Lab 7 & 8
Week 4 Lab Part 1: Design a Multi-factor Authentication Process
Assessment Worksheet
Design a Multi-factor Authentication Process
Lab Assessment Questions & Answers
1. In an Internet Banking Financial Institution is Single Factor Authentication acceptable? Why or why not?
Yes it can be acceptable because you can buff up security elsewhere.
2. Explain the difference between Positive Verification and Negative Verification?
Negative verification is the opposite of positive verification. The customer must contact the bank to verify that the information is correct.
3. What vulnerabilities are introduced by implementing a Remote Access Server?
Could Allow Remote Code Execution, two heap overflow, cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user.
4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service?
Using multi-factor authentication.
5. Name at least 3 remote access protections or security controls that must be in place to provide secure remote access.
Authorized secure remote access, Traffic inspection and Coordinated Threat Control, Centralized security management and enterprise-wide visibility and control.
6. When dealing with RADIUS and TACACS+ for authentication methods, what protocols are used at Layer 4 for each of these techniques?
UDP for RADIUS and TCP for TACACS+
7. In TACACS+ communications, what part of the packet gets encrypted and which part is clear text?
MD5 for encryption and XOR for clear text
8. In RADIUS authentication, what is the purpose of the “Authenticator”?
To provide a modest bit of security.
9. Which of these two, RADIUS and TACACS+, combines both authentication and authorization?
RADIUS
10. Is combining authentication and authorization a less or more robust way of handling authentication?
Assessment Worksheet
Design a Multi-factor Authentication Process
Lab Assessment Questions & Answers
1. In an Internet Banking Financial Institution is Single Factor Authentication acceptable? Why or why not?
Yes it can be acceptable because you can buff up security elsewhere.
2. Explain the difference between Positive Verification and Negative Verification?
Negative verification is the opposite of positive verification. The customer must contact the bank to verify that the information is correct.
3. What vulnerabilities are introduced by implementing a Remote Access Server?
Could Allow Remote Code Execution, two heap overflow, cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user.
4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service?
Using multi-factor authentication.
5. Name at least 3 remote access protections or security controls that must be in place to provide secure remote access.
Authorized secure remote access, Traffic inspection and Coordinated Threat Control, Centralized security management and enterprise-wide visibility and control.
6. When dealing with RADIUS and TACACS+ for authentication methods, what protocols are used at Layer 4 for each of these techniques?
UDP for RADIUS and TCP for TACACS+
7. In TACACS+ communications, what part of the packet gets encrypted and which part is clear text?
MD5 for encryption and XOR for clear text
8. In RADIUS authentication, what is the purpose of the “Authenticator”?
To provide a modest bit of security.
9. Which of these two, RADIUS and TACACS+, combines both authentication and authorization?
RADIUS
10. Is combining authentication and authorization a less or more robust way of handling authentication?