Chapter 4: Access Control, Authentication, and Authorization
HTOP
"hash message authentication protocol one-time password" uses hash algorithms between server and client
how ling does the TGT lasts until it has to authenticate the user again?
10 hours
what is Kerberos?
An SSO suthentication protocol. The computer must go through the kerberos server to authenticate and authorize a user to anything. The "server" is called the Key distribution Center (KDC). when a user is authenticated the KDC sends the user a token called a Ticket Granting Ticket (TGT). It has all of its information on it just like a token. if the user wants to access the file server it must go through the KDC to check for permissions.
how many days should you, as an administrator go before making everyone change their passwords?
43 is the standard, but 90 says is also acceptable.
how long does the service ticket lasts?
5 minutes
what is the secure LDAP?
LDAPS
what is LDAP
Lightweight Directory Access Protocol
what does MAC stands for?
Mandatory Access Control
PROTOCOLS what is PAP?
Password Authentication Protocol. this is a old system that used an authentication server to authenticate. the authentication was in plain text.
What does RBAC stands for specifically talking about job position.
Role based Access Control
What does SAML stand for?
Security Assertion Markup Language
a remote user connecting to a serves is also called dialing in
a remote user connecting to a server is also called dialing in.
what are time of day restrictions?
it is a set time and day that users can authenticate and perform work functions. example, a company has operation hours from 9 to 5 Monday through Friday. you might set the time day restrictions from 8 to 6 Monday through Friday; giving them extra time to get settled in the morning and wrapping up the day in the afternoon
L2F layer 2 forwarding
no encryption of data and provides authentication.
what port is LDAPS?
port 636
what are the 4 methods of access control?
rule based access control (RBAC), role based access control(RBAC), mandatory access control(MAC), and discretionary access control (DAC)
authentication
to prove and verifying who you are through a system. like using a username and password, or a CAC card and pin
*what is XML used for?
to transport and store data
*What does SAML used for?
used for Authenticating and Authorizing data.
what is a smart card
A smart card is used to authenticate and identify a person. It also has a small chip that contains memory and permissions of a particular user. Usually a smart card has some type of authentication you have to go through such as to enter a pin to access permissions
what is trusted OS?
Also call common criteria (CC). this is when operating systems and other devices are forced to pass a certification to ensure that the device is highly secure. it is internationally recognized. there are 7 levels different levels to inwhich a particular product must certify. these levels are called EVALUATION ASSURANCE LEVELS (EAL). with the levels, the higher the number the higher and better the security. The minimum evaluation assurance level is 4 and it takes two years to usually get certified.
what is X.500?
An electronic data base of people in your organization Example, AKO and it global way of looking up people, outlook email, Active directory., ect.....its a standard
what is implicit deny?
Applied at teh end of all ALC. it is when the Access control list goes down the list of people who or ip addresses to allow access. if someone who is not on the list asks for access and does not qualify with parameters on the ccess control list then that person is denyed access. an example is the bouncer looking up the names of people who can come to the part. a rouge person is trying to enter the party and his name isnt on teh list; he is denied and this is what the IT world calls implicit deny.
what are some types of smart card
CAC (common access Card) and PIV Personal identification verification cards
what authentication protocol does PPP use?
CHAP challenge handshake authentication protocol
what does DAC stand for?
Discretionary Access Control
what is the minimum certification level when dealing with EAL?
EAL 4
what does EAP stands for?
Evaluation assurance levels
what does KDC stand for?
Key Distribution Center
is PPP suitable for WAN connections
NO
NCP
Network control protocol. uses for ppp before TCP/IP came about.
what is the KDC (Key distribution Center)
Pretty much the kerberos server that grants access and authenticate users through out the network
what are some remote authentication servers?
RADIUS, TACACS,TACACS+, XTACACS.
In high security environments, what methods of access are usually used?
RBAC rolebassed access control, MAC mandatory access control
what does rbac stand for when talking about rules?
Rule based access control
what is LDAP secure with
SSL/TLS (Secure Socket Layer, Transport Layer Security
what is SPAP?
Shiva password authentication protocol. replaced PAP. the difference is that SPAP encrypts the user and password
what does TGT stands for?
