part 2 lesson 1

The flashcards below were created by user slmckissack on FreezingBlue Flashcards.

  1. is a security model made up of three primary elements: Confidentiality, integrity, and availability.
    The CIA Triad
  2. means that data are only accessible by appropriate, authorized, and trusted users. Unauthorized parties have not compromised confidential data, not have parties not requiring the data had access to it.

    Confidential data and its protections address who should and who should not have access to data according to its sensitivity and the rights, needs, and privileges of each particular user. A breach of confidentiality is a serious network incident.
  3. refers to the assurance that data remain intact and unmodified in transit, storage, or use.

    Integrity provides certainty that no modification or damage occurs to protected data in any stage of information processing. Integrity also assures that data accurately reflects actual events or circumstances, is provided by a credible source, and would be exactly the same should the same events or circumstances reoccur.
  4. provides the assurance that data originates from an identified and trusted person or source and not an imposter.
    Source Integrity
  5. assures that data are available when needed.
    Availability relies on the security measures, methods, and controls that apply to confidentiality and integrity. At its most primary level, availability refers to the proper functioning of the security and computing systems that protect and provide access to data.
  6. NOTE: There can be degrees of availability. The most available systems (high availability) must be accessible at all times, even during system maintenance and in the event of power failures, disasters, and system failures.
  7. is a process that verifies that users are who they say they are.
  8. verifies what an authenticated user has the rights and permissions to do.
  9. NOTE: Authentication must always precede authorization. These two processes work together. For example, when you log in to a computer, your username and password credentials, at minimum, authenticate who you are (under the assumption that you haven't shared this information intentionally or unintentionally with someone else). Once you are authenticated, the access control functions can then check your authorizations before allowing you to proceed with access to the network, applications, data, and other resources.
  10. NOTE: Authentication and authorization are typically parts of an access control system. However, in the security world, these functions, although generally thought of in terms of network or system access, also apply to physical security. Some common examples of authentication and access control in a physical security scheme include photo identity badges, a national passport, biological verification (such as fingerprint or retinal scan), and any combination of these examples.
  11. NOTE: Although it's virtually impossible to identify a computer user absolutely, using multiple checks in the verification and authentication process makes it more difficult for an unauthorized user to spoof a verifiable identity. However, and it pains me to say this, it is possible to make it too difficult for even unauthorized users, who may begin looking for ways to skirt the security measures if they're too burdensome. In creating a secure authentication process, you must determine which identity tests are appropriate and how many are sufficient.
  12. Authentication systems available.
    AAA systems
  13. What does AAA systems stand for?
    Authentication, authorization, and accounting
  14. What areĀ 8 of the most common AAA systems available?
    • -RADIUS
    • -IEEE 802.1x
    • -Internal database
    • -LDAP
    • -PAM
    • -SQL authentication
    • -System Database
  15. Is a server that authenticates, authorizes, and provides accounting of remote users. Internet Service Providers (ISPs) primarily use this, but networks that need to provide a centralized authentication point or usage accounting for their workstations, local or remote, can also use it. It supports a wide variety of authentication schemes. When a user enters his or her authentication data (login credentials), the server then authenticates this data from one of the other authentication methods.
    RADIUS (Remote Authentication Dial-In User Service)
  16. defines a port-based access control and authentication service for users (and nodes) connecting to a network. This standard also defines Extensible Authentication Protocol over LAN (EAPoL).
    IEEE 802.1x
  17. which supports transmission of encapsulated and encrypted data.
    Extensible Authentication Protocol over LAN
  18. Login names and passwords stored in an encrypted RADIUS database.
    Internal database
  19. is a client/server network authentication protocol that allows network nodes to identify themselves securely to other network nodes, providing mutual authentication.
  20. uses encrypted "tickets" as identity badges for continuous authentication.
  21. A client of this identifies itself to this type of server, which then authorizes the client on a request-by-request basis, providing access control to data.
    LDAP (Lightweight Directory Access Protocol)
  22. are an integration of low-level authentication schemes combined into an application programming interface (API) that permits applications to apply authentication beyond the authentication methods in use by the system.
    PAM (Pluggable Authentication Modules)
  23. Login names and passwords stored in an SQL database.
    SQL authentication
  24. Login names (usernames) and passwords stored in a file on the server.
    System database
  25. allows remote systems to communicate with an authentication server on UNIX networks.
