0
Which authentication protocol uses a locally stored shared secret that is encrypted?
Wiki User
∙ 11y ago
pap
Wiki User
∙ 11y ago
Add your answer:
Earn +20 pts
Is the lamport hash protocol vulnerable to server database disclosure?
No, it is safe. Even if the attacker would have seen the hashes he wouldn't be able to recreate the hash because the user's secret is still secret. Watch out for the small n attack though.
How does asymmetric encryption provide confidentiality?
Asymmetric encryption can provide confidentiality in two ways:1) messages encrypted using the public key of the recipient can only be decrypted using the private key of the recipient - which only the recipient should possess.2) It can be used as part of a negotiation process between two users to establish a temporary shared key through a process such as the following:User A sends a challenge message to user B which is encrypted with user B's public key to initiate secure communications.User B decrypts the message and sends the correct response back to user A encrypted with user A's public keyThe two users are now authenticated to each otherAt this point A can send a proposed symmetric key to B encrypted with B's private keyAll further communications are encrypted via the shared symmetric keyIn this second scenario, the asymmetric encryption only facilitates the establishment of confidentiality via the eventually shared symmetric key by securing the initial negotiations.
What is the function of line vty in router configuration?
Vty Line Authentication and AuthorizationThe system supports 20 virtual tty (vty) lines for Telnet, Secure Shell Server (SSH) and FTP services. Each Telnet, SSH, or FTP session requires one vty line. You can add security to your system by configuring the software to validate login requests. There are two modes of authentication for a vty line:Simple authentication - password-only authentication via the local configurationAAA authentication - username and password authentication via a set of authentication serversYou can enable AAA authorization, which allows you to limit the services available to a user. Based on information retrieved from a user's profile, the user is either granted or denied access to the requested server.Configuring Simple AuthenticationTo configure simple authentication: Specify a vty line or a range of vty lines on which you want to enable the password.host1(config)#line vty 8 13 host1(config-line)# Specify the password for the vty lines.host1(config-line)#password 0 mypassword Enable login authentication on the lines.host1(config-line)#login Display your vty line configuration.host1#show line vty 8 no access-class in data-character-bits 8 exec-timeout never exec-banner enabled motd-banner enabled login-timeout 30 seconds lineUse to specify the vty line(s) on which you want to enable the password.You can set a single line or a range of lines. The range is 0-19.Examplehost1(config)#line vty 8 13 Use the no version to remove a vty line or a range of lines from your configuration; users will not be able to run Telnet, SSH, or FTP to lines that you remove. When you remove a vty line, the system removes all lines above that line. For example, no line vty 6 causes the system to remove lines 6 through 19. You cannot remove lines 0 through 4.loginUse to enable password checking at login.The default setting is to enable a password.Examplehost1(config-line)#login Use the no version to disable password checking and allow access without a password.passwordUse to specify a password on a single line or a range of lines.If you enable password checking but do not configure a password, the system will not allow you to access virtual terminals.Specify a password in plain text (unencrypted) or cipher text (encrypted). In either case, the system stores the password as encrypted.Use the following keywords to specify the type of password you will enter:0 (zero) - unencrypted password5 - secret7 - encrypted passwordNote: To use an encrypted password or a secret, you must follow the procedure in Setting Basic Password Parameters earlier in this chapter to obtain the encrypted password or secret. You cannot create your own encrypted password or secret; you must use a system-generated password or secret.Example 1 (unencrypted password)host1(config-line)#password 0 mypassword Example 2 (secret)host1(config-line)#password 5 bcA";+1aeJD8)/[1ZDP6Example 3 (encrypted password)host1(config-line)#password 7 dq]XG`,%N"SS7d}o)_?YUse the no version to remove the password. By default, no password is specified.show line vtyUse to display the configuration of a vty line.Field descriptionsaccess-class - access-class associated with the vty linedata-character-bits - number of bits per character7 - setting