Identity Management Basics Quiz

Questions and Answers

What is the primary purpose of identity management?

• To analyze social engineering tactics
• To actively administer access privileges to users and resources (correct)
• To manage malware threats within a network
• To monitor physical security measures

Which of the following is NOT part of the IAAA process?

• Authentication
• Accounting
• Authorization
• Application Management (correct)

What is a key factor in ensuring scalable identity management?

• Utilizing social engineering tactics
• Regularly changing authentication factors
• Cracking passwords efficiently
• Federated identities (correct)

What is the function of password managers in identity management?

To securely store and manage user passwords (A)

Which module addresses the concept of personally identifiable information?

Mod 7: Identity Management (D)

What does the concept of 'dirctory services' relate to in identity management?

The management of enterprise-wide user credentials (A)

Which of these is a factor used for authentication?

Usernames (B)

What is the purpose of password policies in identity management?

To set standards for password complexity and management (B)

What does AAA stand for in the context of network device access?

Authentication, Authorization, and Accounting (C)

Which of the following is NOT recommended when implementing remote administration for network devices?

Allowing access from any IP address (A)

What should be disabled on edge devices due to security concerns?

Link Layer Discovery Protocol (LLDP) (A)

What is the primary reason for limiting remote administration access to network devices?

To prevent unauthorized exploitation (D)

Which protocol is similar in configuration and verification to LLDP?

Cisco Discovery Protocol (CDP) (A)

In the context of network management, what should be prioritized when configuring AAA?

Granular access controls (A)

What aspect of network security does limiting physical access relate to?

Preventing physical tampering and breaches (C)

What is a common oversight organizations make regarding telecom closets?

Neglecting physical security measures (B)

What method is suggested to ensure secure physical access to IT resources?

Access cards and a 2-man rule (A)

Which protocol should be limited during remote administration to enhance security?

Simple Network Management Protocol (SNMP) (D)

What can the compromise of a single device lead to in a network?

Disruption of a significant portion of the network (C)

What is one of the primary functions of implementing AAA in network security?

To control and log user access (C)

What should be avoided in administrative access configurations?

Implementing broad user permissions (D)

What method does a brute force attack utilize to crack passwords?

It tests every password possibility within defined parameters. (C)

What is the primary function of rainbow tables in password cracking?

To compare stored hashes against a target system's hash. (A)

What is a key feature of dictionary attacks?

They use a list of predefined words as passwords. (A)

Which statement about rainbow tables is incorrect?

They can be used to generate new passwords. (B)

What accelerates the process of brute force attacks?

Employing GPUs for accelerated processing. (B)

What is the purpose of authentication in information security?

To verify user identity (B)

Which of the following items is considered personally identifiable information?

Social security numbers (D)

What does the term 'something you have' refer to in the context of authentication?

A physical token or device (B)

Which of the following best describes 'something you know' in authentication?

A password or PIN (A)

What is the primary difference between authentication and authorization?

Authentication is about validating user identity, while authorization grants access levels. (A)

Which factor can help strengthen the security of an authentication process?

Implementing a two-factor authentication system (D)

What is meant by 'accountability' in the context of information security?

Tracking user actions and access patterns (A)

Which one of the following is an example of a knowledge factor used in authentication?

Password (B)

What is the primary purpose of AAA in relation to network devices?

To enforce change control processes and log access (B)

Which of the following protocols does 802.1X use for access control?

RADIUS, DIAMETER, and TACACS+ (B)

What is a recommended action to mitigate the security risks associated with SNMP?

Harden devices that have SNMP enabled and create ACLs (A)

At which layer of the OSI model does 802.1X operate?

Data link layer (D)

Why is SNMP considered a potential security hole?

It is often enabled by default on many devices (D)

What does the acronym AAA stand for in network security?

Access, Accounting, Authorization (B)

What action should be taken regarding SNMP on devices that are not being monitored?

Disable SNMP to reduce security risks (C)

Which user has the highest access level according to the provided access levels?

User 1 with access level 15 (A)

Flashcards

Identity Management

Administers subjects, objects, and access privileges to ensure appropriate resource access and system scalability.

IAAA Process

A four-step process for managing identities; often involves creating and managing user accounts.

Personally Identifiable Information (PII)

Specific information used to identify or contact an individual.

Authentication Factors

Methods used to verify a user's identity.

Directory Services

Centralized systems for managing user accounts and access.

Kerberos

A network authentication protocol.

Password Policies

Rules that govern password creation, complexity, and validity.

Service Accounts

Accounts used by programs or applications to access resources.

LLDP

A network protocol for discovering devices on a network, like CDP.

Discovery Protocols

Protocols like CDP and LLDP that help locate and troubleshoot devices on a network.

Edge Devices

Devices at the network's outer edge; usually need disabled discovery protocols.

Physical Security

Protecting physical access to network equipment (like telecom closets).