    • (Terminal Access Controller Access-Control System)
  26. NOTE: XTACACS is an update to TACACS. TACACS+ and RADIUS are now more commonly used that TACACS and XTACACS. Where RADIUS combines authentication and authorization, TACACS+ separates these processes.
  27. What are the seven authentication methods commonly in use?
    • -Password authentication
    • -Public-key authentication
    • -Zero-knowledge proof
    • -Digital signature
    • -Secure sockets layer (SSL)
    • -IPSec (IP security)
    • -Secure Shell (SSH)
  28. NOTE: Usernames and their passwords are the most common form of authentication. In many cases, passwords are stored as plain text, which undermines their security. However, it's more common lately to encrypt password files and databases. Password authentication is a simple process that doesn't require complicated procedures or hardware since it primarily involves looking up the username and comparing the stored password with the one that the user entered.
  29. this process involves an exchanged of messages between a client and a server. The server verifies that the client has used a public key to generate its identity values, and then the server uses its private key to authenticate the client.
    Public-Key Authentication
  30. This authentication method can be interactive or noninteractive. An interactive method involves the exchange of as many as 10 messages between a client and a server, with the client attempting to convince the server that it's able to provide proof to the solution of a random problem. A noninteractive method requires only a single message between the client and the server using a one-way hashing function.
    Zero-knowledge proof
  31. a one-way hash total of a document or item.
  32. is comprised of a digest signed with an encrypted private key. A client is able to authenticate the source (server) of an item by decrypting it using the server's public key and comparing the digest it calculates from the received item. A server is able to authenticate the source of a client document in the same way.
    Digital Signature
  33. is a protocol that allows clients and servers to authenticate each other. After establishing a connection with a server, a client sends a hello message to the server that it wants to communicate with. The server responds with a hello message that also instructs the client on the protocol in use, the encryption method, a session identifier, and the compression method in use, if any. The server then provides its digital signature (certificate) and requests one from the client. Once both have authenticated, data transfer may begin.
    Secure Sockets Layer (SSL)
  34. invokes the Authentication Header (AH) protocol that provides both communication integrity and authentication of the source of an IP datagram. AH adds an authentication header to each IP datagram. This header contains data that allows both the source and destination hosts to authenticate each other. The authentication header contains a 32-bit security parameters index (SPI)
    IPSec (IP Security)
  35. Is a random value that combines with the destination IP address to identify the security association (SA) with the destination host.
    Security Parameters Index (SPI)
  36. is created through the Internet Security Association and Key Management Protocol (ISKAMP) to allow network nodes to engage in secure communications. Includes the encryption algorithm and an encryption key, among other information about the secure connection.
    Security Association (SA)
  37. is a secure remote login protocol that preforms host authentication on the transport layer.
    Secure Shell (SSH)
  38. What are the three factor levels common to authentication methods?
    • -Ownership factors
    • -Knowledge factors
    • -Inherence factors
  39. uses a single knowledge factor, typically a password (along with a username or email address).
    Single-factor authentication (SFA)
  40. requires two pieces of identification, such as a bank card and a PIN (an ownership factor and a knowledge factor.
    Two-factor Authentication (TFA)
  41. requires at least one of each level of authentication factors.
    Multifactor authentication (MFA)
  42. These are physical objects that a requestor has, such as an ID card or a security token.
    Ownership factors
  43. These are things that a requestor knows, such as a password, PIN, or challenge response.
    Knowledge factors
  44. These are things that only the requestor can inherently have or do, such as fingerprint, signature, or vice.
    Inherence factors
  45. NOTE: Authorization is the objective of authentication. After a requester achieves authentication, he or she gains authority to general or specific access to the protected resources. Resist the temptation to think only in terms of network and software when considering authentication and authorization. It applies to physical security as well.
  46. validates that the person entering the information is in fact the owner of the credentials. You identify yourself by your title, group, job, or a specific characteristic. For example, you can identify yourself through a smart card, ID badge, fingerprint, or the fact that you're wearing a red shirt. Authentication then takes in the fact that you have specific and unique information associated with certain identification.
  47. NOTE: Many login systems only ask for authentication information and then verify this information to allow access. However, as we discussed earlier, a simple authentication procedure may only ask for a username and a password, which anyone could enter, realistically. Identification takes the process one step further.
  48. is a category of devices and methods that uniquely identify people based on one or more of their physiological or behavioral characteristics.

