Security+ Chapter 1 "Remember This"
Remember This 10
Complex passwords use a mix of character types. Strong passwords use a mix of character types and have a minimum password length of eight characters.
Remember This 1
Confidentiality ensures that data is only viewable by authorized users. The best way to protect the confidentiality of data is by encrypting it. This includes any type of data, such as PII, data in databases, and data on mobile devices. Access controls help protect confidentiality by restricting access. Steganography helps provide confidentiality by hiding data, such as hiding text files within an image file.
Remember This 3
Digital signatures can verify the integrity of emails and files. Digital signatures require certificates and also provide authentication and non-repudiation.
Remember This 13
Smart cards are often used with dual-factor authentication where users have something (the smart card) and know something (such as a password or PIN). Smart cards include embedded certificates used with digital signatures and encryption. CACs and PIVs are specialized smart cards that include photo identification. They are used to gain access into secure locations and to log on to computer systems.
Remember This 20
SAML is an XML-based standard used to exchange authentication and authorization information between different parties. SAML provides SSO for web-based applications.
Remember This 12
You can combine password history with a minimum password age to prevent users from reusing the same passwords. A password history of 24 remembers the last 24 passwords.
Remember This 4
Availability ensures that systems are up and operational when needed and often addresses single points of failure. You can increase availability by adding fault tolerance and redundancies, such as RAID, failover clusters, backups, and generators. HVAC systems also increase availability.
Remember This 11
Before resetting passwords for users, it's important to verify the user's identity. When resetting passwords manually, it's best to create a temporary password that expires upon first use.
Remember This 5
Beyond confidentiality, integrity, and availability, safety is another common goal of security. For example, adding fencing and lighting around an organization's property provides safety for personnel and other assets. Similarly, adding stronger locks and door access systems increases safety. Exit doors with electronic locks typically fail in an open position so that personnel can exit safely.
Remember This 2
Integrity verifies that data has not been modified. Loss of integrity can occur through unauthorized or unintended changes. Hashing algorithms, such as MD5, HMAC, or SHA-1, calculate hashes to verify integrity. A hash is simply a number created by applying the algorithm to a file or message at different times. By comparing the hashes, you can verify integrity has been maintained.
Remember This 14
HOTP and TOTP are both open source standards used to create one-time use passwords. HOTP creates a one-time use password that does not expire. TOTP creates a one-time password that expires after 30 seconds.
Remember This 8
Identification occurs when a user claims an identity such as with a username or email address. Authentication occurs when the user proves the claimed identity (such as with a password) and the credentials are verified. Access control systems authorize access to resources based on permissions granted to the proven identity.
Remember This 17
Kerberos is a network authentication protocol within a Microsoft Windows Active Directory domain or a Unix realm. It uses a database of objects such as Active Directory and a KDC (or TGT server) to issue timestamped tickets that expire after a certain time period.
Remember This 18
LDAP is based on an earlier version of X.500. Windows Active Directory domains and Unix realms use LDAP to identify objects in query strings with codes such as CN=Users and DC=GetCertifiedGetAhead. Secure LDAP encrypts transmissions with SSL or TLS.
Remember This 6
Layered security, or defense in depth, combines multiple layers of security, such as a firewall, an IDS, content filtering, and antivirus software.
Remember This 21
PAP authentication uses a password or a PIN. A significant weakness is that PAP sends the information across a network in cleartext, making it susceptible to sniffing attacks. CHAP is more secure than PAP because passwords are not sent over the network in cleartext. Both PAP and CHAP use PPP.
Remember This 22
RADIUS provides centralized authentication. Diameter is an improvement over RADIUS, and it supports many additional capabilities, including securing transmissions with EAP.
Remember This 7
Risk is the likelihood that a threat will exploit a vulnerability. Risk mitigation reduces the chances that a threat will exploit a vulnerability, or reduces the impact of the risk, by implementing security controls.
Remember This 19
Single sign-on enhances security by requiring users to use and remember only one set of credentials for authentication. Once signed on using SSO, this one set of credentials is used throughout a user's entire session. SSO can provide central authentication against a federated database for different operating systems.
Remember This 9
The first factor of authentication (something you know, such as a password or PIN) is the weakest factor. Passwords should be strong, changed regularly, never shared with another person, and stored in a safe if written down. Technical methods (such as a technical password policy) ensure that users regularly change their passwords and don't reuse the same passwords.
Remember This 15
The third factor of authentication (something you are, defined with biometrics) is the strongest individual method of authentication because it is the most difficult for an attacker to falsify. Biometric methods include fingerprints, retina scans, and palm scanners.
Remember This 16
Two or more methods in the same factor of authentication (such as a PIN and a password) is single-factor authentication. Dual-factor (or two-factor) authentication uses two different factors such as a USB token and a PIN. Multifactor authentication uses two or more factors.