| how can you assemble stronger or weaker multifactor authentication schemes particular to each situation | depending on the factors selected |
| when implementing factors what needs to be considered | certain methods may be more difficult to defeat but they are not practical to implement |
| what is an example of a strong method of authentication that isn't practical in most situations | DNA |
| security should be | proportional to what your protecting |
| what is an example of a strong method of authentication that isn't practical | could install iris scanners on every credit card terminal but this would be expensive, impractical and potentially upsetting to customers |
| what is mutual authentication | an authentication mechanism in which both parties in a transaction authenticate each other |
| what sort of parties are generally involved in mutual authentication | software based parties |
| how does the standard one way authentication process work | the client authenticates to the server |
| how does mutual authentication process work | the client authenticates to the server, the server authenticates to the client |
| what does mutual authentication rely on | digital certificates |
| what would a client and server both have to perform mutual authentication | a certificate to authenticate the other |
| what happens in cases when you don't perform mutual authentication | leave yourself open to impersonation attacks |
| what is another name for an impersonation attacks | man in the middle attacks |
| what happens during a man in the middle attack | attacker inserts himself between client&server. attacker then impersonates server 2 client & client 2 server by circumventing normal pattern of traffic & intercepting and forwarding the traffic that would normally flow directly between the client & server |
| why is the man in the middle attack typically possible | the attacker needs to subvert or falsify authentication only from the client to the server |
| why does implementing mutual authentication make a man in the middle attack a more difficult attack | the attacker would have to falsify two different authentications |
| what can be combined with mutual authentication | multifactor authenication |
| when does multifactor authentication take place when combining multifactor authentication and mutual authentication | generally takes place only on the client side |
| when combining mutual authentication and multifactor authentication why does multifactor authentication generally only take place on the client side | multifactor authentication from the server back to the client would be not only technically challenging but impractical in most environments because it would involves some technical heavy lifting on the client side (potentially on the part of the user) |
| what would happen when combining mutual authentication and multifactor authentication if you were able to implement multifactor authentication from the server back to the client | you'd likely lose a significant amount of productivity |
Created by:
user-1830624
Popular Computers sets