Chapter 4 - 02 - Discuss Identity and Access Management (IAM) - 03_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EC-Gouncil
Tags
Related
- Chapter 4 - 02 - Discuss Identity and Access Management (IAM) PDF
- Chapter 4 - 02 - Discuss Identity and Access Management (IAM) - 03_ocred.pdf
- Biometric Authentication PDF
- Biometric Authentication Types PDF
- Cybersecurity Foundations Session 4 PDF
- Chapter 4: Authentication, Authorization, Accounting (AAA) and Identity Management PDF
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization Types of Authentication: Password Authentication O Password Authentication uses a combination of a username and a password to authenticate the network users Username: Username PassWord: sxswsssnas | Canc...
Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization Types of Authentication: Password Authentication O Password Authentication uses a combination of a username and a password to authenticate the network users Username: Username PassWord: sxswsssnas | Cancel O The password is checked against a database and the user is given access if it matches O Password authentication can be vulnerable to password cracking attacks | P— such as brute force or dictionary attacks — Copyright © by L Al Rights Reserved. Reproduction is Strictly Prohibited Types of Authentication: Password Authentication In password authentication, users are required to provide usernames and the passwords to prove their identity to a system, application, or a network. These are then matched against a list of authorized users in the database/Windows AD. Once matched, the users can access the system. The user password should follow standard password creation practices, including a mixture of alphabets, numbers, and special characters and having a length greater than 8 characters (since small passwords are easy to guess). Password authentication is vulnerable to brute force attacks or dictionary attacks, e.g., a person trying possible combinations of characters to guess the password or capture packets using a “packet sniffer” while sending data across the network as plain text. Module 04 Page 474 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Identification, Authentication, and Authorization Exam 212-82 Types of Authentication: Two-factor Two-factox Authentication. Two-factor authentication involves using two different authentication factors out of three (something you know, something your have, and something you are) to verify the identity of an individual in order to enhance the security in authentication systems , ENTER VERIFICATION CODE Combinations of two-factor authentication: password and smart card/token, password and biometrics, password and one-time password (OTP), smart card/token and biometrics, \ 2943 5§ etc. “Something you are” is the best companion of two-factor authentication as it is considered as the hardest to forge or spoof Copyright©© by Copyright by ECEC-CounciL L All Rights Reserved. Reserved. Reproduction Reproduction is Strictly Strictly Prohibited. Prohibited Types of Authentication: Two-factor Authentication Two-factor authentication is a process in which a system confirms user identity in two steps. The user could use a physical entity such as a security token as one of the credentials, and the other credential can include security codes. These security codes can be sent to the end user in the following ways. = Email: The security code is sent via an email message to the registered email account. = SMS: The security code is sent as a short message registered mobile number. =* Telephone/mobile phone: The security code is sent via a voice call to the registered telephone or mobile number. = Push notification: An authenticator app on a mobile or PC receives the security code. service (SMS) message to the Two-factor authentication depends on three factors: = Something you have =* Something you know = Something Something you are The factor “Something you are” is the best companion considered as the hardest to forge or spoof. of two-factor authentication as it is Example: A bank card — A user is required to swipe the bank card and enter a PIN while accessing the bank card. Here, the bank card is the physical entity and the PIN is the security code. Module 04 Page 475 Certified Cybersecurity Technician Copyright © by EC-Council EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization The advantage of the two-factor authentication includes decreasing the chances of identity theft and phishing. However, there are certain drawbacks of this two-step process. There are situations where the user will have to wait for the organization to issue the physical token to the user. The delay in receiving the token results in the users waiting for a long time to access their private data. Identity evaluation depends on knowledge, possession, and inherent factors. Out of these, inherent factors are difficult to change as they depend on the characteristics of a human being. There are many combinations available in the two-factor authentication commonly found combinations are: * Password and smart card = Password and biometrics » Password and one-time password (OTP) = Smart card and biometrics Two-factor authentications performed without using tokens authentication. They can be implemented quickly across the network. Module 04 Page 476 are process. The most called tokenless Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Identification, Authentication, and Authorization Exam 212-82 Two-factor Authentication Techniques: Tokens Hardware Tokens OQO Physical devices such as a key fob or USB dongle having an in-built token; used as an authentication factor for accessing any type of restricted resources Q valid only for a short period of approximately 30 seconds Software Tokens O A software-based security token incudes a single-use login PIN or dynamically generated token ~0 ol