• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/17

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

17 Cards in this Set

  • Front
  • Back
What is Legacy single sign-on (SSO) systems and what is its limitation?
Legacy single sign-on (SSO) systems do just that: users sign into the SSO application, which stores every user's login ID and password to every supported application. Users launch various applications through the SSO client software, which opens the appropriate client program, and sends keystrokes to that program simulating the user typing his/her own login ID and password.

Because they require the installation of client software, legacy SSO systems are only appropriate for use by insiders.

Legacy SSO systems have had limited success in large production environments for a number of reasons:

Deployment and integration costs are very high.
There are serious concerns about security because the SSO system stores every user's password to every system.
There are also concerns about availability- if the SSO system fails, entire user populations will be unable to log into their systems
list of featrues for account management systems
A central facility for managing user access to multiple systems at once
A workflow system where users can submit requests for new, changed or terminated systems access, and these requests are automatically routed to the appropriate people for approvals. Approved requests trigger creation of accounts and allocation of other resources.
Automatic replication of data, and in particular, of user records, between multiple systems and directories
A facility for loading batch changes to user directories
Automatic creation, change or removal of access to system resources based on policies, and triggered by changes to information elsewhere (for example, in an HR system or corporate directory)
True or false
Once a web access management system is in place, a directory can be developed
flase
Ture or false:
For security reasons, users should never be able to identify their own login ID
fasle
Single Sign-On (SSO)
An authentication system that permits the user to enter a single id and password to access multiple systems.
Kerberos
This is a security system that was created at MIT in the 1980s. It enables secure multiple system access to a client/server computing environment. Kerberos was the three-headed dog, Cerberus, who guarded the gates of Hades in ancient Greek mythology.
SESAME
Secure European System for Application in a Multi-Vendor Environment is a European research and development project that resulted in technology of the same name. This is a Single Sign-On technology that provides role based distributed access.
It offers single sign-on with added distributed access controls using symmetric and asymmetric cryptographic techniques for protection of interchanged data.
Security Domains
Establish an area of trust for specified users. The domain shares a single management and security policy. The domain establishes the access control parameters in which its programs operate and defines a set of objects its trusted users can access.
advantage of single sign-on (5)
Efficient log-on process
Users may create stronger passwords
No need for multiple passwords
Timeout and attempt thresholds enforced across entire platform
Centralized administration
disadvantage of SSO (2)
A compromised password allows an intruder into all authorized resources
Inclusion of unique platforms may be challenging
Kerberos meets which 4 basic requirements for access control?
Security - Network eavesdropper should not be able to obtain the needed information to impersonate a user
Reliability - Available for users when needed
Transparency - User is not aware of authentication process
Scalability - Must support a small or large number of clients and servers
The Kerberos key distribution center (KDC) server serves two functions:
An authentication server (AS), which authenticates a principal (any entity that interacts with the Kerberos server, such as a user workstation, an application, or a service) via a pre-exchanged secret key
A ticket-granting server (TGS), which provides a means to securely authenticate a trusted relationship between two principals
what is a principle in Kerberos key distribution center ( KDC)
A "principal" is any entity that interacts with the Kerberos server, such as a user workstation, an application, or a service. A principal must be pre-registered with a unique secret key exchanged in advance between the principal and the Kerberos server. The KDC maintains a database of the secret keys of all the principals on the network.
T or F
Kerberos is based on symmetrical encryption
True
What factor needs to be considered during the implementation of Kerberos authentication?
Enforcing limited lifetimes for authentication credentials minimizes the threat of replayed credentials. (These should be based on time stamps.)
The KDC must be physically secured. (It may be a single point of failure.)
The KDC should be hardened and should not allow any non-Kerberos network activity.
The Kerberos authentication server is a single point of failure. A redundant authentication server should be provided.
Kerberos is a static password ( one-factor) authentication system and it is vulnerable to brute force attacks.
true
what is Unix Kerberos defaults key length?
what about windows 200/XP kerberos
Unix Kerberos defaults to using 56 bit DES for Kerberos keys - very vulnerable to brute force
Windows 2000/XP Kerberos defaults to 128 bit RC4-HMAC - harder to attack by brute force