Podcast
Questions and Answers
What is identification?
What is identification?
The idea of describing an entity uniquely.
What does Authentication (authn) refer to?
What does Authentication (authn) refer to?
Proving you are who you claim to be.
What does Authorization (authz) pertain to?
What does Authorization (authz) pertain to?
Describing what the user account has access to or doesn't have access to.
What is Multifactor authentication?
What is Multifactor authentication?
Signup and view all the answers
Match the types of multifactor authentication with their descriptions:
Match the types of multifactor authentication with their descriptions:
Signup and view all the answers
What is an OTP (one-time password)?
What is an OTP (one-time password)?
Signup and view all the answers
What is NTP (Network Time Protocol)?
What is NTP (Network Time Protocol)?
Signup and view all the answers
What is Biometric authentication?
What is Biometric authentication?
Signup and view all the answers
What is U2F (Universal Second Factor)?
What is U2F (Universal Second Factor)?
Signup and view all the answers
What is a CRL (Certificate Revocation List)?
What is a CRL (Certificate Revocation List)?
Signup and view all the answers
What is LDAP (Lightweight Directory Access Protocol)?
What is LDAP (Lightweight Directory Access Protocol)?
Signup and view all the answers
What does DN (Distinguished Name) represent?
What does DN (Distinguished Name) represent?
Signup and view all the answers
What operations can a client perform with an LDAP server?
What operations can a client perform with an LDAP server?
Signup and view all the answers
What is RADIUS?
What is RADIUS?
Signup and view all the answers
What is Kerberos?
What is Kerberos?
Signup and view all the answers
What does the TGS (Ticket-Granting Service) do?
What does the TGS (Ticket-Granting Service) do?
Signup and view all the answers
What is SSO (Single Sign-On)?
What is SSO (Single Sign-On)?
Signup and view all the answers
How is authentication different from authorization?
How is authentication different from authorization?
Signup and view all the answers
In a multi-factor authentication scheme, a password can be thought of as?
In a multi-factor authentication scheme, a password can be thought of as?
Signup and view all the answers
What are some drawbacks to using biometrics for authentication?
What are some drawbacks to using biometrics for authentication?
Signup and view all the answers
Why are U2F tokens more secure than OTP generators?
Why are U2F tokens more secure than OTP generators?
Signup and view all the answers
What elements are inspected when a certificate is verified?
What elements are inspected when a certificate is verified?
Signup and view all the answers
What is the role of the Network Access Server in a RADIUS scheme?
What is the role of the Network Access Server in a RADIUS scheme?
Signup and view all the answers
What does a Kerberos authentication server issue to a successfully authenticated client?
What does a Kerberos authentication server issue to a successfully authenticated client?
Signup and view all the answers
What advantages does single sign-on offer?
What advantages does single sign-on offer?
Signup and view all the answers
What does OpenID provide?
What does OpenID provide?
Signup and view all the answers
What is OAuth?
What is OAuth?
Signup and view all the answers
What does Accounting mean in AAA?
What does Accounting mean in AAA?
Signup and view all the answers
What does TACACS+ do?
What does TACACS+ do?
Signup and view all the answers
What role does authorization play?
What role does authorization play?
Signup and view all the answers
What does auditing relate to in AAA?
What does auditing relate to in AAA?
Signup and view all the answers
Authentication is concerned with determining _______.
Authentication is concerned with determining _______.
Signup and view all the answers
Security Keys utilize a secure challenge-and-response authentication system, which is based on ______.
Security Keys utilize a secure challenge-and-response authentication system, which is based on ______.
Signup and view all the answers
Which examples represent 'something you have' for multifactor authentication?
Which examples represent 'something you have' for multifactor authentication?
Signup and view all the answers
A Lightweight Directory Access Protocol (LDAP) uses a _____ structure to hold directory objects.
A Lightweight Directory Access Protocol (LDAP) uses a _____ structure to hold directory objects.
Signup and view all the answers
What is used to request access to services in the Kerberos process?
What is used to request access to services in the Kerberos process?
Signup and view all the answers
Why was TACACS+ chosen for a military base network?
Why was TACACS+ chosen for a military base network?
Signup and view all the answers
In the three As of security, which part pertains to access permission?
In the three As of security, which part pertains to access permission?
Signup and view all the answers
Why should a company use OAuth when utilizing Google Business applications?
Why should a company use OAuth when utilizing Google Business applications?
Signup and view all the answers
Access control entries can be created for what types of file system objects?
Access control entries can be created for what types of file system objects?
Signup and view all the answers
Authorization is concerned with determining ______ to resources.
Authorization is concerned with determining ______ to resources.
