Term
| LDAP (Lightweight Directory Access Protocol) |
|
Definition
-X.500 standard
-specification written by the ITU
-like phone directory
-lists services in a structured database
-has objects for organization, organizational unit, or common name |
|
|
Term
|
Definition
-standard method of authenticating in Windows
-mutual authentication between the client and the server
use of extensive cryptography
-granting ticket is provided from the client
-service then provides the service ticket used for access to services |
|
|
Term
| Terminal Access Controller Access-Control System (TACACS+) |
|
Definition
-remote authentication protocol
-been around for a very long time
-Originally the dial-up lines that connected people to ARPANET
-Cisco made an open standard
-capabilities to connect into this Cisco infrastructure |
|
|
Term
| CHAP Challenge Handshake Authentication Protocol |
|
Definition
-Authentication protocol
-uses encrypted challenge to be able to send credentials across the network
-Three way handshake
-client and server initially connect
-server sends challenge
-client combines password with challenge and sends hash to server |
|
|
Term
| PAP - Password Authentication Protocol |
|
Definition
-used on legacy systems
-basic authentication method
-communicates in the clear
-for dial-up lines |
|
|
Term
|
Definition
-Authentication protocol
-uses encrypted challenge to be able to send credentials across the network
-Used with Microsoft’s Point-to-Point Tunneling Protocol, or PPTP |
|
|
Term
| Remote Authentication Dial-in User Service (RADIUS) |
|
Definition
-can be used on anyone’s network
-centralize the authentication for many different kinds of systems
-used for logging in to routers, or switches, or firewalls, or authenticating to VPN connections, or logging into the network using 802.1X |
|
|
Term
| Security Assertion Markup Language (SAML) |
|
Definition
-XML-based open standard and the product of the OASIS Security Services Technical Committee
-Used by SaaS vendors: Salesforce, Google and Microsoft
-Secures user logins and enables IT to roll out application access faster and securely
-3rd party vendors such as onelogin |
|
|
Term
|
Definition
-A simple identity layer on top of the OAuth 2.0 protocol
-allows clients to verify the identity of the End-User based on the authentication performed by an Authorization Server
-obtains basic profile information about the End-User in an interoperable and REST-like manner
-allows clients of all types, including Web-based, mobile, and JavaScript clients |
|
|
Term
|
Definition
-an open standard for token-based authentication and authorization on the Internet
-allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password
-created by Twitter, Google, and other very large technology companies |
|
|
Term
|
Definition
-a widely deployed federated identity solution
-an open-source project that provides Single Sign-On capabilities
-allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner |
|
|
Term
|
Definition
-a small hardware device that the owner carries to authorize access to a network service
-uses two factor authentication
-A more scalable form of authentication |
|
|
Term
|
Definition
-successor to the authentication protocol in Microsoft LAN Manager (LANMAN)
-Windows Challenge/Response first used with Windows NT
-Basic mode sends credentials in the clear
-SSP mode credentials sent using 3 way handshake
-A hash is generated with the password and a challenge from the server. Only the hash is sent, the password is never transmitted. |
|
|
Term
|
Definition
-Uses more advanced encryption algorithm
-successor to the authentication protocol in Microsoft LAN Manager (LANMAN)
-Windows Challenge/Response first used with Windows NT
-Basic mode sends credentials in the clear
-SSP mode credentials sent using 3 way handshake
-A hash is generated with the password and a challenge from the server. Only the hash is sent, the password is never transmitted. |
|
|