Ticket Granting Ticket
whats the difference between a CAC card and PIV card?
a CAC card is issued to military employees, and a PIV card is issued to federal employees and contractors
transitive access (problems with aithentication)
a chain of trust. computer A trust's computer B. since Computer B trust's computer C, computer A trust's computer C.
generic accounts
a generic account is an account that is shared by multiple people. example, a library computer thAt has the password next to the computer screen for everyone to use. or an administrator account that all helpdesk techs use to troubleshoot. these accounts are hard to audit.
federations
a group of networks with the same standards for operations. example both networks has the same security standards.
fun fact
anybauthentication done by a remote user is k kw as remote authentication
tokens
are only available for 1 session. used when a user logs a Cpu for a session. the token has information on your right and privileges for computer use.
*out of band authentication
asking about details if a document that is on file. example, asking you about your credit report, or last car payment date to help authenticate you.
what are the Windows standard for a proper password setting?
can not use your username or the users full name and 2 consecutive characters of both, an upper case, lower case, a number, and non numerical x #*^% ect......
what is CHAP?
challenge handshake authentication protocol. pretty much a constant handshaking prrocess for authentication and prevention of man in the middle att. During the first authentication , the server asks the clients Cpu to send a random number back called a "hash". if the a man I the middle att was underway he/she wouldn't know the number and authentication would stop.
*what does XML stand for?
eXtensible Markup Language
PPTP
encrypts and encapsulate ppp packets. low ended protocol
identity proofing
extra security measures such as mothers maiden name, the higschool u graduated from ect. an extra layer of security by further identifying who you are usually after the authentication. BIOMETRICS HAVE MADE THE SIMPLE QUESTIONS INTO PHYSICALLY PROVING YOUR IDENTITY LIKE VOICE ACTIVATION OR FINGER PRINTS .
identification
finding out who someone is. using an ID card to prove your identity. identification is claiming
things to remember to secure your router is.....
firmware upgrade, change passwords, and check advanced settings.
what is DAC?
flexibility of access and distribution of information. give access and information at discretion. Example, you might have MAC to the TOC, but S-2 might be using DAC to enter their shop. People who can access a specific piece of information are chosen at someone discretion. The downfall of this access control method is that someone who does not have access might get some information or access to something they are not suppose to have.
group based privilages
giving a certain group the same privileges to accrss, and change certain things. example, giving the all the HR people the same privileges to do and change certain things
user assigned privilages
giving a specific user certain privilages. example, giving the BRIGADE Commander privileges to change files and slides of all S shops In a unit.
what is "least privilege"?
giving the user or system the least privileges they need to complete their job.
layered security snd defense in depth
have more than one layer of security and ensure the layers are in-depth. example, it's nice to have a firewall but to layer the firewall with a IDS, proxiy, and an anti virus program would be better.
High evaluation Assurance levels (EAL) denotes that security is high or low?
high
what is MAC?
inflexibility of access and information distribution. its a access control method that gives mandatory access to people. for example, teh military allow mandatory access to the TOC for people who carry a secret securtity clearance or higher.
mutual factor aithentication
is a series of authentication and is encrypted. example a client authenticates to a server and a server authticates to a client. this ensures the establishment of a secure session between two points. usually used for financial records or medical records.
ssh secure shell
is a tunneling protocol that provides encryption and is secure.
federated identity
is a way that a user can use the same authentication procedures on two different networks.
Network Access Control
is part of operational security. focuses on the topologies abd connecting on the network. example, port security, password expiration periods and rotation
two factor authentication
is when you use 2 different factors to authenticate. example, username and password, and fingerprint scanner.
what is LDAP used for?
it is a directory protocol to access directoris example, Active Directory uses this to access its global contact books of individual people
what is a flood gaurd?
it is a guard to protect against denial of service attacks. when an abundance of traffic goes to a certain port, the flood guard kicks in to protect the port from opening or shutting down. administrators lower the tolerance and implicit deny all traffic going to that port.
what is rbac when talking about rules?
it is a set rule to give access to a client or a machine based on certain parameters. RBAC uses a ACL (Access control list). it might have an allow list or deny list. Some rules that can be implemented for access control are "deny everyone with this ip address" or "accepted the listed people on the Access Control List" or "deny everyone on this access control list" (usually usernames or host names are on the list)
what is rbac when talking about job positions?
it is access to information based on job role and responsibility. example, Pamela is an editor, Pamela needs to edit documents, Pamela is part of the editors group, Pamela gets access to edit documents because the editors group all have the ability to edit documents.
what is log analysis?
it is gathering the logs of various devices like firewall, routers switches IDS, IPS, ect and actually analyzing your logs. many administrator fail to do this. make sure you also store your logs so you can compare them to the baseline configs.