    In the context of network or physical security, biometrics is typically a part of authentication and access control.
  49. NOTE: Physiological traits relate to the contours of a person's body, including fingerprints, facial recognition, palm print, iris and retinal recognition, and even scent. Behavioral characteristics measure unique performances of a person, such as typing rhythm, walking gait, or speech. Biometric identification is a more reliable way to identify a person uniquely over token-or knowledge-based identification methods.
  50. are small, portable devices used to identify the person presenting the token to a security system.
    Security Tokens

    For the most part, tokens combine with other authentication methods to verify the identity of someone attempting to gain access to a system or network.
  51. NOTE: Some security tokens carry a system hashes the time and a random seed number, and then displays the result. The authentication system receives the token value and performs the same algorithm to permit or deny access. Other security tokens connect to a computer directly. These include USB devices, smart card devices, and devices that communicate through Bluetooth or RF signals. The latter group includes applications (apps) on cellphones, smartphones, and tablet computers.
  52. is a plastic card that's roughly the size of a credit card. It has an embedded microprocessor system with a small amount of volatile (dynamic) memory.
    Smart card, which is also known as a Chip Card or an Integrated Circuit Card (ICC)

    Smart cards can be a part of access control as a front-end security token, and they can record back-end audit (exit) information. The smart card itself provides only a verifiable token; access control is the responsibility of the security system.
  53. What are the two types of smart cards?
    • -Contact
    • -Noncontact
  54. Must be inserted or swiped or on a physical card reader that communicates with the host.
    contact smart card
  55. communicates through the air using Bluetooth or RF signals.
    Noncontact smart card (AKA proximity card)
  56. is a dual-purpose type of smart card developed by the U.S. Department of Defense. It serves as both a physical identification card and a smart card.
    Common Access Card (also called a Personal Identification Verification card (PIV)).
  57. How are authentication, authorization, and identification different?
    Authentication verifies a user with the data provided by the user. Authorization, which occurs after authentication, determines what resources the user can access. Identification takes authentication one step further to identify a user uniquely.
  58. A user enters a username and password to a standard login function. What process is taking place?
    A. Digital Signature
    B. Single-Factor Authentication
    C. Two-factor authentication
    D. Multifactor Authentication
    B. Single-factor Authentication
    (this multiple choice question has been scrambled)
  59. Which of the elements in the CIA triad provides that the data are only accessible by appropriate, authorized, and trusted users.
    A. Authentication
    B. Confidentiality
    C. Integrity
    D. Availabilty
    D. Confidentiality
    (this multiple choice question has been scrambled)
  60. What is the category of devices that uniquely identify people through their physiological or behavior traits?
    A. Biometrics
    B. Personal Identification Verification (PIV) card.
    C. Security Tokens
    D. Smart Cards
    A. Biometrics
    (this multiple choice question has been scrambled)
  61. What is the correct order of access control processes?
    A. Authentication, Identification, Authorization
    B. Authentication, authorization, identification
    C. Authorization, authentication, identification
    D. Identification, authorization, authentication
    A. Authentication, Identification, Authorization
    (this multiple choice question has been scrambled)
  62. What is the client/server authentication protocol that provides mutual authentication capabilities?
    A. SSL
    B. Kerberos
    C. SSH
    D. IPSec
    B. Kerberos
    (this multiple choice question has been scrambled)
Card Set:
part 2 lesson 1
2015-02-09 17:53:54
part lesson
part 2 lesson 1
part 2 lesson 1
Show Answers: