AAA Flashcards - Authentication, Authorization
49 Questions
100 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is identification?

The idea of describing an entity uniquely.

What does Authentication (authn) refer to?

Proving you are who you claim to be.

What does Authorization (authz) pertain to?

Describing what the user account has access to or doesn't have access to.

What is Multifactor authentication?

<p>A system where users are authenticated by presenting multiple pieces of information or objects.</p> Signup and view all the answers

Match the types of multifactor authentication with their descriptions:

<p>Something you know = Password Something you have = Token or smartphone Something you are = Biometric verification</p> Signup and view all the answers

What is an OTP (one-time password)?

<p>A password generated for use in one specific session that becomes invalid after the session ends.</p> Signup and view all the answers

What is NTP (Network Time Protocol)?

<p>An Internet protocol for synchronizing computer clock times in a network by exchanging time signals.</p> Signup and view all the answers

What is Biometric authentication?

<p>The process of using unique physiological characteristics to identify individuals.</p> Signup and view all the answers

What is U2F (Universal Second Factor)?

<p>A standard for second-factor authentication that uses public key cryptography.</p> Signup and view all the answers

What is a CRL (Certificate Revocation List)?

<p>A signed list published by the CA that defines certificates that have been explicitly revoked.</p> Signup and view all the answers

What is LDAP (Lightweight Directory Access Protocol)?

<p>An open industry-standard protocol for accessing and maintaining directory services.</p> Signup and view all the answers

What does DN (Distinguished Name) represent?

<p>A long form of an object's name in Active Directory that indicates the object name and its containers.</p> Signup and view all the answers

What operations can a client perform with an LDAP server?

<p>Bind, StartTLS, Search, add/delete/modify, Unbind.</p> Signup and view all the answers

What is RADIUS?

<p>A protocol that provides AAA services for users on a network.</p> Signup and view all the answers

What is Kerberos?

<p>A network authentication protocol that uses tickets for identity verification.</p> Signup and view all the answers

What does the TGS (Ticket-Granting Service) do?

<p>Issues Ticket-Granting Tickets to clients in Kerberos.</p> Signup and view all the answers

What is SSO (Single Sign-On)?

<p>An authentication concept that allows users to authenticate once for multiple services.</p> Signup and view all the answers

How is authentication different from authorization?

<p>Authentication proves an entity's identity; authorization determines access permissions.</p> Signup and view all the answers

In a multi-factor authentication scheme, a password can be thought of as?

<p>Something you know.</p> Signup and view all the answers

What are some drawbacks to using biometrics for authentication?

<p>Privacy concerns and difficulty in changing compromised biometrics.</p> Signup and view all the answers

Why are U2F tokens more secure than OTP generators?

<p>U2F authentication is impossible to phish due to its public key cryptography design.</p> Signup and view all the answers

What elements are inspected when a certificate is verified?

<p>The period of validity and the signature of the signing certificate authority.</p> Signup and view all the answers

What is the role of the Network Access Server in a RADIUS scheme?

<p>The Network Access Server relays authentication messages but does not evaluate them.</p> Signup and view all the answers

What does a Kerberos authentication server issue to a successfully authenticated client?

<p>A Ticket-Granting Ticket (TGT).</p> Signup and view all the answers

What advantages does single sign-on offer?

<p>It reduces the total number of credentials and time spent authenticating.</p> Signup and view all the answers

What does OpenID provide?

<p>Authentication delegation to a third-party authentication service.</p> Signup and view all the answers

What is OAuth?

<p>An open standard allowing users to grant third-party access without sharing credentials.</p> Signup and view all the answers

What does Accounting mean in AAA?

<p>Keeping records of user access to resources and services.</p> Signup and view all the answers

What does TACACS+ do?

<p>It manages who has access to network devices and what they can do.</p> Signup and view all the answers

What role does authorization play?

<p>Determining what resources a user or account can access.</p> Signup and view all the answers

What does auditing relate to in AAA?

<p>Reviewing usage records for anomalies.</p> Signup and view all the answers

Authentication is concerned with determining _______.

<p>identities of individuals.</p> Signup and view all the answers

Security Keys utilize a secure challenge-and-response authentication system, which is based on ______.

<p>public key cryptography.</p> Signup and view all the answers

Which examples represent 'something you have' for multifactor authentication?

<p>RSA SecureID token.</p> Signup and view all the answers

A Lightweight Directory Access Protocol (LDAP) uses a _____ structure to hold directory objects.

<p>tree.</p> Signup and view all the answers

What is used to request access to services in the Kerberos process?

<p>A Ticket Granting Ticket (TGT).</p> Signup and view all the answers

Why was TACACS+ chosen for a military base network?

<p>To manage device administration authentication, authorization, and accounting.</p> Signup and view all the answers

In the three As of security, which part pertains to access permission?

<p>Authorization.</p> Signup and view all the answers

Why should a company use OAuth when utilizing Google Business applications?

