Glossary terms from course 5, module 3
Access Control Entries: The individual access permissions per object that make up the ACL
Access Control List (ACL): It is a way of defining permissions or authorizations for objects
Accounting: Keeping records of what resources and services your users access or what they did when they were using your systems
Auditing: It involves reviewing records to ensure that nothing is out of the ordinary
Authentication: A crucial application for cryptographic hash functions
Authentication server (AS): It includes the user ID of the authenticating user
Authorization: It pertains to describing what the user account has access to or doesn’t have access to
Bind: It is how clients authenticate to the server
Biometric authentication: Authentication that uses Biometric data
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no longer valid
Client certificates: They operate very similarly to server certificates but are presented by clients and allow servers to authenticate and verify clients
Counter-based tokens: They use a secret seed value along with the secret counter value that’s incremented every time a one-time password is generated on the device
Data information tree: A structure where objects will have one parent and can have one or more children that belong to the parent object
Distinguished name (DN): A unique identifier for each entry in the directory
Extensible authentication protocol (EAP over LAN, or EAPOL): A standard authentication protocol
Identification: The idea of describing an entity uniquely
Kerberos: A network authentication protocol that uses tickets to allow entities to prove their identity over potentially insecure channels to provide mutual authentication
Lightweight Directory Access Protocol (LDAP): An open industry-standard protocol for accessing and maintaining directory services; the most popular open-source alternative to the DAP
Multifactor authentication (MFA): A system where users are authenticated by presenting multiple pieces of information or objects
Network time protocol (NTP): A network protocol used to synchronize the time between the authenticator token and the authentication server
OAuth: An open standard that allows users to grant third-party websites and applications access to their information without sharing account credentials
One-time password (OTP): A short-lived token, typically a number that’s entered along with a username and password
One-time password (OTP) tokens: Another very common method for handling multifactor
OpenID: An open standard that allows participating sites known as Relying Parties to allow authentication of users utilizing a third party authentication service
Organizational units (OUs): Folders that let us group related objects into units like people or groups to distinguish between individual user accounts and groups that accounts can belong to
Physical tokens: They take a few different forms, such as a USB device with a secret token on it, a standalone device which generates a token, or even a simple key used with a traditional lock
Remote Authentication Dial-in User Service (RADIUS): A protocol that provides AAA services for users on a network
Risk mitigation: Understanding the risks your systems face, take measures to reduce those risks, and monitor them
Security keys: Small embedded cryptoprocessors, that have secure storage of asymmetric keys and additional slots to run embedded code
Single Sign-on (SSO): An authentication concept that allows users to authenticate once to be granted access to a lot of different services and applications
StartTLS: It permits a client to communicate using LDAP v3 over TLS
TACACS+: It is a device access AAA system that manages who has access to your network devices and what they do on them
Ticket granting service (TGS): It decrypts the Ticket Granting Ticket using the Ticket Granting Service secret key, which provides the Ticket Granting Service with the client Ticket Granting Service session key
Time-based token (TOTP): A One-Time-Password that’s rotated periodically
U2F (Universal 2nd Factor): It’s a standard developed jointly by Google, Yubico and NXP Semiconductors that incorporates a challenge-response mechanism, along with public key cryptography to implement a more secure and more convenient second-factor authentication solution
Unbind: It closes the connection to the LDAP server
XTACACS: It stands for Extended TACACS, which was a Cisco proprietary extension on top of TACACS