Chapter 3 Investigating Identity and Access Mangement

what is a default account, is it a security risk?

Default accounts and passwords for devices and software can be found on the internet and used to hack your network or home devices. Ovens, TVs, baby monitors, and refrigerators are examples.

what is the difference between FAR and FRR

FAR allows unauthorized user access, and FRR rejects authorized user access.

how does a cac differ from a smart card and who uses Cac

A CAC is similar to a smart card as it uses certificates, but the CAC card is used by the military, has a picture, and the details of the user on the front and their blood group and Geneva convention category on the reverse side.

what is a ticket granting ticket TGT session

A Ticket-Granting Ticket (TGT) process is where a user logs in to an Active Directory domain using Kerberos authentication and receives a service ticket.

what is the purpose of VPN solution

A VPN solution creates a secure to connect from a remote location to your corporate network or vice versa. The most secure tunneling protocol is L2TP/IPSec.

explain what format a complex password takes

A complex password uses three of the following; uppercase and lowercase letters, numbers, and special characters not used in programming.

what is the purpose of a password vault and how secure is it

A password vault is an application that stores passwords using AES-256 encryption and it is only as secure as the master key.

what type of account is a service account

A service account is a type of administrative account that allows an application to have the higher level of privileges to run on a desktop or server. An example of this is using a service account to run an anti-visas application.

what type of factor authentication is a smart card

A smart card is multi-factor or dual factor as the card is something you have and the PIN is something you know.

what is biometric authentication

A system that reads a person's traits, such as their fingerprint, iris, or voice to grant access

what is the purpose of a user account review

A user account review ensures that old accounts have been deleted - all current users have the appropriate access to resources and not a higher level of privilege.

what is account recertification

Account recertification is an audit of user account and permissions usually carried out by an auditor; this could also be known as user account reviews.

what is a privilege account

An account with administrative rights.

what type of device is an iris scanner

An iris scanner is a physical device used for biometric authentication.

what is a port based authentication that authenticates both users and devices

IEE802.1x is port based authentication that authenticates both user and device

give an example of when you would use open ID connect

Open ID Connect is where you access a device or portal using your Facebook, Twitter, Google, or Hotmail credentials. The portal itself does not manage the account.

why should we never use PAP authentication

PAP authentication uses a password in clear text; this could be captured easily by a packet sniffer.

how can I prevent a pass the hash attack

Pass-the-hash attacks exploit older systems such as Microsoft NT4.0, which uses NT LAN Manager. You can prevent this by enabling Kerberos or disabling NTLM.

how can I prevent someone from reusing the same password

Password history could be set up and combined with minimum password age. If I set the minimum password age to one day, a user could only change their password a maximum of once per day. This would prevent them from rotating their passwords to come back to the old password.

what is password history

Password history is the number of passwords you can use before you can reuse your current password. Some third-party applications or systems may call this a Password Reuse list.

what is a solution. that helps protect privilege to accounts

Privileged Access Management is a solution that stores the privileged account in a bastion domain to help protect them from attack

what I'd an xml based authentication protocol

Security assertion mark-up languagw SAML is an xml based authentication protocol used for federation services

what is shibboleth

Shibboleth is a small open source Federation Services protocol.

what is single sign on. give two examples

Single sign on is where a user inserts their credentials only once and accesses different resources, such as email and files, without needing to re enter the credentials. Examples of this are Kerberos, Federation Services, or a Smart Card

name two AAA servers and ports associated with them

The first AAA server is Microsoft RADIUS, using UDP Port 1812 - it is seen as non-proprietary. The second is CISCO TACACS+ and uses TCP Port 49. Diameter is a more modern secure form of RADIUS that is TCP based and uses EAP.

what type of knowledge based authentication would a bank normally use

They would use a dynamic KBA that would ask you details about your account that are not previously stored questions.

describe the process of impossible time travel

This is where a user logs in to a device from one location, and then they log in from another location shortly afterward, where it would be impossible to travel that distance in the time between logins.

what is a time limited password

Time-Based One-Time Password (TOTP) has a short time limit of 30-60 seconds.

