Security + Chapter 1

The flashcards below were created by user northendtrooper on FreezingBlue Flashcards.

  1. Confidentiality
    ensures that data is only viewable by authorized users. Access controls and encryption protect the confidentiality of data.
  2. Integrity
    provides assurances that data has not been modified, tampered with, or corrupted through unauthorized orunintended changes. Data can be a message, a file, or data within a database. Hashing is one method of ensuring that integrityhas not been lost.
  3. Availability
    ensures that data and services are available when needed. A common goal is to remove single points offailure (SPOF). Methods used to increase or maintain availability include fault tolerance, backups, virtualization, HVAC systems,and generators.
  4. Implicit deny
    indicates that unless something is explicitly allowed, it is denied. Firewalls often use implicit deny byexplicitly allowing some traffic and then implicitly denying all other traffic that is not identified. Anything not explicitly allowed isimplicitly denied.
  5. Risk
    is the possibility of a threat exploiting a vulnerability resulting in a loss.
  6. A threat
    is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.
  7. A vulnerability
    is a weakness. It can be a weakness in the hardware, software, the configuration, or users operatingthe system.
  8. Risk mitigation
    reduces risk by reducing the chances that a threat will exploit a vulnerability.
  9. Identification
    occurs when a user professes or claims an identity, such as with a username.
  10. Authentication
    occurs when an entity provides proof of an identity (such as a password) and the proof is verified by a second entity.
  11. Authorization
    provides access to resources based on a proven identity.
  12. Three factors of authentication:
    • • Something you know (such as a username and password)
    • • Something you have (such as a smart card, CAC, PIV, or a token)
    • • Something you are (using biometrics)
  13. Complexity (or key space) is calculated as
    C^N (CN)where C is thenumber of possible characters used and N is the length of the password.
  14. Self-service password systems
    automate password recovery.
  15. Account lockout policies
    lock out an account after an incorrect password is entered too many times.
  16. Common access cards (CACs) and personal identity verification (PIV) cards
    can be used as photo IDs and as smartcards.
  17. Tokens (or key fobs) display numbers in an LCD synchronized with a server. These numbers provide
    rolling one-time usepasswords.
  18. Biometric methods are the most difficult to falsify. Physical methods. Behavioral.
    • fingerprints and iris scans.
    • voice recognition and signature geometry.
  19. Kerberos
    is a network authentication protocol using tickets issued by a KDC. If a ticket-granting ticket expires, the usermay not be able to access resources. Kerberos is used in Microsoft Active Directory domains and in UNIX realms.
  20. Lightweight Directory Access Protocol (LDAP)
    specifies formats and methods to query directories. It provides a singlepoint of management for objects, such as users and computers, in an Active Directory domain.
  21. Single sign-on (SSO)
    allows users to authenticate with a single user account and access multiple resources on a networkwithout authenticating again. SSO can be used to provide central authentication with a federated database and use thisauthentication in an environment with different operating systems (nonhomogeneous environment).
  22. Remote access authentication (RAS)
    is used when a user accesses a private network from a remote location, suchas with a dial-up connection or a VPN connection.
  23. PAP. Password Authentication Protocol.
    Passwords are sent in clear text so PAP is rarely used today.
  24. CHAP. Challenge Handshake Authentication Protocol.
    CHAP uses a handshake process where the server challenges theclient. The client then responds with appropriate authentication information.
  25. MS-CHAP. Microsoft’s implementation of CHAP
    used only by Microsoft clients.
  26. RADIUS. Remote Authentication Dial-In User Service.
    Radius provides a centralized method of authentication for multiple remote access services servers. RADIUS encrypts the password packets, but not the entire authentication process.
  27. Terminal Access Controller Access-Control System (TACACS)
    is a remote authentication protocol that was commonly used in UNIX networks.
  28. Extended TACACS (XTACACS)
    is an improvement over TACACS developed by Cisco Systems and is proprietary to Cisco systems. Neither of these are commonly used today with most organizations using either RADIUS or TACACS+.
  29. Terminal Access Controller Access-Control System+ (TACACS)
    is an alternative to RADIUS and is proprietary to Cisco systems. A benefit of TACACS+ is that it can interact with Kerberos allowing it to work with a broader rangeof environments including Microsoft. Additionally, TACACS+ encrypts the entire authentication process (RADIUS encrypts only the password).
  30. MS-CHAPv2
    is the ability to perform mutual authentication. Notonly does the client authenticate to the server, but the server also authenticates to the client.
  31. Remember this
    MS-CHAPv2 is used to authenticate Microsoft clients and includes mutual authentication. TACACS+ is used byCisco for authentication and can use Kerberos, allowing it to interact with a Microsoft environment. TACACS+uses TCP, encrypts the entire authentication process, and uses multiple challenges and responses. RADIUS usesUDP and encrypts just the password.
  32. AAA Protocols
    AAA protocols provide authentication, authorization, and accounting. Authentication verifies a user’sidentification. Authorization determines if a user should have access. Accounting tracks user access with logs.
Card Set:
Security + Chapter 1
2013-12-13 05:50:26
Security Chapter
Security + Chapter 1
Show Answers: