Shared Flashcard Set

Details

01-Network Defense Chapter 11
01-Network Defense Chapter 11
41
Computer Science
Undergraduate 3
04/16/2018

Additional Computer Science Flashcards

 


 

Cards

Term
Basic Authentication Credentials Include..
Definition
Where you are
What you have
What you are
What you know
What you do
Term
What is the most common form of authentication?
Definition
Password
Term
Are passwords a strong form of authentication?
Definition
No, they are not.
Term
What are some weaknesses of passwords?
Definition
Humans have trouble memorizing good passwords, especially when you need multiple passwords and your passwords are temporary.
Term
Common Attacks Passwords include the following.....
Definition
Social Engineering, Capturing, Resetting, Offline Attacks
Term
Offline Attack
Definition
Attacker steals files of password digests and compare with their own digests they have created.
Term
Types of Offline Attacks
Definition
Brute Force
Mask
Rule
Dictionary
Rainbow table
Password Collections
Term
Masks
Definition
Offline Attack methodology that applies rules to the password being brute forced, in order to more effectively discover passwords.
Term
NTLM (New Technology LAN Manager) Hash Attack
Definition
An attacker can steal the digest of an NTLM password and simply pretend to be the user and send that hash to the remote system to be authenticated.
Term
Dictionary Attack
Definition
Attacker creates digests of common dictionary words and compares against stolen digest file.
Term
Pre-Image Attack
Definition
Dictionary attack that uses a set of dictionary words and compares it to stolen digest.
Term
Birthday Attack
Definition
the search for any two digests that are the same
Term
Rule Attack
Definition
Conducts a statistical analysis on the stolen passwords that is used to create a mask to break the largest number of passwords
Term
Rainbow Table Attack
Definition
Creates a large pregenerated data set of candidate digests.
Term
Rainbow Table Advantages
Definition
Can be used repeatedly

Faster than dictionary attacks

Less memory needed on an attacking machine
Term
Password Collections
Definition
A collection of real passwords that can be used to work on other attacks.
Term
How to secure Passwords
Definition
Properly manage them as a user and protect the digest as the enterprise.
Term
Password Manager
Definition
Password generators, online vaults and password management applications.
Term
Methods to protect password digests
Definition
Use Salts, Key Stretching
Term
What are Salts
Definition
Adds a random string that is used in hash algorithms in order to protect password digests
Term
What is Key Stretching
Definition
Using a hashing algorithm that is designed to be slow in order to protect password digests.
Term
Examples of Key Stretching Algorithms
Definition
brypt and PBKDF2
Term
Multifactor Authentication
Definition
When a user is required to provide multiple forms of authentication.
Term
Tokens
Definition
Used to create one time passwords, which is an authentication code that can be used only once for a limited period of time.
Term
Hardware Security Token
Definition
Token stored on a small device with a window display.
Term
Software Security Token
Definition
Token stored on a general-purpose device like a laptop computer or smartphone
Term
HMAC One Time Password
Definition
HOTP

User only gets one chance at one time to enter their password.
Term
Smart Card
Definition
Contains integrated circuit chip that holds information can can either be a contact or contactless card.
Term
Common Access Card (CAC)
Definition
Issued by the DOD, Bar code, magnetic strip, and bearer’s picture.
Term
What common mobile device is starting to replace Smart Cards?
Definition
Smart Phones
Term
Biometrics
Definition
A person's unique physical characteristics.
Term
Dynamic Fingerprint Scanner
Definition
Uses a small slit or opening in which you slide your finger in
Term
Static Fingerprint Scanner
Definition
Takes a picture of your fingerprint and compares it to an image of your fingerprint.
Term
Biometric Disadvantages
Definition
Cost of hardware, amount of error, etc.
Term
Cognitive Biometrics
Definition
Relates to perception, thought process, and understanding of the user.
Term
Example of Cognitive Biometrics
Definition
-Picture Password (Select 10 points of interest on a picture)

-Requires user to identify specific faces

-Requires user to select one of many memorable events
Term
Behavioral Biometrics
Definition
Authenticates by normal actions the user performs.
Term
Single Sign On
Definition
Promise to reduce the burden of usernames and passwords by using one single account.
Term
Managing user Accounts
Definition
Setting Password Rules
Term
Microsoft User Account Management
Definition
Password Policy Settings
Account Lockout Policy
Term
Transitive Trust
Definition
When a new domain is created, it shares resources with its parent domain by default.

Can enable an authenticated user to access resources in both the child and the parent.
Supporting users have an ad free experience!