4.1 Authentication

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Get a hint
Hint

PKI

Get a hint
Hint

  • Deals with creating/distributing/managing/storing/revoking certificates

Get a hint
Hint

Digital certificates

Get a hint
Hint

  • Adds trust to users/websites/devices/etc.

  • Signed by CAs, or self-signed (cheaper, but less trusted).

  • Can self-sign for certs that will only be used internally

Card Sorting

1/11

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

12 Terms

1
New cards

PKI

  • Deals with creating/distributing/managing/storing/revoking certificates

2
New cards

Digital certificates

  • Adds trust to users/websites/devices/etc.

  • Signed by CAs, or self-signed (cheaper, but less trusted).

  • Can self-sign for certs that will only be used internally

3
New cards

RBAC

  • Roles in organizations determine the access you will get

  • Ex. by creating Groups in AD, and assign people to those groups

  • Ex. Field-Truck-Users group

4
New cards

Authentication

  • You can prove who you say you are

    • MFA, passwords, etc.

  • Part of AAA

5
New cards

Authorization

Based on your identity and authentication, what access will you have/what will you be able to do?

  • Part of AAA

6
New cards

Accounting

Login times, authentication successes/failures, data sent/received, logout times are all documented

  • Part of AAA

7
New cards

SSO

You only provide credentials one time

  • For the rest of that session/day, you’ll be able to access what you need

  • Will need to re-authenticate eventually

8
New cards

RADIUS

  • Centralizes authentication for users

  • Server authentication, 802.1X network access, remote VPNs, routers/switches/firewalls, etc.

  • Available on almost every type of OS

9
New cards

LDAP

Provides context for authentication and directories

  • Nearly every type of directory uses this, like AD, Apple OpenDirectory, etc.

  • X.500 lets us associate attributes to devices/users (ex. OUs, C (Country, the US), O (Organization, OUC), etc.)

  • Lets us build a hierarchy of devices/users on the network

10
New cards

SAML

Open standard for authentication and authorization

  • Can be applied to many types of applications

  • Uses separate resource and authorization servers (auth server provides a token that the client will present to the resource server when they wanna access stuff)

11
New cards

TACACS+

Remote AAA protocol that controls access to devices on the network; also centralized like RADIUS

  • Cisco-centric (but still technically open source)

  • Provides challenge-response auth (like CAPTCHA)

12
New cards

Time-based authentication (TOTP)

  • Uses a secret key and the time of day to provide a psuedo-random code for authentication

  • Usually used on an authenticator app