Cisco® CCNA Exam Cram Notes : Security Password policies elements

VIII. Security Fundamentals

3. Security Password policies elements

Password authentication: Password authentication is notoriously flawed. Passwords that are weak or recycled for many accounts leave systems vulnerable to being breached. Pass-the-hash attacks enable malicious attackers to steal password information- without actually cracking a password and then to reuse the information to access a user’s account in that web session or other accounts. The answer is to consider multifactor authentication methods, which use two or more factors of authentication

Multifactor authentication: Here two or more number of authentication methods are used for granting access to a resource. Usually, it combines a password with that of a biometric authentication.

MFA combines two or more independent credentials (factors). The five broadly known independent credentials are:

1. What the user knows (password),

2. What the user has (security token)

3. What the user is (biometric verification).

4. Where the user is

5. What the user is doing

The goal of MFA is to create a layered defense and make it more difficult for an intruder to access a target such as a physical location, computing device, network or database.

Note that Authentication methods using two or more variables in the same factor still constitute single-factor authentication. For example, a password and a PIN are both in the something you know category, so they can only provide single-factor authentication even when they are used together.

Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. It is a critical component of identity and access management (IAM). Rather than just asking for a username and password, MFA requires other—additional—credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or facial recognition.

MFA is an effective way to provide enhanced security. Traditional usernames and passwords can be stolen, and they’ve become increasingly more vulnerable to brute force attacks. MFA creates multiple layers of security to help increase the confidence that the user requesting access is actually who they claim to be.

Biometric authentication: Biometric authentication uses measurable physical attributes of a human being such as signature, fingerprint. It is the ability to measure physical characteristics of a human such as fingerprints, speech etc. These measured values are then used for authentication purpose. Given below are few of the measurable quantities:

1. Fingerprint: Scans and matches finger print to a securely stored value.

2. Voiceprint: Identifies a person by measuring speech pattern.

3. Iris profile: Identifies a person by using Iris part of the eye.

4. Signature: Matches an individual's signature with the stored value.

Mutual authentication: Here both the server and client computers authenticate each other. This type of authentication is more secure than one-way authentication, where only the client is authenticated.

Previous    Contents    Next

CCNA Cram Notes Contents
certexams ad

simulationexams ad