Chapter 4 Security + Part 1

What is a Ticket Granting Ticket (TGT) session?

A Ticket Granting Ticket (TGT) process is where a user logs in to an Active Directory domain using Kerberos authentication and receives a service ticket.

What is the purpose of a VPN solution?

A VPN solution creates a secure to connect from remote location to your corporate network or vice versa. The most secure tunneling protocol is L2TP/IPSec.

Explain what format a complex password takes.

A complex password uses three of the following; uppercase and lowercase letters, numbers, and special characters not used in programming.

What is the format of distinguished name for a user called Fred who works in the IT department for a company with a domain called Company A that is a dotcom?

A distinguished name in the ITU X500 object format is : cn=Fred, ou=IT, dc=Company, dc=Com.

What is the most common form of authentication that is most likely to be entered incorrectly?

A password is most likely to be entered incorrectly; the user may forget the password or may have the Caps Lock key set up incorrectly.

How many factors is it if I have a password, PIN and date of birth?

A password, PIN, and date of birth are all factors that you know, therefore,it is a single factor.

What type of factor authentication is a smart card?

A smart card is multi=factor or dual factor as the card is something you have and the PIN is something you know.

What is used for accounting in an AAA server?

Accounting in an AAA server is where they log the details of when someone logs in and logs out; this can be used to billing purposes. Accounting is normally logged in a database such as SQL. RADIUS Accounting uses UDP Port 1813.

What type of device is an iris scanner?

An iris scanner is a physical device used for biometric authentication.

What is an XML-based authentication protocol?

Security Assertion Mark-up Language (SAML) is an XML-based authentication protocol used with federated services.

What authentication factor uses tickets, timestamps, and updated sequence numbers and is used to prevent replay attacks?

Microsoft's Kerberos authentication protocol is the only one that uses tickets. It also uses timestamps and updated sequence numbers and is used to prevent replay attacks. It also prevents pass the hash attacks as it does not use NTLM. (New Technology LAN Manager)

What is biometric authentication?

Biometric authentication is where you use a part of your body or voice for authentication, for example , your iris, retina, palm, or fingerprint.

What authentication method can be used by two third parties that participate in a joint venture?

Federated services are an authentication method that can be used by two third parties; this uses SAML and extended attributes such as employee or email address.

How can I prevent a hacker from inserting a password multiple times?

If I set up an account lockout with a low value such as three, the hacker needs to guess your password within 3 attempts or the password is lockout, and this disables the user account.

What protocol is used to store and search for Active Directory objects?

Lightweight Directory Authentication Protocol (LDAP) is used to store objects in an x500 format and search Active Directory objects such as users, printers, groups, or computers.

Give an example of when you would use Open ID Connect.

Open ID Connect is where you access a device or portal using your Facebook, Twitter, Google, or Hotmail credentials. The portal itself does not manage the account.

Why should we never use PAP authentication?

PAP authentication uses a password in clear text; this could be captured easily be a packet sniffer.

How can I prevent a Pass the Hash attack?

Pass the hash attacks exploit older systems such as Microsoft NT4.0, which uses NT Lan Manager. You can prevent these attacks by enabling Kerberos and disabling NTLM.

How can I prevent someone from reusing the same password?

Password history could be set up and combined with minimum password age. If I set the minimum password age to one day, a user could only changer their password a maximum of once per day. This would prevent them from rotating their passwords to come back to the old password.

What is password history?

Password history is the number of password you can use before you can reuse your current password. Some third-party applicatoins or systems may call this a Password Reuse list.

What is Shibboleth?

Shibboleth is a small open source Federation Services protocol.

What is single sign-on? Give two examples?

Single sign-on is where a user inserts their credentials only once and accesses different resources such as emails and files without needing to re-enter their credentials. Examples of this are Kerberos, Federated Services, and a smart card.

Which Stratum time server is the reference time source?

Stratum 0 is the reference time source. Stratum 1 is set up internally to obtain time from Stratum 0.

Name two AAA servers and the ports associated with them.

The first AAA server is Microsoft RADIUS, using UDP Port 1812 - it is seen as non-proprietary. The second is Cisco TACACS+ and uses TCP port 49. Diameter is a more modern secure form of RADIUS that is TCP based and uses EAP.

When I purchase a new wireless access point what should I do first?

When purchasing any device, you should change the default username and password as many of these are available on the internet and could be used to access your device.