Podcast
Questions and Answers
What is the primary purpose of identity management?
Which of the following is NOT part of the IAAA process?
What is a key factor in ensuring scalable identity management?
What is the function of password managers in identity management?
Signup and view all the answers
Which module addresses the concept of personally identifiable information?
Signup and view all the answers
What does the concept of 'dirctory services' relate to in identity management?
Signup and view all the answers
Which of these is a factor used for authentication?
Signup and view all the answers
What is the purpose of password policies in identity management?
Signup and view all the answers
What does AAA stand for in the context of network device access?
Signup and view all the answers
Which of the following is NOT recommended when implementing remote administration for network devices?
Signup and view all the answers
What should be disabled on edge devices due to security concerns?
Signup and view all the answers
What is the primary reason for limiting remote administration access to network devices?
Signup and view all the answers
Which protocol is similar in configuration and verification to LLDP?
Signup and view all the answers
In the context of network management, what should be prioritized when configuring AAA?
Signup and view all the answers
What aspect of network security does limiting physical access relate to?
Signup and view all the answers
What is a common oversight organizations make regarding telecom closets?
Signup and view all the answers
What method is suggested to ensure secure physical access to IT resources?
Signup and view all the answers
Which protocol should be limited during remote administration to enhance security?
Signup and view all the answers
What can the compromise of a single device lead to in a network?
Signup and view all the answers
What is one of the primary functions of implementing AAA in network security?
Signup and view all the answers
What should be avoided in administrative access configurations?
Signup and view all the answers
What method does a brute force attack utilize to crack passwords?
Signup and view all the answers
What is the primary function of rainbow tables in password cracking?
Signup and view all the answers
What is a key feature of dictionary attacks?
Signup and view all the answers
Which statement about rainbow tables is incorrect?
Signup and view all the answers
What accelerates the process of brute force attacks?
Signup and view all the answers
What is the purpose of authentication in information security?
Signup and view all the answers
Which of the following items is considered personally identifiable information?
Signup and view all the answers
What does the term 'something you have' refer to in the context of authentication?
Signup and view all the answers
Which of the following best describes 'something you know' in authentication?
Signup and view all the answers
What is the primary difference between authentication and authorization?
Signup and view all the answers
Which factor can help strengthen the security of an authentication process?
Signup and view all the answers
What is meant by 'accountability' in the context of information security?
Signup and view all the answers
Which one of the following is an example of a knowledge factor used in authentication?
Signup and view all the answers
What is the primary purpose of AAA in relation to network devices?
Signup and view all the answers
Which of the following protocols does 802.1X use for access control?
Signup and view all the answers
What is a recommended action to mitigate the security risks associated with SNMP?
Signup and view all the answers
At which layer of the OSI model does 802.1X operate?
Signup and view all the answers
Why is SNMP considered a potential security hole?
Signup and view all the answers
What does the acronym AAA stand for in network security?
Signup and view all the answers
What action should be taken regarding SNMP on devices that are not being monitored?
Signup and view all the answers
Which user has the highest access level according to the provided access levels?
Signup and view all the answers
Study Notes
Cybersecurity Foundations Session 4
- Cybersecurity Awareness module (Mod 1)
- Trends in Cybersecurity (Mod 16)
- Legal Considerations (Mod 15)
- Incident Response (Mod 14)
- Physical Security (Mod 13)
- Network Discovery (Mod 2)
- Systems Hardening (Mod 3)
- Security Architecture (Mod 4)
- Data Security (Mod 5)
- Public Key Infrastructure (Mod 6)
- Identity Management (Mod 7)
- Network Hardening (Mod 8)
- Malware (Mod 9)
- Social Engineering (Mod 10)
- Software Security (Mod 11)
- Environment Monitoring (Mod 12)
Identity Management
- Actively administers subjects, objects, and access privileges
- Ensures identities receive appropriate access to resources
- Ensures systems remain scalable in granting access to resources
IAAA Process
- Identification
- Authentication
- Uniqueness
- Verification
- Authorization
- Validation
- Accountability
- Tracking
Personally Identifiable Information (PII)
- Any data used to identify a subject
- Items at risk: Social security number, mother's maiden name, birthdate, billing addresses, email addresses, account numbers, passwords, system information, company/government data
Authentication Factors
- Access control using multiple factors
- Something you know (e.g., password, passphrase, PIN)
- Something you have (e.g., smart card, certificate, token, USB key, virtual cards, TAN)
- Something you are (e.g., biometric devices like fingerprint reader, hand geometry, retina scanner, facial recognition, iris recognition, signature analysis)
Directory Services
- Special databases holding usernames and passwords
- Scalable hierarchy (trees, OUs)
- Rely on common standards (X.500, LDAP)
- Hold different partitions
Kerberos
- Primary authentication service for directories
- Allows users, services, or computers to centrally authenticate
- Involves three components: Authentication Service (AS), Key distribution center (KDC), Ticket-granting server (TGS)
Windows NT LAN Manager (NTLM)
- Protocol for client/server authentication in Windows networks
- Involves a challenge-response system
Password Policies
- Define how secrets are generated
- Parameters include minimum character number, password complexity, maximum password age, password history, and reversible encryption capability