2-man Rule

A security practice where two people are required to access sensitive locations.

Authentication

The process of verifying the identity of a user or system.

Verification

Confirming the accuracy or truth of something. Used to confirm user identity

Personally Identifiable Information (PII)

Data that can be used to identify a specific person.

Authentication Factors

Things used to prove identity (e.g., password, physical object).

Knowledge Factor

Authentication method relying on something the user knows (like a password).

Accountability

Ensuring that actions are traced and attributed to specific individuals.

Identification

Process of determining who someone is.

Authorization

Granting permissions to perform specific actions.

Dictionary Attack

A password-cracking method that tries predefined wordlists (dictionaries) as possible passwords.

Rainbow Table

A precomputed table of password hashes to speed up password cracking.

Brute Force Attack

A password-cracking method that tries every possible password combination within a given range.

Password Cracking

The process of attempting to gain access to a system by determining valid passwords.

Hash Comparison

Matching a generated hash against a stored hash in a database to verify a user's password.

Limiting remote admin access

Restricting access to network devices via remote administration to reduce vulnerabilities.

AAA for network devices

Using Authentication, Authorization, and Accounting to manage access to network devices.

Exploiting a network device

Taking advantage of a network device to gain unauthorized access or cause harm.

Administrative access

The ability to control and manage network devices and systems.

Current AAA solution

Existing authentication, authorization, and accounting system used for access management.

Remote administration protocols

Specific protocols used to manage network devices over the internet.

Privilege level 1

Limited user access rights.

Network device protection

Protecting network devices from unauthorized access and attacks.

AAA for Network Access

A system that controls access to network devices using authentication, authorization, and accounting.

802.1X

A standard that forces all network access through AAA.

SNMP

A protocol for managing network devices. Can be a security risk.

SNMP Security Risks

SNMP, often enabled by default, exposes network devices to potential attacks (unless hardened).

Harden SNMP Devices

Taking steps to limit SNMP access, especially for devices not actively being managed.

ACLs for SNMP

Access Control Lists that restrict access to SNMP traffic, making it more secure.

Disable SNMP When Unmanaged

Turning off the SNMP protocol on devices that are not actively monitored or managed.

Study Notes

Cybersecurity Foundations Session 4

• Cybersecurity Awareness module (Mod 1)
• Trends in Cybersecurity (Mod 16)
• Legal Considerations (Mod 15)
• Incident Response (Mod 14)
• Physical Security (Mod 13)
• Network Discovery (Mod 2)
• Systems Hardening (Mod 3)
• Security Architecture (Mod 4)
• Data Security (Mod 5)
• Public Key Infrastructure (Mod 6)
• Identity Management (Mod 7)
• Network Hardening (Mod 8)
• Malware (Mod 9)
• Social Engineering (Mod 10)
• Software Security (Mod 11)
• Environment Monitoring (Mod 12)

Identity Management

• Actively administers subjects, objects, and access privileges
• Ensures identities receive appropriate access to resources
• Ensures systems remain scalable in granting access to resources

IAAA Process

• Identification
• Authentication
• Uniqueness
• Verification
• Authorization
• Validation
• Accountability
• Tracking

Personally Identifiable Information (PII)

• Any data used to identify a subject
• Items at risk: Social security number, mother's maiden name, birthdate, billing addresses, email addresses, account numbers, passwords, system information, company/government data

Authentication Factors

• Access control using multiple factors
• Something you know (e.g., password, passphrase, PIN)
• Something you have (e.g., smart card, certificate, token, USB key, virtual cards, TAN)
• Something you are (e.g., biometric devices like fingerprint reader, hand geometry, retina scanner, facial recognition, iris recognition, signature analysis)

Directory Services

• Special databases holding usernames and passwords
• Scalable hierarchy (trees, OUs)
• Rely on common standards (X.500, LDAP)
• Hold different partitions

Kerberos

• Primary authentication service for directories
• Allows users, services, or computers to centrally authenticate
• Involves three components: Authentication Service (AS), Key distribution center (KDC), Ticket-granting server (TGS)

Windows NT LAN Manager (NTLM)

• Protocol for client/server authentication in Windows networks
• Involves a challenge-response system

Password Policies

• Define how secrets are generated
• Parameters include minimum character number, password complexity, maximum password age, password history, and reversible encryption capability
• A strong password is difficult for systems to compute, but easy for humans to remember

Dictionary Attacks

• Use predefined words as passwords to attempt login
• Method for cracking passwords

Rainbow Tables

• Store hashes of possible passwords
• Compare hashes in a table against the hash stored in a system's security database to find matches
• No mathematical operations performed
• Requires the hash of the target system

Brute Force Attacks

• Relies on all possible password combinations
• Defined ranges of parameters for password cracking
• Tests every possibility within the defined parameters
• Often uses GPUs for accelerated cracking

