Security + Computer System Security

DCOM 258 E31

Name: Shaamim Ahmed
Chapter 09: Physical Security & Authentication Models
Part # 1

Define the following Key Terms (12 points)

Part A: Define the following terms (25 points)

1. Identification
When a person is in a state of being identified. It can also be described as some- thing
that identifies a person such as an ID card.
2. Authentication
When a persons identity is confirmed. Authentication is the verification of a persons
identity.
3. Authorization
When a user is granted access to specific resources after authentication is complete.
4. Multifactor authentication
Multifactor authentication means that the user must provide two different types of
identification. The thumbprint is an example of biometrics. Username and password
are examples of a domain logon. Single sign-on would only be one type of
authentication that enables the user access to multiple resources.
5. Single sign-on (SSO)
Single sign-on (SSO) is when a user can log in once but gain access to multiple
systems without being asked to log in again. This is complemented by single sign-off,
which is basically the reverse; logging off signs off a person from multiple systems.
6. LDAP (Lightweight Directory Access Protocol)
An Application Layer protocol used for accessing and modifying directory
services data
7. Kerberos
An authentication protocol designed at MIT that enables computers to prove
their identity to each other in a secure manner
8. Mutual authentication
Two-way authentication where the client and the server both verify each
others identity
9. Remote Desktop Services
Web-based authentication systems used often in free wireless networks
(hotels, coffee shops, and so on).
10. Captive Portals
Web-based authentication systems used often in free wireless networks
(hotels, coffee shops, and so on).
11. Remote Access Service (RAS)
Began as a service that enabled dial-up connections from remote clients.
Nowadays, more and more remote connections are made with high-speed
Internet technologies, such as cable Internet, DSL, and FIOS.

Security + Computer System Security

DCOM 258 E31
Challenge Handshake Authentication Protocol (CHAP)
An authentication scheme used by Point-to-Point Protocol (PPP), which is the
standard for dial-up connections
12. Virtual private networks (VPNs)
A connection between two or more computers or devices that are not on the
same private network
PPTP (Port 1723)
L2TP (Port 1701)
Windows Server RRAS
13. RADIUS (Ports 1812 and 1813)
The Remote Authentication Dial-In User Service (RADIUS) provides centralized
administration of dial-up, VPN, and wireless authentication.
14. TACACS+ (Port 49)
The Terminal Access Controller Access-Control System Plus (TACACS+) is another
remote authentication protocol developed by Cisco.

Part B: Short answer Questions (30 points)

1. List the four steps of 802.1X authentication.
i.
Initialization
ii.
Initiation
iii.
Negotiation
iv. Authentication
2. Identify two Authentication failures.
I.
False positive
a. This is when a system authenticates a user who should not be allowed
II.

access to the system. This is also known as a Type I error.

False negative
a. This is when a system denies a user who actually should be allowed

access to the system. This is known as a Type II error.

3. List three Building perimeter security.
I.
Video surveillance and CCTV
II.
Security alarms
III.
Motion detectors
4. Identify five Server room security.
I.
Door access
II.
CardKey
III.
Smart cards
IV. Proximity sensors
V. Biometric readers

Security + Computer System Security

DCOM 258 E31
a. Biometrics is the science of recognizing humans based on one or more
physical characteristics.