<p>To allow apps to temporarily access a user's email without sharing credentials.</p> Signup and view all the answers

Access control entries can be created for what types of file system objects?

<p>Folders, files, and programs.</p> Signup and view all the answers

Authorization is concerned with determining ______ to resources.

<p>access.</p> Signup and view all the answers

Security Keys are more ideal than OTP generators because they're resistant to _______ attacks.

<p>phishing.</p> Signup and view all the answers

What other factor qualifies for multifactor authentication combined with a password?

<p>Fingerprint or PIN.</p> Signup and view all the answers

An organization needs to set up a(n) _____ infrastructure for issuing client certificates.

<p>PKI.</p> Signup and view all the answers

What supports secure operations for modifying directory objects in an LDAP architecture?

<p>Bind and modify operations.</p> Signup and view all the answers

Which examples represent a Single Sign-On (SSO) service?

<p>Kerberos and OpenID.</p> Signup and view all the answers

An Open Authorization (OAuth) access token would have a _____ indicating third-party access.

<p>scope.</p> Signup and view all the answers

What does TACACS+ keep track of?

<p>User authentication and commands executed by users.</p> Signup and view all the answers

Why is a client certificate used in a Certificate Authority (CA) infrastructure?

<p>To authenticate the client with other computers.</p> Signup and view all the answers

Study Notes

Authentication, Authorization, Accounting (AAA)

  • Identification: Unique description of an entity.
  • Authentication (authn): Validating the identity of a user claiming to be someone.
  • Authorization (authz): Specifies what resources a user can access or not.

Multifactored Authentication

  • Definition: Users authenticate using multiple identifiers.
  • Types of authentication:
    • Something you know (e.g., passwords)
    • Something you have (e.g., security tokens)
    • Something you are (e.g., biometrics)

OTP and NTP

  • One-Time Password (OTP): A session-specific password that is invalid after use.
  • Network Time Protocol (NTP): Synchronizes computer clocks within a network using time signals.

Biometric and U2F Authentication

  • Biometric Authentication: Uses physiological traits (like fingerprints) to verify identity.
  • Universal Second Factor (U2F): Developed by Google, Yubico, and NXP Semiconductors, utilizes public key cryptography for secure authentication.

Certificate Management

  • Certificate Revocation List (CRL): A list by a Certificate Authority (CA) of revoked certificates.
  • Lightweight Directory Access Protocol (LDAP): A standard protocol for accessing and maintaining directory services, akin to an electronic phone directory.
  • Distinguished Name (DN): The complete name of an object in Active Directory, indicating its location within the directory structure.

Client Operations in LDAP

  • Common Operations:
    • Bind: Client authentication to the server.
    • StartTLS: Connection upgrade to secure communication.
    • Search: Retrieve records.
    • Add/Delete/Modify: Manage directory data.
    • Unbind: Terminate connection to the LDAP server.

Authentication Protocols

  • RADIUS: Provides AAA services for users on a network.
  • Kerberos: Network authentication protocol using tickets for secure identity verification.
  • TACACS+: Cisco-developed AAA protocol that manages network device access.

SSO and OAuth

  • Single Sign-On (SSO): Users authenticate once for multiple services.
  • Open Authorization (OAuth): Allows third-party applications to access user data without sharing credentials directly.

Accounting and Auditing

  • Accounting: Records user resource access and system interactions.
  • Auditing: Reviews access records for anomalies.

Key Comparisons and Differences

  • Authentication vs. Authorization: Authentication confirms identity while authorization determines access rights.
  • Biometrics Drawbacks: Privacy concerns and difficulty in changing compromised biometric data.
  • U2F vs. OTP: U2F offers better security as it cannot be phished unlike OTPs.

Security Elements

  • Auditing in Accounting: Auditing reviews access and usage records, searching for irregularities.
  • Security Keys: Use public key cryptography for secure challenge-response authentication; resistant to phishing.

Additional Context on Protocol Usage

  • Kerberos TGT: A Ticket-Granting Ticket is issued post-authentication for service access requests.
  • TACACS+ Implementation: Provides device administration authentication, authorization, and accounting.
  • Certificate Validations: Certificate verification involves checking validity period and CA signatures.

Specific Use Cases

  • OAuth for Apps: Ideal for applications needing temporary access to user accounts (e.g., email previews).
  • LDAP Infrastructure: Required for issuing and signing client certificates in secure directory setups.

Directory and Access Control

  • File System Control: Access control entries can be created for folders, files, and programs.
  • Client Tracking in TACACS+: Monitors user actions and commands executed on network devices.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Explore the fundamental concepts of AAA with these flashcards. Learn about identification, authentication, authorization, and multifactor authentication. Perfect for anyone looking to deepen their understanding of security measures.

More Like This

Authentication Methods Quiz
6 questions
Authentication Methods Quiz
4 questions
Authentication Methods Quiz
5 questions
Use Quizgecko on...
Browser
Browser