for the standard ASCII set8 - setting for the international character setexec-timeout - time interval that the terminal waits for expected user inputNever - indicates that there is no time limitexec-banner - status for the exec banner: enabled or disabled. This banner is displayed by the CLI after user authentication (if any) and before the first prompt of a CLI session.motd-banner - status for the MOTD banner: enabled or disabled. This banner is displayed by the CLI when a connection is initiated.login-timeout - time interval during which the user must log in.Never - indicates that there is no time limitExamplehost1#show line vty 0 no access-class in data-character-bits 8 exec-timeout 3w 3d 7h 20m 0s exec-banner enabled motd-banner enabled login-timeout 30 seconds Configuring AAA Authentication and AAA AuthorizationBefore you configure AAA authentication and AAA authorization, you need to configure a RADIUS and/or TACACS+ authentication server. Note that several of the steps in the configuration procedure are optional. To configure AAA new model authentication and authorization for inbound sessions to vty lines on your system:Specify AAA new model authentication.host1(config)#aaa new-modelCreate an authentication list that specifies the type(s) of authentication methods allowed.host1(config)#aaa authentication login my_auth_list tacacs+ line enable(Optional) Specify the privilege level by defining a method list for authentication.host1(config)aaa authentication enable default tacacs+ radius enable(Optional) Enable authorization, and create an authorization method list.host1(config)aaa authorization commands 15 Boston if-authenticated tacacs+(Optional) Disable authorization for all Global Configuration commands.host1(config)#no aaa authorization config-commandsSpecify the range of vty lines.host1(config)#line vty 6 10 host1(config-line)# (Optional) Apply an authorization list to a vty line or a range of vty lines.host1(config-line)#authorization commands 15 BostonSpecify the password for the vty lines.host1(config-line)#password xyz Apply the authentication list to the vty lines you specified on your system.host1(config-line)#login authentication my_auth_listaaa authentication enable defaultUse to allow privilege determination to be authenticated through the TACACS+ or RADIUS server. This command specifies a list of authentication methods that are used to determine whether a user is granted access to the privilege command level.The authentication methods that you can use in a list include these options: radius, line, tacacs+, none, and enable.To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line.Requests sent to a TACACS+ or RADIUS server include the username that is entered for login authentication.If the authentication method list is empty, the local enable password is used.Examplehost1(config)#aaa authentication enable default tacacs+ radiusUse the no version to empty the list.aaa authentication loginUse to set AAA authentication at login. This command creates a list that specifies the methods of authentication.Once you specify aaa new-model as the authentication method for vty lines, an authentication list called "default" is automatically assigned to the vty lines. To allow users to access the vty lines, you must create an authentication list and either:Name the list "default."Assign a different name to the authentication list, and assign the new list to the vty line using the login authenticationcommand.The authentication methods that you can use in a list include these options: radius, line, tacacs+, none, and enable.The system traverses the list of authentication methods to determine whether a user is allowed to start a Telnet session. If a specific method is available but the user information is not valid (such as an incorrect password), the system does not continue to traverse the list and denies the user a session.If a specific method is unavailable, the system continues to traverse the list. For example, if tacacs+ is the first authentication type element on the list and the TACACS+ server is unreachable, the system attempts to authenticate with the next authentication type on the list, such as radius.The system assumes an implicit denial of service if it reaches the end of the authentication list without finding an available method.Examplehost1(config)#aaa authentication login my_auth_list tacacs+ radius line noneUse the no version to remove the authentication list from your configuration.aaa authorizationUse to set the parameters that restrict access to a network.Use the keyword exec to determine if the user is allowed to run User Exec mode commands. The commands you can execute from User Exec mode provide only user-level access.Use the keyword commands to run