What is the TGT?
it is the initialn ticket that authenticates the user. the ticket has all the privileges the specific user and access. A token
what is EAL 4?
it is the minimum, provides positive security, and is considered "good" for commercial systems
when talking about ACL, what are firewall rules?
it is when the firewall has a certain set of rules of incoming and outgoing network traffic. such as people withu his private ip and come in, or people with this username can come into the network. firewalls can either block a certain connection, allow a certain connection, or allow a certain connection as long as it is secure.
when dealing with access control, what is continuous monitoring?
it is when you continuously monitor users and how they use their privileges. examole, monitor s hr person to see if she is accessing and using personal information for the wrong reasons.
what is port security?
it is when you ensure that no one can access your ports. it is when you close a port on a switch to ensure that a rouge user can not authenticate. You can set up a switch to only read certain MAC addresses and allow only those. this is called MAC filtering and limiting.
what is the downfall a Kerberos?
its a single sign on (SSO) so if the Key Distribution Center fails, the entire protocol fails. its a single point of failure. (SPF)
what does LDAPS stands for?
lightweight directory Access protocol Secure
ipsec internet protocol security
not a tunneling protocol but is use to secure and encrypt non secure and no encrypted tunneling protocols.
ppp
point to point protocol
what port is LDAP on?
port 389 udp/TCPIP
what is is user access review?
pretty much account auditing to ensure users have the right privileges or access levels.
L2TP Layer 2 tunneling protocol
primarily a ppp. DOES NOT PROVIDE SECURITY EX: IPSEC....AND THE INFORMATION IS NOT ENCRYPTED.
what does RADIUS stands for?
remote Acess dial in user service
reset account lockout
resetting the length you must wait to to attempt your passwords again.
single factor authentication (SFA)
the use of only one authentication method. example input a pin, or a username and password.
to actually use the prescribed Evaluation Assurance Level (EAL) the user must do what on his part?
the user must implement the full spectrum of the set EAL level. if not, then your device or network is below the EAL level.
what does "principle" mean in Kerbros?
the user, client, end user, ect.....
what is 802.1x
this is adding authentication for a switch port. if a rouge user does plug into the network, the ports will not authenticate. the standard for port security for a wireless network
what is MAC filtering and limiting
this is part of port security. you can either let in the listed MAC addresses you have or deny the listed MAC addresses you have onto your network.
Account lockout threshold info
this is the number of incorrect password attempts the user can input before yhe account is locked. the attempt range can range from 0 to 99,999 attempts in Windows. 0 attempts unlimited attempts
Account lockouts duration info
this is the time you must wait until you are able to try to lig baxk into your account. if you set duration time to 0, you will have to go directly to the administrator to unlock the Cpu. if you set it to 1, you mist wait 1 minute to try your authentication again.
what is network bridging?
this is when a device that has 2 network interface cards (NIC) jumps from connection to connection without the host knowing. To prevent this from happening, you can go into you network and internet options and stop this from happening. you can also configure your network to prevent bridging from happening.
what are unused ports?
this is when ports that are not used are unused. when you are in this situation you should disable all the ports that are not in use.
(Kerberos)what are service tickets?
tickets that grants users access to something like a file
what is TOTP?
time based one-time password. idk.
multifactor
using 2 forms of authentication that are both different. example, using a username and password and smart card, or finger print and pin.
what is separation of duties?
when you have a hierarchical of accounts. Example, your have the root user ( has access to everything on the network *recommended that only a few people has these privileges), then the system administrator (SA), then you have a regular user, the restricted users. With this hierarchy, you should have more than one person having the same permissions. the reason is to ensure fraudulent things aren't going on
to stop users from using the same passwords or previous they have used, what do you enable?
you enable password history and set the number to 24. the 24 means that 24 unique passwords must be used before re-entering a previous password.