- A strong password is difficult for systems to compute, but easy for humans to remember
Dictionary Attacks
- Use predefined words as passwords to attempt login
- Method for cracking passwords
Rainbow Tables
- Store hashes of possible passwords
- Compare hashes in a table against the hash stored in a system's security database to find matches
- No mathematical operations performed
- Requires the hash of the target system
Brute Force Attacks
- Relies on all possible password combinations
- Defined ranges of parameters for password cracking
- Tests every possibility within the defined parameters
- Often uses GPUs for accelerated cracking
Password Assessment Tools
- Tools for assessing password security
- Examples; Cain and Abel, LOphtcrack, Ophcrack, Crackstation.net, John the Ripper
Password Managers
- Centralized authentication systems
- Improve security by requiring extra login steps
- Allow password resets
- Manage services that can use specific credentials
- Store personal passwords on the local system
- Password consolidation, Security questions, Password reset, Permitted services
Same Sign-on
- Password synchronization between independent systems
- Replicates login credentials from one system to another
- Systems stay independent and share little information
- Not a trust relationship; does not belong to the same directory structure
Group Accounts
- Enable multiple users to authenticate
- Should not be used
Service Accounts
- Local or directory accounts used to run different roles or services
- Presentation as a subject to the system
- Examples; SQL server, Backup solution, Websites
Federated Identities
- A single sign-on method; One account is used for multiple services
- User authenticates to a system, obtains a token, presents the token to a third-party system, the third-party system validates the token, access is granted if the token is valid
Identity as a Service (IDaaS)
- Credentials are stored in the cloud and used for cloud services
- Can be considered single sign-on
Limiting Remote Admin Access
- Exploiting a network device with remote access can impact the network
- Implement AAA for administrative, engineering, and root access
- Limit protocols for remote administration
- Limit locations from where remote administration can be done
AAA: Administrative Access
- Leverage AAA to control access to network devices
- Granular authorization control and log access, commands, and changes
- Enforce change control process
AAA for Accessing Network Devices
- 802.1X forces all access to go through AAA
- Operates at the logical link control sub-layer of OSI layer 2
- RADIUS, DIAMETER, and TACACS+ run to 802.1X
SNMP (Simple Network Management Protocol)
- Enables management of network devices
- Use access control lists (ACLs) to limit SNMP traffic from unwanted sources
- On devices that are being managed and monitored, change default community strings
Network Segmentation
- Dividing a network into smaller subnetworks (VLANs)
- Isolates resources and limits potential impact from one device's compromise to a network
- Use firewalls, routers, DMZ, and subnets
Rules on Routers and Firewalls
- ACLs are primarily lists of permit/allow statements
- By default, ACLs are configured to block everything
- ACL design can be a performance issue; prioritize more utilized rules at beginning of ACL list
- Creating an ACL with no entries will block all traffic
Router and Firewall Management
- Networking: Moves traffic quickly and efficiently
- Security: Limits traffic movement
- Router; Moves traffic
- Firewall; Limits traffic
Discovery Protocols (CDP and LLDP)
- Make it easy to find and track network devices
- Gathering potentially sensitive information
- Should be disabled unless in use
Limiting Physical Access; Internal
- Equipment that can be accessed can be compromised
- Compromising one device can significantly impact the network
- Secure cabling, wireless access points, and SPOF(Single Point of Failure)
Locking Telecom Closets
- Secure physical access, keys, access cards, 2-man rule
- Don't forget change management
Controlling Network Device Ports
- Implement AAA
- Use ACLs to restrict access to devices ports
- Disable auxiliary ports if unused
Limiting Physical Access, External
- Physical security outside facilities is harder to control
- Potential compromises can occur to cabling, AP's, cameras, lighting (natural disasters, accidental tampering)
- Cabling, wireless access points in security plans
Establishing Secure Access
- Disable insecure protocols (Telnet, HTTP, SNMPv1)
- Use/insist on AAA
- Limit locations for management traffic
- Drop all other traffic to device directly
- Log all access
Network Devices
- Firewall, IDS(Intrusion Detection System) / IPS(Intrusion Prevention System), Router/Switch/AP, PC/laptop/tablet, Printer/scanner/copier, Spam/malware filter, Badge/access card printer
Wireless Access Points
- Change default passwords, SSIDs, broadcast of SSID, radio power, radio channels, Wireless administrative access, directional antennas
- Mount APs in secure locations, high up, and hidden
- Secure wire for APs and don't install near RFI inducing devices(microwave ovens, electric motors, other wireless devices)
Changing Default Settings
- Apply default settings changes to all IT equipment
- Bad guys can easily access default configurations
- Admin access, password, SNMP community strings, logging
Fundamental Device Protection Summary
- Secure both physical and logical access
- Authenticate individual users
- Disable device access methods not in use
- Protect SNMP, disabling if not used
- Synchronize clocks
- Implement warning banners, verify device integrity regularly, time out admin access, permit remote admin over secure paths, change default settings
Traffic Filtering Practices
- Deny all traffic explicitly
- Permit only needed traffic
- Drop traffic to network control devices that aren't from trusted networks
- Implement filters as close to the source as possible
- Make filtering the primary responsibility of firewalls
- Defense in depth, defense in diversity, log exceptions
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Test your knowledge on the primary concepts of identity management. This quiz covers topics such as IAAA processes and the role of password managers. Assess your understanding of key factors that ensure scalable identity management.