Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
33 Cards in this Set
- Front
- Back
user authentication |
The process of verifying an identity claimed by or for a system entity |
|
Authentication Process (2) |
Identification step - Presenting an identifier to the security system (Registration) |
|
Means of authenticating users (4) |
-Something that you know |
|
Risk Assessment (3) |
Assurance Level |
|
Assurance Level |
Describes an organizations degree of certainty that a user has presented a credential that refers to his or her identity |
|
Potential Impact |
Authentication error that could be expected to have a serious adverse effect |
|
Biometric authentication |
Authenticate an individual based on unique characteristics. Requires special hardware. |
|
Requirements for Biometric Identification (4) |
Universality - Most person should have the characteristic |
|
Biometric categories |
Physiological - iris recognition, face recognition, hand geometry |
|
Signature |
behavioral biometric. shape speed stroke pen pressure timeing |
|
Barcodes: Vulnerabilities |
Easy to duplicate |
|
QR codes: Vulnerabilities |
URLs may contain malicious codes that will be passed on to the application |
|
Chip & PIN: Vulnerabilities |
Can be bypassed Attacks on implementations |
|
Password Vulnerabilities |
Weak passwords Password information leaked from network communication Password information leaked from stored password file |
|
Entropy |
measures how uncertain the guessing outcome is |
|
Online Password Attacks Countermeasures |
account block after 3 tries slow response detect bots |
|
advantages of salting |
attacker must compute hashes of all dictionary words once for each value of salt and password |
|
Phishing countermeasures |
Detection - server filtering, client detection |
|
Keyloggers |
Randomize keypads / virtual keyboard |
|
What info security do we need from a computer system |
confidentiality - our data not seen by others integrity - our data remains unchanged availability - access it when we want |
|
Categories of vulnerabilityies |
Corrupted (integrity) Leaky (confidentiality) Unavailable (availability) |
|
Threats |
Capable of exploiting vulnerabilities potential security harm |
|
Attacks |
Passive - attempt to learn or make use of information but does not affect system resources
Active - attempt to alter system resources or affect their operation
insider - entity inside the security parameter
|
|
What are Rainbow Tables |
Make one-way hash functions two way by making a list of outputs for all possible inputs up to a character limit |
|
Rainbow table cracking tools (3) |
rtgen - generates rainbow tables rtsort - sort rtcrack - lookup
also has .txt file "charset.txt" and it contains all available set of chars used to generate tables |
|
Assets of an organization |
Hardware - computer system, data storage, data communication devices Software - operating system, application program
Data - file, database, password file
Communication and network - Local communication, global communication, router |
|
Vulnerability |
A weakness of system's design, implementation or operation that could be exploited to violate the system policy and increase risk |
|
What is cryptography |
designing transformations and protocols for tasks that need security |
|
SSL/TLS Cryptography |
Public-key encryption Symmetric-key encryption Signature-based authentication Hash for integrity
|
|
Symmetric key encryption |
Share a secret key and use both for encryption and decryption |
|
Public key encryption |
Use a public key and encrypt a message. Other party will use a secret key to decrypt |
|
Digital Signature |
Can verify a message from one singular party |
|
Certificates |
Prove who you are communicating with |