IT Security: Defense against the digital dark arts
What does a Kerberos authentication server issue to a client that successfully authenticates?
A ticket granting ticket (TGT). Once authenticated, a Kerberos client receives a ticket-granting ticket from the authentication server. This TGT can then be presented to the ticket-granting service in order to be granted access to a resource.
LDAP - Lightweight Directory Access Protocol
An open industry standard protocol for accessing and maintaining directory services.
What does OpenID provide?
Authentication Delegation (Relying Party). OpenID allows authentication to be delegated to a third-party authentication service.
How is authentication different from authorization?
Authentication is verifying an identity, you are who you say you are and authorization is verifying access to what you have access to. Authentication is proving that an entity is who they claim to be, while authorization is determining whether or not that entity is permitted to access resources
What are some drawbacks to using biometrics for authentication? Check all that apply.
Biometric authentication is difficult or impossible to change if compromised. There are potential privacy concerns. If a biometric characteristic, like your fingerprints, is compromised, your option for changing your "password" is to use a different finger. This makes "password" changes limited. Other biometrics, like iris scans, can't be changed if compromised. If biometric authentication material isn't handled securely, then identifying information about the individual can leak or be stolen.
Question 10 True or false: Clients authenticate directly against the RADIUS server.
False. Clients don't actually interact directly with the RADIUS server; the authentication is relayed via the Network Access Server.
True or false: The Network Access Server handles the actual authentication in a RADIUS scheme.
False. The Network Access Server only relays the authentication messages between the RADIUS server and the client; it doesn't make an authentication evaluation itself..
What are some characteristics of a strong password? Check all that apply,
Includes numbers and special characters. Is at least 8 characters long.
What elements of a certificate are inspected when a certificate is verified? Check all that apply
Not valid before date Not valid after date Trust of the signatory CA. To verify a certificate, the period of validity must be checked, along with the signature of the signing certificate authority, to ensure that it's a trusted one.
What are the names of similar entities that a Directory server organizes entities into?
Organizational Units. Directory servers have organizational units, or OUs, that are used to group similar entities.
What advantages does single sign-on offer?
Reduces the number of credentials and time spent authenticating. Reduces the total number of credentials. SSO allows one set of credentials to be used to access various services across sites. This reduces the total number of credentials that might be otherwise needed. SSO authentication also issues an authentication token after a user authenticates using username and password. This token then automatically authenticates the user until the token expires. So, users don't need to reauthenticate multiple times throughout a work day.
In what way are U2F tokens more secure than OTP generators?
Resistant to Pfishing attacks. With one-time-password generators, the one-time password along with the username and password can be stolen through phishing. On the flip side, U2F authentication is impossible to phish, given the public key cryptography design of the authentication protocol.
In a multi-factor authentication scheme, a password can be thought of as:
something you know. Since a password is something you memorize, it's something you know when talking about multi-factor authentication schemes.
What is a CRL?
"Certificate Revocation List." It's a list published by a CA, which contains certificates issued by the CA that are explicitly revoked, or made invalid.