Chapter 4 Access Control, Authentication, Authorization Flashcards Preview

CompTIA Security+ > Chapter 4 Access Control, Authentication, Authorization > Flashcards

Flashcards in Chapter 4 Access Control, Authentication, Authorization Deck (28)
Loading flashcards...
1

What is Access Control?
(131)

the act of allowing only authorized users into a system, and keeping people you don't want in out.

2

Identification vs. Authentication
(131)

Identification is finding out who someone is. Authentication is proving it.

3

5 different forms of authentication
(131)

Something you know: password or PIN
something you have: smart card or token
Something you are: biometrics
Something you do: an action you take to complete authentication
Somewhere you are: geolocation (not so likely anymore)

4

Single-Factor Authentication
(132)

Just one form of authentication. Usually like a username and password.

5

Multifactor Authentication
(133)

Whenever you use more than one method of authentication

6

Layered Security and Defense In Depth
(133)

it essentially just means you should have more than one type of security present.

7

Tokens
(135)

Authenticate the user. Essentially just a sliver of information that tells the computer who you are.

8

Federations
(135)

A collection of networked computers that agree on communication standards
IM programs are an example of this

9

Transitive Access
(136)

When A trusts B and B trusts C, A and C might implicitly trust each other. This is taken care of with transitive trusts.

10

PAP
(139)

Password Authentication Protocol
-Legacy system that sends username and password to an authentication server in plain text.

11

SPAP
(139)

Shiva PAP
-Main difference between this and PAP is that the username and password are encrypted
-It is less secure than CHAP and is susceptible to replay attacks.

12

CHAP (139)

Challenge Handshake Authentication Protocol
-The connecting machine needs to generate a random number (usually a hash) and sends it to the server.
-The server will periodically ask for that number again, which prevents man-in-the-middle attacks.

13

TOTP
(139)

Time-Based One Time Password
-Uses a time-based factor to create unique passwords.
-Google Authenticator is a good example

14

HOTP
(139)

HMAC-Based OTP
-Uses Hash Message Authentication Code to authenticate

15

Password Length and Complexity
(account policy enforcement, page 139)

On Windows, enabling password complexity requires:
-Cannot contain parts of username over 3 consecutive characters
-Must be at least eight characters long
-Must contain an element from 3 of the following
-A-Z
-a-z
-0-9
-!$%

16

Password Expiration
(account policy enforcement, page 140)

90 days is about standard, but Microsoft recommends 42 days. You should enable password history so they can't just use the same password every time.

17

RADIUS
(145)

Remote Authentication Dial-In User Service
-Allows authentication of remote and other network connections. It was originally intended for use with Dial-Up, but it is still being kept state-of-the-art
-If there's only one RADIUS server on a network, if it goes down the whole network will.
More RADIUS servers means more stability

18

TACACS
(146)

A good competitor for RADIUS. Cisco uses it as standard now. Unlike RADIUS, it combines Authentication and Authorization rather than separating them.

19

SAML
(147)

an XML based authentication, generally used by service providers authenticating those who are accessing their information.

20

Kerberos
(148)

Uses a Key Distribution Center (KDC) to authenticate the "principal" (user) and provides them with a ticket
-this ticket provides authentication.
-The weakness is the KDC going down

21

Single Sign-On
(149)

Gives the authenticated user instant access to everything they need. Passwords are generally stored on a server, which poses a significant security risk.

22

Mandatory Access Control (MAC)
(151)

High security and inflexible
Rights and privileges must be defined and, if need be, changed by the admin

23

Discretionary Access Control (DAC)
(151)

A little more flexible
Allows users to share information with each other dynamically.

24

Role-Based Access Control (RBAC)
(152)

Essentially just establishing group policy.

25

Role-Based Access Control
(152)

You use the settings of the preconfigured security policy

26

User Access Review
(154)

Periodically review your employees' permissions to make sure they're not getting too powerful

27

Common Access Card (CAC)
(155)

Cards used by the DOD
-You have your picture, beneath which is a chip and a barcode, and on the back there's a magnetic strip with another barcode

28

Personal Identification Verification Card (PIV)
(156)

Will soon be the standard for all government workers and contractors