what is type II in biometric authentication and why is it a security risk

Type II in biometric authentication is Failure Acceptance Rate, where people that are not permitted to access a tour network are given access.

what do I need to do when I purchase a baby monitor and why

When I purchase a baby monitor, I should rename the default administrative account and change the default password to prevent someone using it to hack my home.

what is the drawback for security if the company uses shared accounts

When monitoring and auditing are carried out, the employees responsible cannot be traced while more than one-person shared accounts. Shared accounts should be eliminated for monitoring and auditing purposes

when I purchase a new wireless access point, what should I do first

When purchasing any device, you should change the default username and password as many of these are available on the internet and could be used to access your device.

what can I implement to find out immediately when a user is placed in a group that may give them a higher level of privilege

a SIEM system can carry out active monitoring and notify of changes to user accounts or logs

what is the format of a distinguished name for a user called Fred who works in the IT department for a company with a domain called company A that is dotcom

a distinguished name in the ITU X500 object format is cn=Fred, ou=IT, dc=Company, dc= com

a beute force attack cracks a password using all combinations of character and will eventually cracks a password. what can I do to prevent a brute force attack

account lockout with low value

if a contractor bring in five consultants for two months of a mail server migration, how should I set up their accounts

account should expire last day of contract

what are the drawbacks of using facial recognition

affected by light, turning your head. some accept photographs.

how many factors is it if I havw a password, pin and date of birth

all are factors you know, one factor authentication

which authentication model gives access to a computer system even though the wrong credentials are being used.

biometric authentication allows unauthorized users access

what will be the two possible outcomes if an auditor finds any working practices that do not confirm to the company policy

change management or new policy

I have moved departments but the employees in my old department still use my old account for access. what should the company have done to prevent this from happening. what should their next action be. what is the purpose of ssh-copy-id command.

copy and install public key on SSH server and add list of authorized keys.

the IT team havw a global group called IT admin, each member of IT team are member of this group and therefore havw full access to departmental data. two new apprentices are are joining the company and they need to havw read access to the IT data. how can you achieve this with minimum effort

create a group named IT apprentices and give read permissions.

I have different login details and passwords to access airbnb Twitter, and Facebook but I keep getting them mixed up and have locked myself out of these accounts from time to time. what can I implement on my windows 10 to help me.

credential manager.

what actions do I need to complete when John leaves the company

disable account and reset password

what authentication method can be used by two third parties that participate in joint adventures

federated services are an authentication method that can be used by two third parties. this uses SAML and extended attributes. such an employees ID or email address

what is thr danger to households with IoT devices

generic accounts make them vulnerable

what protocol is used to store and search for active directory procols

lightweight directory authentication protocol ldap is used to store objects in x500 format and search Active directory objects such as users printers, groups or computers

what is used for accounting in AAA servers

log details of when someone logs in and out. can be used for billing purposes. accounting is normally logged into a database such as SQL RADIUS accounting uses UDP port 1813

what authentication factor uses tickets, timestamps and updated sequence numbers and is used to prevent replay attacks

microsofts Kerberos authentication protocol is the only one that uses tickets. it also used timestamps

how many times can you use and HOTP password? is there a time restriction associated with it

one time password, expires once used

What is the most common form of authentication likely to be entered incorrectly

password

when I log in to my Dropbox account from my phone, I get an email asking me to confirm thay this was a legal login. what have I been subjected to?

risky logins, as I have a second device to login to a drop box

how can I ensure that contractors in question 44 can only access the company network from 9-5

rule based access.

how can I prevent a hacker from entering a password multiple times

set account lockout with low value.

why do cloud providers adopt zero trust models

some devices being used do not belong to domain. every connection should be considered unsafe.

the system administrator in a multination corporation creates user account using an employees first and last name. why are they doing this time after time

standard naming conventions

if I have a company that has five consultants who work in different shift patterns. how can I set up their accounts so that each of them can only access netowkr during their individual shift

time and day restrictions

how many accounts should a system administrator for a multinational corporation have and why

two accounts. user account for day to day tasks and one for administrative tasks