Glossary terms from course 5, module 3

Access Control Entries: The individual access permissions per object that make up the ACL

Access Control List (ACL): It is a way of defining permissions or authorizations for objects

Accounting: Keeping records of what resources and services your users access or what they did when they were using your systems

Auditing: It involves reviewing records to ensure that nothing is out of the ordinary

Authentication: A crucial application for cryptographic hash functions

Authentication server (AS): It includes the user ID of the authenticating user

Authorization: It pertains to describing what the user account has access to or doesn’t have access to

Bind: It is how clients authenticate to the server

Biometric authentication: Authentication that uses Biometric data 

Certificate Revocation List (CRL): A means to distribute a list of certificates that are no longer valid

Client certificates: They operate very similarly to server certificates but are presented by clients and allow servers to authenticate and verify clients

Counter-based tokens: They use a secret seed value along with the secret counter value that’s incremented every time a one-time password is generated on the device

Data information tree: A structure where objects will have one parent and can have one or more children that belong to the parent object

Distinguished name (DN): A unique identifier for each entry in the directory 

Extensible authentication protocol (EAP over LAN, or EAPOL): A standard authentication protocol

Identification: The idea of describing an entity uniquely

Kerberos: A network authentication protocol that uses tickets to allow entities to prove their identity over potentially insecure channels to provide mutual authentication

Lightweight Directory Access Protocol (LDAP): An open industry-standard protocol for accessing and maintaining directory services; the most popular open-source alternative to the DAP

Multifactor authentication (MFA): A system where users are authenticated by presenting multiple pieces of information or objects

Network time protocol (NTP): A network protocol used to synchronize the time between the authenticator token and the authentication server

OAuth: An open standard that allows users to grant third-party websites and applications access to their information without sharing account credentials

One-time password (OTP): A short-lived token, typically a number that’s entered along with a username and password

One-time password (OTP) tokens: Another very common method for handling multifactor

OpenID: An open standard that allows participating sites known as Relying Parties to allow authentication of users utilizing a third party authentication service

Organizational units (OUs): Folders that let us group related objects into units like people or groups to distinguish between individual user accounts and groups that accounts can belong to

Physical tokens: They take a few different forms, such as a USB device with a secret token on it, a standalone device which generates a token, or even a simple key used with a traditional lock

Remote Authentication Dial-in User Service (RADIUS): A protocol that provides AAA services for users on a network

Risk mitigation: Understanding the risks your systems face, take measures to reduce those risks, and monitor them

Security keys: Small embedded cryptoprocessors, that have secure storage of asymmetric keys and additional slots to run embedded code

Single Sign-on (SSO): An authentication concept that allows users to authenticate once to be granted access to a lot of different services and applications

StartTLS: It permits a client to communicate using LDAP v3 over TLS

TACACS+: It is a device access AAA system that manages who has access to your network devices and what they do on them

Ticket granting service (TGS): It decrypts the Ticket Granting Ticket using the Ticket Granting Service secret key, which provides the Ticket Granting Service with the client Ticket Granting Service session key

Time-based token (TOTP): A One-Time-Password that’s rotated periodically

U2F (Universal 2nd Factor): It’s a standard developed jointly by Google, Yubico and NXP Semiconductors that incorporates a challenge-response mechanism, along with public key cryptography to implement a more secure and more convenient second-factor authentication solution

Unbind: It closes the connection to the LDAP server

XTACACS: It stands for Extended TACACS, which was a Cisco proprietary extension on top of TACACS