Page 5 - Security+ (635 notes by Nikkhah)
P. 5
39- Tokens use a variety of authentication methods such as one-time password, single sign-
on, or two-factor.
Multifactor authentication
40- Multifactor authentication uses two or more factors to identify a person:
— Asomething you know factor, such as your password or PIN.
— Asomething you have factor, such as your hardware token or a smart card.
— Asomething you are factor, such as your fingerprints, your eye retina, or other biometrics
that can be used for identity.
— A something you do factor, such as your handwriting or your voice patterns.
Mutual authentication
41- Mutual authentication is used to verify the identity of both ends of communication.
42- This method prevents Man-In-The-Middle Attacks (MITM).
43- Most networkoperating systems provide mechanisms for mutual authentication.
Biometrics
44- Biometrics is used to authenticate a person using physical and behavioral characteristics.
45- Advanced biometric devices help identify a person using fingerprints, handwriting, voice
patterns, or eye retina scans.
46- This is the most trusted method of authentication.
Auditing and logging
47- Auditing helps trackthe activities of users and system processes and helps save audit
entries in log files.
48- Auditing is a two-step process: enabling auditing on resources and viewing audit log files.
49- It can help troubleshoot and diagnose system and network problems.
50- It can help track internal and external security breaches.
51- System auditing helps trackauthorized and unauthorized access of system resources and
processes.
52- Unauthorized activities include attempts to access classified information, concealment,
conversion, and copying of confidential data.
53- Log files must not be accessible to unauthorized users.
www.hrnikkhah.com by : Hamid Reza Nikkhah Page 3
