An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
Techniques used to address this include protocols that use nonce's (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS-Security), time-synchronous or challenge-response one-time authenticators and CAC's.
Application servers typically provide management access via a web server-based interface or via command line scripted access. As such, the application server must take the necessary steps to ensure the authentication mechanisms built into the application server do not allow for replay based attacks that could compromise privileged accounts. CAC authentication meets these requirements.
|