Chapter 4: Identity and Access Management
Shibboleth
A single sign-on system used widely on the Internet. The name derives from a bible story.
One-Time Password
Password is issued but is only good for a fine period of time. After it issued once or the time expires, it is no longer a valid password. Bank websites often use this if you need to reset (temporary) Password.
Ipconfig/ip/ifconfig
Provides information about the network interface.
Shiva Password Authentication Protocol (SPAP)
Simply encrypts the username and password. This prevents a packet sniffer from getting the username and password, but it does nothing to limit replay attacks or session highjacking.
Data loss prevention (DLP)
Software or techniques designed to detect attempts to exfiltrate data.
Invisible Secrets
Steganography Tool: This a low-cost commercial product that can hide data in either an image or sound file.
Deep Sound
Steganography Tool: This is a free download that allows you to hide data in sound files: http://jpinsoft.net./deepsound.
Open Stego
Steganography Tool: This is an open source steganography tool. It limited, but It'll provide basic steganography.
tcpdump -I eth0
Used to capture network traffic for the network card.
Security Assertion Markup Language (SAML)
Used to exchange authentication and authorization information between identity providers and server providers. It's often used in web browser single-on implementations.
Challenge Handshake Authentication Protocol (CHAP)
Users send their username and password (encrypted) to the server, Server authenticates users then directs the client computer to generate some random number (cryptographic hash), and send that to the server (encrypted) The server periodically challenge the client to reproduce that number/hash. If the client session comprised the client will not be able to produce that number/hash, the server will terminate the session.
Location of Firewall logs
%windir%\system32\logfiles\firewall\
NIDS & NIPS
A network-based intrusion detection system. An NIPS is an intrusion prevention system. A network intrusion protection system. Unlike HIDS/HIPS, NIDS/NIPS scans and entire network segment.
HIDS & HIPS
A Host-based Intrusion Detection System & A Hosted-based Intrusion Protection System.
Terminal Access Controller Access Control Systems (TACACS) & (XTACACS)
A client-server-oriented environment, and it operates in a manner similar to RAIDUS. Has become widely accepted as an replacement to RADIUS.
Federation
A collection of computer network thats that agree on standards of operations such as security standards.
Federation
A collection of computer networks that agree on standards f operation, such as security standards.
Solar Winds
A commercial network scanner.
Open Standard for Authentication (OATH)
A common method for authorizing websites or applications to access information . It allows users to share information with third-party applications.
Tcpdump
A common packet sniffer for Linux users. It works from the shell, and it is relatively easy to use.
Two-factor authentication
A system that uses smart cards and passwords for authentication.
network scanner
A tool that enumerates your network and provides a map of the network.
Kerberos
An authentication protocol developed at MIT that uses tickets for authentication.
Challenge Handshake Authentication Protocol (CHAP)
An authentication protocol that periodically reauthenticates.
Password Authentication Protocol (PAP)
An old and insecure method of authentication. Essentially the username and password are sent in clear text. Used before packet sniffers became widely available.
Data execution prevention (DEP)
Any technique that prevents a program from running without the user's approval.
Kerbos
Authentication protocol named after the mythical three-headed dog that stood at the gates of Hades. Originally designed by MIT. It follows a single sign-on to a distributed network.
tcpdump -c 100 -I eth0
Captures only the first 100 packets on the interface eith0. Then stops.
tcpdump -D
Command will display all the interfaces on your computer so you can select which one you want to use.
PING
Fundamental networking utility. Part of the Windows and Linux OS. Used to find out if a particular website is reachable.
Security Assertion Markup Language (SAML)
Is a markup language, much like HTML.
Open Standard to Authentication (OATH)
It is designed to work with HTTP and allows access tokens to be issued to third-party clients with the approval of the resources owner. Resource owner such as a social media website user, can authorize a third party to access his or her data.
Address Resolution Protocol (ARP)
Maps Ip addresses to MAC addresses.
Tools for Analyzing the Network
Network Scanner:Tcpdump, Wireshark, Solar Winds, Lanhelper, Aircrack, Password Cracker: Pwdump, Ophcrack, Vulnerability Scanners: Nessus, MBSA & OWASP ZIP.
NetCat
Not included in the OS, but is available for download. Allows you to read and write to network connections using either TCP or UDP.
Least Privileges
The Principle that any user or service will be given only enough access privileges to do its job and no more.
Crossover error rate (CER)
The point at which the FRR and FAR are equal. Sometimes called the equal error rate (ERR).
Crossover error rate
The point at which the False Rejection Rate (FRR) & the False Acceptance Rate (FAR) are equal.
False Acceptance rate (FAR)
The rate at which a biometric solution rejects individual it should have allowed.
False Rejection Rate (FRR)
The rate at which biometric solution rejects Individuals it should have allowed.
Keyed-hash message authentication code (HMAC)-based one-time password (HOTP)
These are often used in physical tokens. Hashes, message authentication code (MAC), and HMAC.
Protocol Analyer/Packet sniffers
These tools look at the current traffic on the network and allow you to view that traffic and capture the traffic for later analysis.
Federated Identity
This allows a user to have a single identity that they can use across different business units and perhaps even entirely different businesses.
LanHelper
This tool is an inexpensive network and scanner that you can download from www.hainsoft.com/download.htm. Scan Lan, IP, Workgroup.