Computer Security - Exam II

The flashcards below were created by user mjweston on FreezingBlue Flashcards.

  1. something the individual knows
    something the individual possesses
    something the individual is (static biometrics)
    something the individual does (dynamic biometrics)
    four general means of authenticating a user's identity
  2. salt value
    the value related to the time at which a password is assigned to the user - when combined with the password serves as the input to a hashing algorithm to produce a fixed-length hash code - prevents duplicate passwords from being visible, increases the difficulty of offline dictionary atacks
  3. offline dictionary attack
    specific account attack
    popular password attack
    password guessing against single user
    workstation hijacking
    exploiting user mistakes
    exploiting multiple password use
    electronic monitoring
    8 main forms of attack against password-based authentication
  4. shadow password file
    file kept separate from the user ID's containing hashed passwords, and is only accessible by a privileged user
  5. user education
    computer-generated passwords
    reactive password checking
    proactive password checking
    four basic techniques to use in eliminating guessable passwords
  6. reactive password checking
    strategy in which the system periodically runs its own password cracker to find guessable passwords - can be labor intensive
  7. proactive password checker
    stragegy in which the user is allowed to select his or her own password however, at the time of selection, the system checks to see if the password is allowable and, if not, rejects it
  8. rule enforcement
    password checker
    bloom filter
    approaches to proactive password checking
  9. bloom filter
    a technique for developing an effective and efficient proactive password checker that is based on rejecting words on a list
  10. static
    dynamic password generator
    three categories of authentication protocols used with smart tokens
  11. static
    category of token-based authentication protocol in which the user authenticates himself to the token and then the token authenticates the user to the computer
  12. dynamic password generator
    category of token-based authentication protocol in which the token generates a unique password periodically (ex:every minute) which is then entered into the computer system for authentication - computer knows the password that is current for the particular token
  13. challenge-response
    category of token-based authentication protocol in which the computer system generates a challenge, such as a random string of numbers, and the smart token generates a response based on the challenge
  14. password-based authentication
    token-based authentication
    biometric authentication
    remote user authentication
    four types of authentication
  15. biometric authentication
    authentication based on an individual's unique physical characteristics
  16. facial characteristics
    hand geometry
    retinal pattern
    types of physical characteristics that can be used for authentication
  17. remote user authentication
    authentication which takes place over the internet, a network, or a communications link
  18. client attacks
    host attacks
    trojan horse
    denial of service
    user authentication attacks
  19. replay attacks
    attacks that involve an adversary repeating a previously captured user response
  20. trojan horse attack
    an attack where an application or physical device masquerades as an authentic application or device for the purpose of capturing a user password
  21. denial-of-service attack
    an attack which attempts to disable user authentication service by flooding the service with numerous authentication attempts
  22. host attacks
    attacks that are directed at the user file at the host where passwords, token passcodes, or biometric templates are stored
  23. client attacks
    attacks in which an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path - the adversary attempts to masquerade as a legitimate user
  24. cardholder
    an individual to whom a debit card is issued
  25. issuer
    an institution (bank or credit union) that issues debit cards to cardholders - is also responsible for the cardholder's account and authorizes all transactions
  26. processor
    an organization that provides services such as core data processing (PIN recognition and account updating), electronic funds transfer (EFT), and so on to issuers
Card Set:
Computer Security - Exam II
2013-10-18 03:12:41
03 Computer Security

User Authentication
Show Answers: