Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
36 Cards in this Set
- Front
- Back
What is:
Identification |
Finding out who someone is
|
|
What is:
Authentication |
A mechanism of verifying identification
|
|
What are the:
Five factors of authentication: |
Something you know (i.e. a password or pin)
Something you have (i.e. a smart card, token, or identification device) Something you are (i.e. biometrics) Something you do (such as an action you must take to complete authentication) Somewhere you are (geolocation) |
|
What is:
Single–Factor Authentication (SFA) |
Only one type of authentication is checked
|
|
What is:
Multi–Factor Authentication |
When two or more access methods are included as part of the authentication process. (Access methods should not be from the same categories, i.e. don’t use a PIN and password as these are both “something you know”)
|
|
What is a:
Federation |
A collection of computer networks that agree on standards of operation, such as security.
|
|
What is the:
Password Authentication Protocol (PAP) |
An old system that is no longer used. Sends username and password in plaintext
|
|
What is the:
Shiva Password Authentication Protocol (SPAP) |
Replaced PAP. Encrypts username and password
|
|
What is the:
Challenge Handshake Authentication Protocol (CHAP) |
as designed to stop man–in–the–middle attacks. During the initial authentication, the connecting machine is asked to generate a random number (usually a hash) and send it to the server. Periodically the server will challenge the client machine, demanding to see that number again.
|
|
What is a:
Time–Based One–Time Password (TOTP) |
A unique password that is created by an algorithm that uses a time–based factor.
|
|
What is a:
HMAC–Based One–Time Password (HOTP) |
A password that is created using a Hash Message Authentication Code (HMAC) algorithm
|
|
What is a:
Terminal Access Controller Access–Control System (TACACS) |
A client/server–oriented environment that operates in a manner similar to RADIUS
|
|
What is a:
Extended Terminal Access Controller Access–Control System (XTACACS) |
A client/server–oriented environment that operates in a manner similar to RADIUS, it replaced TACACS and combined authentication and authorization with logging to enable auditing
|
|
What is a:
Extended Terminal Access Controller Access–Control System+ (TACACS+) |
The most current method of TACACS. Allows credentials to be accepted from multiple methods, including Kerberos.
|
|
What is the:
Security Assertion Markup Language (SAML) |
An open standard based on XML that is used for authentication and authorization data
|
|
What is:
Kerberos |
An authentication protocol. Allows for single sign–on to a distributed network
|
|
What is a:
Key Distribution Center (KDC) |
Authenticates the principal (user, system, or program) and provides it with a ticket. The ticket can be used to authenticate against other principals
|
|
What is a:
Ticket Granting Ticket (TGT) |
Lists the privileges that a user has. Is encrypted and has a time limit of up to 10 hours
|
|
What is:
Single Sign–On (SSO) |
Gives users access to all application and systems they need when they log in instead of requiring a login for each application or system
|
|
What are the:
Four Primary methods of access control |
MAC – Mandatory Access Control – All Access is predefined
DAC – Discretionary Access Control – Incorporates some flexibility RBAC – Role–Based Access Control – Allows the user’s role to dictate access capabilities RBAC – Rule–Based Access Control – Uses preconfigured policies |
|
What is:
Least Privilege |
A given user (or system) is given the minimum privileges necessary to accomplish his or her job.
|
|
What are:
Access Control Lists (ACLs) |
Enable devices in your network to ignore requested from specified users or systems, or to grant them access to certain network capabilities
|
|
What is:
Implicit Deny |
If the request in question has not been explicitly granted, then access is denied
|
|
What are the:
Three areas of port security |
MAC Limiting and Filtering – Limit access to the network to MAC address that are known, and filter out those that are not
802.1X – Port–based security for wireless network access control. Offers a means of authentication Unused Ports – All unused ports should be disabled |
|
What is a:
Trusted Operating System (TOS) |
Any operating system that meets the government’s requirements for security.
|
|
What are the:
Evaluation Assurance Levels (EALs) |
A comprehensive set of evaluation criteria (for operating systems) that is broken down into 7 levels. The levels are EAL 1 (least secure) to EAL 7 (most secure).
|
|
What is:
Mutual Authentication |
When two or more parties authenticate each other.
|
|
What is a:
Federated Identity |
A means of linking a user's identity with their privileges in a manner that can be used across business boundaries (i.e. Google checkout).
|
|
What is:
Transitive access |
One party (A) trusts another party (B). If the second party (B) trusts another party (C), then a relationship can exist where the first party (A) also may trust the third party (C).
|
|
What is a:
Remote Authentication Dial–In User Service (RADIUS) |
A mechanism that allows authentication of remote and other network connections.
|
|
What is a:
Common Access Card (CAC) |
A card that is issued by the DoD as a general identification/authentication card for military personnel, contractors, and non–DoD employees
|
|
What is a:
Personal Identity Verification Card (PIVC) |
A card that is issued to all U.S. government employees and contractors and will be required to can access (physical and logical) to government resources.
|
|
What is a
Token |
Similar to certificates, they are used to identify and authenticate the user. They contain the rights and access privileges of the token bearer as part of the token.
|
|
What is a
Flood Guard |
A protection feature built into many firewalls that allows the administrator to tweak the tolerance for unanswered login attacks. Reducing this tolerance makes it possible to lessen the likelihood of a successful DoS attack.
|
|
What is
Loop Prevention |
Works in layer 2 switching configurations and is intended to prevent broadcast loops.
|
|
What is
Network Bridging |
When a device has more than one NIC and the opportunity presents itself for a user on one of the networks to jump to the other network.
|