Security+ (get certified, get ahead) - chapter 1

Ace your homework & exams now with Quizwiz!

Remote Authentication Dial-In User Service (RADIUS)

A centralized authentication service. Authentication requests are forwarded to a central server. It use the UDP protocol which uses best effort delivery mechanism, and it only encrypts the password

Kerberos

A network authentication mechanism used within Windows Active Directory domains and some UNIX realm. It uses a database of objects such as Active Directory and a KDC to issue time stamped tickets that expire after a certain period. It requires internal time synchronization and uses port 88.

Single Sign-on

Enhances security by requiring the users to use and remember only one set of credentials for authentication. Once signed on, this one set of credentials is used throughout a user's entire session. It can provide cental authentication against a federated database for different operating systems.

Availability

Ensures systems are up and operationalwhen needed and uses fault tolerance and redundancy methods like, RAID, clustering, backups, etc, to address single points of failure

Confidentiality

Prevents unauthorized disclosure and is enforced with access controls and encryption. Authentication, access control methods, physical security and permissions help to enforce confidentiality

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP & MS-CHAPv2

Microsoft's improvement to CHAP for Microsoft clients.. MS-CHAPv2 can perform mutual authentication. The client authenticates to the server and the server authenticates to the client.

Risk

The liklihood that a threat will exploit a vulnerability. Mitigation reduces the chances that a threat will exploit a vulnerability by implementing controls

Identity Proofing

The process of verifying that people are who they claim to be prior to issuing them credentials for a system.

IEEE 802.1X

A port based authentication protocol that provides authentication when a user connects to a specific access point, or in this context, a logical port. Its primary purpose is to secure the authentication process prior to a client actually gaining access to a network.

Mutual Authentication

Accomplished when both entities in a session authenticate with each other prior to exchanging data. This provides assurances of the server's identity before the client transmits data.

Password Authentication Protocol (PAP)

Authentication method used with RAS that send the password in clear text. Rarely used today. normally used with dial up connections.

Challenge Handshake Authentication Protocol (CHAP)

Authentication method used with RAS that uses a handshake process where the server challenges the client. The client then responds with appropriate authentication information. The client hashes the information before sending it back to the server

Defense in Depth

Employs multiple layers to make it harder for attacks to exploit a system or network

Remote Access Services (RAS)

Provide access to an internal network from an outside source.

Integrity

Provides assurances that data has not been modified and is enforced with hashing (MD5, HMAC or SHA1) Loss can occur through unauthorized or unintended changes

Non-repudiation

Provides proof of a person's identity. It is used to prevent entities from denying they took an action. examples would be; a digital signature or audit logs. An audit log provides non-repudiation since its entries in lude who, what, where and when

Authentication

Provides proof that users are who they claim to be by presenting something like a user name and password. Identification - user claims an identity Authentication - user proves the identity Authorization - access granted based on proven identity

LDAP

Specifies formats and methods to query dirctories, like Active Directory. It uses port 389 for unencrypted transmission and 636 when encrypted with eithe SSL or TLS.

Implicit Deny

Unless something is explicitly allowed, it is denied

Strong Password

Use a mix of character types with a minimum password length such as 8 or 10 characters. The key space of a pasword is calculated as C^N, where C indicates the number of possible characters and N indicates the password length

TACACS+

Used by Cisco for authentication and can use Kerberos, allowing it to interact with a Microsoft environment. It uses TCP, encrypts the entire authentication process and uses multiple challenges and responses.


Related study sets

Ch. 42 Gastrointestinal Disorders

View Set

CCNA 1 v7.0 Final Exam Answers Full - Introduction to Networks Answers

View Set

ATI TEAS VII Online Practice A - Mathematics

View Set

Chapter 15: Humidity and Aerosol Therapy

View Set

CHAPTER 40 Drug Therapy for Diarrhea

View Set

AP Biology Unit 3 Cellular Energetics

View Set

Essentials of Pediatric Nursing CH 12

View Set

Intermediate Financial Accounting 2

View Set

Psych 303 Final Umich Rabinowitz

View Set