Password Assessment Tools

• Tools for assessing password security
• Examples; Cain and Abel, LOphtcrack, Ophcrack, Crackstation.net, John the Ripper

Password Managers

• Centralized authentication systems
• Improve security by requiring extra login steps
• Allow password resets
• Manage services that can use specific credentials
• Store personal passwords on the local system
• Password consolidation, Security questions, Password reset, Permitted services

Same Sign-on

• Password synchronization between independent systems
• Replicates login credentials from one system to another
• Systems stay independent and share little information
• Not a trust relationship; does not belong to the same directory structure

Group Accounts

• Enable multiple users to authenticate
• Should not be used

Service Accounts

• Local or directory accounts used to run different roles or services
• Presentation as a subject to the system
• Examples; SQL server, Backup solution, Websites

Federated Identities

• A single sign-on method; One account is used for multiple services
• User authenticates to a system, obtains a token, presents the token to a third-party system, the third-party system validates the token, access is granted if the token is valid

Identity as a Service (IDaaS)

• Credentials are stored in the cloud and used for cloud services
• Can be considered single sign-on

Limiting Remote Admin Access

• Exploiting a network device with remote access can impact the network
• Implement AAA for administrative, engineering, and root access
• Limit protocols for remote administration
• Limit locations from where remote administration can be done

AAA: Administrative Access

• Leverage AAA to control access to network devices
• Granular authorization control and log access, commands, and changes
• Enforce change control process

AAA for Accessing Network Devices

• 802.1X forces all access to go through AAA
• Operates at the logical link control sub-layer of OSI layer 2
• RADIUS, DIAMETER, and TACACS+ run to 802.1X

SNMP (Simple Network Management Protocol)

• Enables management of network devices
• Use access control lists (ACLs) to limit SNMP traffic from unwanted sources
• On devices that are being managed and monitored, change default community strings

Network Segmentation

• Dividing a network into smaller subnetworks (VLANs)
• Isolates resources and limits potential impact from one device's compromise to a network
• Use firewalls, routers, DMZ, and subnets

Rules on Routers and Firewalls

• ACLs are primarily lists of permit/allow statements
• By default, ACLs are configured to block everything
• ACL design can be a performance issue; prioritize more utilized rules at beginning of ACL list
• Creating an ACL with no entries will block all traffic

Router and Firewall Management

• Networking: Moves traffic quickly and efficiently
• Security: Limits traffic movement
• Router; Moves traffic
• Firewall; Limits traffic

Discovery Protocols (CDP and LLDP)

• Make it easy to find and track network devices
• Gathering potentially sensitive information
• Should be disabled unless in use

Limiting Physical Access; Internal

• Equipment that can be accessed can be compromised
• Compromising one device can significantly impact the network
• Secure cabling, wireless access points, and SPOF(Single Point of Failure)

Locking Telecom Closets

• Secure physical access, keys, access cards, 2-man rule
• Don't forget change management

Controlling Network Device Ports

• Implement AAA
• Use ACLs to restrict access to devices ports
• Disable auxiliary ports if unused

Limiting Physical Access, External

• Physical security outside facilities is harder to control
• Potential compromises can occur to cabling, AP's, cameras, lighting (natural disasters, accidental tampering)
• Cabling, wireless access points in security plans

Establishing Secure Access

• Disable insecure protocols (Telnet, HTTP, SNMPv1)
• Use/insist on AAA
• Limit locations for management traffic
• Drop all other traffic to device directly
• Log all access

Network Devices

• Firewall, IDS(Intrusion Detection System) / IPS(Intrusion Prevention System), Router/Switch/AP, PC/laptop/tablet, Printer/scanner/copier, Spam/malware filter, Badge/access card printer

Wireless Access Points

• Change default passwords, SSIDs, broadcast of SSID, radio power, radio channels, Wireless administrative access, directional antennas
• Mount APs in secure locations, high up, and hidden
• Secure wire for APs and don't install near RFI inducing devices(microwave ovens, electric motors, other wireless devices)

Changing Default Settings

• Apply default settings changes to all IT equipment
• Bad guys can easily access default configurations
• Admin access, password, SNMP community strings, logging

Fundamental Device Protection Summary

• Secure both physical and logical access
• Authenticate individual users
• Disable device access methods not in use
• Protect SNMP, disabling if not used
• Synchronize clocks
• Implement warning banners, verify device integrity regularly, time out admin access, permit remote admin over secure paths, change default settings

Traffic Filtering Practices

• Deny all traffic explicitly
• Permit only needed traffic
• Drop traffic to network control devices that aren't from trusted networks
• Implement filters as close to the source as possible
• Make filtering the primary responsibility of firewalls
• Defense in depth, defense in diversity, log exceptions

Description

Test your knowledge on the primary concepts of identity management. This quiz covers topics such as IAAA processes and the role of password managers. Assess your understanding of key factors that ensure scalable identity management.