Week 4 Lab Part 1: Design a Multi-factor Authentication Process Assessment Worksheet
Design a Multi-factor Authentication Process
Lab Assessment Questions & Answers
1. In an Internet Banking Financial Institution is Single Factor Authentication acceptable? Why or why not?
Yes it can be acceptable because you can buff up security elsewhere.
2. Explain the difference between Positive Verification and Negative Verification?
Negative verification is the opposite of positive verification. The customer must contact the bank to verify that the information is correct.
3. What vulnerabilities are introduced by implementing a Remote Access Server?
Could Allow Remote Code Execution, two heap overflow, cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user.
4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service?
Using multi-factor authentication.
5. Name at least 3 remote access protections or security controls that must be in place to provide secure remote access.
Authorized secure remote access, Traffic inspection and Coordinated Threat Control, Centralized security management and enterprise-wide visibility and control.
6. When dealing with RADIUS and TACACS+ for authentication methods, what protocols are used at Layer 4 for each of these techniques?
UDP for RADIUS and TCP for TACACS+
7. In TACACS+ communications, what part of the packet gets encrypted and which part is clear text?
MD5 for encryption and XOR for clear text
8. In RADIUS authentication, what is the purpose of the “Authenticator”?
To provide a modest bit of security.
9. Which of these two, RADIUS and TACACS+, combines both authentication and authorization?
10. Is combining authentication and authorization a less or more robust way of handling authentication? Explain.
Authentication and authorization must work in tandem to provide effective security. Without authentication, there would be no way to determine if individuals are who they claim to be. Without some sort of authorization in place, it may not matter who they claim to be — as with no authorization in place, essentially anyone could access anything simply by telling the truth about who they are.
Week 4 Lab Part 2: Align Appropriate PKI Solutions Based on Remote Access and Data Sensitivity Assessment Worksheet
Align Appropriate PKI Solutions Based on Remote Access and Data Sensitivity
Lab Assessment Questions & Answers
1. Where can you store your public keys or public certificate files in the public domain? Is this the same thing as a Public Key Infrastructure (KI) server?
The storage location is called the certificate store. Yes
2. What do you need to do if you want to decrypt encrypted messages and files from a trusted sender?
3. When referring to IPSec Tunnel Mode, what two types of headers are available, and how do they differ?
AH and ESP header. ESP provides encryption, authentication and the packet processing rules and AH does not provide encryption.
4. Provide a step by step progression for a typical Certificate Enrollment process with a Certificate Authority.
Authenticating the client or user.
Creating a PCKS #10 request.
Posting the request.
Retrieving the certificate.
5. When designing a PKI infrastructure what are the advantages and disadvantages of making the CA available publicly over the Internet or keeping it within the private network?
Advantages in a private network:
Supports cross-certification of other CA server hierarchies on the Enterprise Corporate Private Enterprise private network. The CA server is protected from public access, and from intrusion or DoS attacks from the public Internet. Disadvantages in a private network:
Requires a slightly more...
Please join StudyMode to read the full document