authorization for all commands at the specified privilege level (0- 15). See Table 6-1 for a description of privilege levels.You can enter up to three authorization types to use in an authorization method list. Options include: if-authenticated, none, and tacacs+.Note: For information about TACACS+, see the ERX Broadband Access Configuration Guide, Chapter 4, Configuring TACACS+.Authorization method lists define the way authorization is performed and the sequence in which the methods are performed. You can designate one or more security protocols in the method list to be used for authorization. If the initial method fails, the next method in the list is used. The process continues until either there is successful communication with a listed authorization method or all methods defined are exhausted.Examplehost1(config)#aaa authorization execUse the no version to delete method list.aaa authorization config-commandsUse to reestablish the default created when the aaa authorization commands command was issued.After the aaa authorization commands command has been issued, aaa authorization config-commands is enabled by default, which means that all configuration commands in Exec mode are authorized.Examplehost1(config)#aaa new-model host1(config)#aaa authorization command 15 parks tacacs+ none host1(config)#no aaa authorization config-commandsUse the no version to disable AAA configuration command authorization.aaa new-modelUse to specify AAA new model as the authentication method for the vty lines on your system.If you specify AAA new model and you do not create an authentication list, users will not be able to access the system through a vty line.Examplehost1(config)#aaa new-modelUse the no version to restore simple authentication.authorizationUse to apply AAA authorization to a specific vty line or group of lines.Use the exec keyword to apply this authorization to CLI access in general.Use the commands keyword to apply this authorization to user commands of the privilege level you specify.You can specify the name of an authorization method list; if no method list is specified, the default is used.After you enable the aaa authorization command and define a named authorization method list (or use the default method list) for a particular type of authorization, you must apply the defined list to the appropriate lines for authorization to take place.Examplehost1(config)#line vty 6 host1(line-config)#authorization commands 15 sonnyUse the no version to disable authorization.lineUse to specify the virtual terminal lines.You can set a single line or a range of lines. The range is 0-19.Examplehost1(config)#line vty 6 10 Use the no version to remove a vty line or a range of lines from your configuration; users will not be able to run Telnet, SSH, or FTP to lines that you remove. When you remove a vty line, the system removes all lines above that line. For example, no line vty 6 causes the system to remove lines 6 through 19. You cannot remove lines 0 through 4.login authenticationUse to apply an authentication list to the vty lines you specified on your system.Examplehost1(config-line)#login authentication my_auth_listUse the no version to specify that the system should use the default authentication list.passwordUse to specify a password on a line or a range of lines if you specified the line option with the aaa authentication login command.If you enable password checking but do not configure a password, the system will not allow you to access virtual terminals.Use the following keywords to specify the type of password you will enter:0 (zero) - unencrypted password5 - secret7 - encrypted password
What does vss mean?
In cryptography, the initials mean: Verifiable secret sharing.It's a protocol that promises that in a system of computers, with a leader that has a secret s and faulty computers -1- If the leader is honest: a- Each honest computer outputs value s_i = sb- at the end of the sharing phase the joint view of the malicious computers is independent in s 2- At the end of the sharing phase the value that the honest computers have determines the output of the honest computers
If a computer disc contains Secret Top Secret and Unclassified information it should be labeled?
Top Secret
Which password is automatically encrypted when it is created?
enable secret
What word begins with e and means secret?
encrypted or encryption
Mapped drive letters are said to be locally significant only. what is meant by locally significant?
Secret!!
Can super user read your encrypted files?
Not without knowing your secret keyword to decrypt them.
How was US military communications about operations in the Pacific kept secret?
through the use of encrypted codes.
What is the authentication protocol used in 2008?