Signup and view all the answers
Security Keys are more ideal than OTP generators because they're resistant to _______ attacks.
Security Keys are more ideal than OTP generators because they're resistant to _______ attacks.
Signup and view all the answers
What other factor qualifies for multifactor authentication combined with a password?
What other factor qualifies for multifactor authentication combined with a password?
Signup and view all the answers
An organization needs to set up a(n) _____ infrastructure for issuing client certificates.
An organization needs to set up a(n) _____ infrastructure for issuing client certificates.
Signup and view all the answers
What supports secure operations for modifying directory objects in an LDAP architecture?
What supports secure operations for modifying directory objects in an LDAP architecture?
Signup and view all the answers
Which examples represent a Single Sign-On (SSO) service?
Which examples represent a Single Sign-On (SSO) service?
Signup and view all the answers
An Open Authorization (OAuth) access token would have a _____ indicating third-party access.
An Open Authorization (OAuth) access token would have a _____ indicating third-party access.
Signup and view all the answers
What does TACACS+ keep track of?
What does TACACS+ keep track of?
Signup and view all the answers
Why is a client certificate used in a Certificate Authority (CA) infrastructure?
Why is a client certificate used in a Certificate Authority (CA) infrastructure?
Signup and view all the answers
Study Notes
Authentication, Authorization, Accounting (AAA)
- Identification: Unique description of an entity.
- Authentication (authn): Validating the identity of a user claiming to be someone.
- Authorization (authz): Specifies what resources a user can access or not.
Multifactored Authentication
- Definition: Users authenticate using multiple identifiers.
-
Types of authentication:
- Something you know (e.g., passwords)
- Something you have (e.g., security tokens)
- Something you are (e.g., biometrics)
OTP and NTP
- One-Time Password (OTP): A session-specific password that is invalid after use.
- Network Time Protocol (NTP): Synchronizes computer clocks within a network using time signals.
Biometric and U2F Authentication
- Biometric Authentication: Uses physiological traits (like fingerprints) to verify identity.
- Universal Second Factor (U2F): Developed by Google, Yubico, and NXP Semiconductors, utilizes public key cryptography for secure authentication.
Certificate Management
- Certificate Revocation List (CRL): A list by a Certificate Authority (CA) of revoked certificates.
- Lightweight Directory Access Protocol (LDAP): A standard protocol for accessing and maintaining directory services, akin to an electronic phone directory.
- Distinguished Name (DN): The complete name of an object in Active Directory, indicating its location within the directory structure.
Client Operations in LDAP
-
Common Operations:
- Bind: Client authentication to the server.
- StartTLS: Connection upgrade to secure communication.
- Search: Retrieve records.
- Add/Delete/Modify: Manage directory data.
- Unbind: Terminate connection to the LDAP server.
Authentication Protocols
- RADIUS: Provides AAA services for users on a network.
- Kerberos: Network authentication protocol using tickets for secure identity verification.
- TACACS+: Cisco-developed AAA protocol that manages network device access.
SSO and OAuth
- Single Sign-On (SSO): Users authenticate once for multiple services.
- Open Authorization (OAuth): Allows third-party applications to access user data without sharing credentials directly.
Accounting and Auditing
- Accounting: Records user resource access and system interactions.
- Auditing: Reviews access records for anomalies.
Key Comparisons and Differences
- Authentication vs. Authorization: Authentication confirms identity while authorization determines access rights.
- Biometrics Drawbacks: Privacy concerns and difficulty in changing compromised biometric data.
- U2F vs. OTP: U2F offers better security as it cannot be phished unlike OTPs.
Security Elements
- Auditing in Accounting: Auditing reviews access and usage records, searching for irregularities.
- Security Keys: Use public key cryptography for secure challenge-response authentication; resistant to phishing.
Additional Context on Protocol Usage
- Kerberos TGT: A Ticket-Granting Ticket is issued post-authentication for service access requests.
- TACACS+ Implementation: Provides device administration authentication, authorization, and accounting.
- Certificate Validations: Certificate verification involves checking validity period and CA signatures.
Specific Use Cases
- OAuth for Apps: Ideal for applications needing temporary access to user accounts (e.g., email previews).
- LDAP Infrastructure: Required for issuing and signing client certificates in secure directory setups.
Directory and Access Control
- File System Control: Access control entries can be created for folders, files, and programs.
- Client Tracking in TACACS+: Monitors user actions and commands executed on network devices.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Explore the fundamental concepts of AAA with these flashcards. Learn about identification, authentication, authorization, and multifactor authentication. Perfect for anyone looking to deepen their understanding of security measures.