Question | Answer |
authentication | process of ensuring that the person desiring resources is who they say they are |
authentication can be based on what a user knows | password |
what a user has | token or a card |
what a user is | biometrics |
what you know | passwords |
passwords | most common type of authentication |
attacks on passwords | social engineering |
attacks on passwords | capturing |
attacks on passwords | resetting |
attacks on passwords | online guessing |
brute force attack | password attack in which every possible combinations of letters,numbers,and characters used to create a password |
hybrid attack | variation of the dictionary attack by adding numbers to the end of the password,spelling words backward,slight misspelling words or including special characters |
rainbow tables | make password attacks easier by creating a large pregenerated data set of encrypted passwords |
attacks on passwords | offline cracking |
dictionary attack | begins with the attacker creating encrypted versions of common dictionary words and then comparing them against those in a stolen password file |
using a ainbow table to crack a password also requires | two steps |
three types of authentication credentials | what he has |
three types of authentication credentials | what he is |
three types of authentication credentials | what he knows |
the weakness of passwords is | human memory |
examples of password policy settings | enforce password istory |
examples of password policy settings | maximum password age |
examples of password policy settings | minimum password age |
examples of password policy settings | minimum password length |
examples of password policy settings | complexity requirements |
examples of password policy settings | store using reversible encryption |
examples of account lockout policy settings | lockout duration |
examples of account lockout policy settings | lockout threshold |
examples of account lockout policy settings | reset lockout counter |
behavioral biometrics | authenticating a user by the notmal actions that a user performs |
cognitive biometrics | authenticating a user thru the perception,thought process,and understanding of the user |
multifactor authentication | using more then one type of authentication credential |
rainbow tables | large pregenerated data sets of encrypted passwords used in password attacks |
trusted os | a hardened operating system that can keep attackers from accessing and controlling critical parts of a computer system |
standard biometrics | using fingerprints or other unique characteristics of a persons face,hands, or eyes for authentication |
piv | personal identify verification |
piv | a government standard for smart cards that covers all government employees |
common access card | a department of defense smart card |
common access card | for active duty and reserve military personnel along with civilian employees and special contractors |
rainbow table | compressed representation of plaintext passwords that are related and organized in a sequence caled a chain |
steps involved in password defenses | create strong passwords |
steps involved in password defenses | properly manage passwords |
good password management techniques | change passwords frequently |
good password management techniques | do not reuse passwords |
good password management techniques | never write passwords down |
good password management techniques | have a unique password for each account |
good password management techniques | never enter a password while connected over an unencrypted network |
good password management techniques | do not enter passwords on public computers |
password management application | equivalent to a digital post it note |
token | generates a code from the algorithim once every thirty to sixty seconds |
token | generates a code that is valid for a bried period of time,displayed on the device |
reason to use a token | regular passwords are static in nature, which makes it easier for an attacker to get |
advantage to using a token | passwords are dynamic,which make it harder for attackers to get |
one time passwords | passwords that change frequently |
multifactor authentication | using more then one type of authentication |
biometrics | what you are |
standard biometrics | uses a persons unique physical characteristics for authentication |
fingerprints | most common type of standard biometric device |
types of fingerprint scanners | static and dynamic |
behavioral biometrics | authenticates by normal actions that the user performs |
types of behavioral biometrics | keystroke dynamics |
types of behavioral biometrics | voice recognition |
types of behavioral biometrics | computer footprinting |
keystroke dynamics | attempts to recognize a users unique typing rhythm |
dwell time | the time it takes for a key to be pressed and then released |
flight time | the time between keystrokes |
phonetic cadence | speaking two words together in a way that one word bleeds into the next word ,becomes part of the users speech pattern |
identity management | using a single authentication credential that is shared across multiple networks |
single sign on | using one authentication credential to access multiple accounts or applications |
examples of single sign on applications | windows live id |
examples of single sign on applications | openID |
examples of single sign on applications | OAuth |
OAuth | permits users to share resources stored on one site with a second site with out forwarding their authentication credentials to the other site |
OAuth | relies on token credentials |
openID | provides a means to prove that the user owns that specific url. |