The Windows operating systems implements a default set of authentication protocols-Kerberos, NTLM, TLS/SSL, Digest, and PKU2U-as part of an extensible architecture. In addition, some protocols are combined into authentication packages such as the Credential Security Support Provider (CredSSP), Negotiate, and Negotiate Extensions. These protocols and packages enable authentication of users, computers, and services; the authentication process, in turn, enables authorized users and services to access resources in a secure manner. Windows authentication protocols are conventions that control or enable the connection, communication, and data transfer between computers in a Windows environment by verifying the identity of the credentials of a user, computer, or process. The authentication protocols are security support providers (SSPs) that are installed in the form of dynamic-link libraries (DLLs). Negotiate Microsoft Negotiate is an SSP that acts as an application layer between the Security Support Provider Interface (SSPI) and the other SSPs. When an application calls into SSPI to log on to a network, it can specify an SSP to process the request. If the application specifies Negotiate, Negotiate analyzes the request and selects the best SSP to handle the request based on the configured security policy. Currently, the Negotiate SSP selects either the Kerberos or NTLM protocol. Negotiate selects the Kerberos protocol unless it cannot be used by one of the systems involved in the authentication or if the client application did not provide a target name as a service principal name (SPN), a user principal name (UPN), or a NetBIOS account name. Otherwise, Negotiate will select the NTLM protocol. A server that uses the Negotiate SSP can respond to client applications that specifically select either the Kerberos or NTLM protocol. However, a client application must first query the server to determine if it supports the Negotiate package before using Negotiate. (Negotiate is supported on Windows operating systems beginning with Windows Server 2003 and Windows XP.) A server that does not support Negotiate cannot always respond to requests from clients that specify Negotiate as the SSP Kerberos :The Kerberos version 5 (v5) authentication protocol provides a mechanism for authentication-and mutual authentication-between a client and a server, or between one server and another server NTLM The NTLM version 2 (NTLMv2) authentication protocol is a challenge/response authentication protocol. NTLM is used when exchanging communications with a computer running Windows NT Server 4.0 or earlier. Networks with this configuration are referred to as mixed-mode. NTLM is also the authentication protocol for computers that are not participating in a domain, such as stand-alone servers and workgroups. Negotiate Extensions NegoExts (NegoExts.dll) is an authentication package that negotiates the use of SSPs for applications and scenarios implemented by Microsoft and other software companies. Pku2u.dll is one of the supported SSPs that is installed by default, and developers can create custom providers. PKU2U The PKU2U protocol in Windows 7 and Windows Server 2008 R2 is implemented as an SSP. The SSP enables peer-to-peer authentication, particularly through the Windows 7 media and file sharing feature called Homegroup, which permits sharing between computers that are not members of a domain. Credential Security Support Provider Windows Vista introduced a new authentication package called the Credential Security Support Provider (CredSSP) that provides a single sign-on (SSO) user experience when starting new Terminal Services sessions. CredSSP enables applications to delegate users' credentials from the client computer (by using the client-side SSP) to the target server (through the server-side SSP) based on client policies TLS/SSL The TLS/SSL protocols are used to authenticate servers and clients, and to encrypt messages between the authenticated parties. The TLS/SSL protocols, versions 2.0 and 3.0, and the Private Communications Transport (PCT) protocol are based on public key cryptography. The secure channel (Schannel) authentication protocol suite provides these protocols. All Schannel protocols use a client/server model and are primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications Digest The Digest authentication protocol is a challenge/response protocol that is designed for use with HTTP and Simple Authentication Security Layer (SASL) exchanges. These exchanges require that parties requesting authentication must provide secret keys.
What encryption requires both sides of an encrypted conversation to use an encrypted key to be able to encode and decode the data?
Any shared private key method - symmetric encryption.
Which router configuration mode will require user authentication if an administrator issues the enable secret command?
privileged executive mode
Which router CLI mode will require user authentication if an administrator issues the enable secret command?
It is the privilege mode.
What is mean by memory card encryption?
Memory card encryption is used to translate data that is input on the card into a secret code. Once the data is encrypted, it can only be accessed through using a secret password.
What is the purpose of the Cisco IOS enable secret command?
This command provides the ability to the administrator to enter an encrypted form of the enable password. If the administrator uses the enable password command the password is stored in plain text within the startup config file. If enable secret is used, the password is stored as an encrypted string within the startup config file.
What is the minimum requirements support for user identification and authentication?
The minimum requirement's support for user identification and authentication is the use of a screen name or alias and a password. A secret question may also be used in support of the alias and password as a system for double checking identity.
