Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
13 Cards in this Set
- Front
- Back
|
Authentication
|
“Authentication is the process of determining whether information is trustworthy and genuine.”
|
|
|
3 general methods to authenticate
|
Something you know
Something you have Something about you/that you are |
|
|
What is the most common technique for Authentication
|
userids/password combination
|
|
|
Three Reasons Default accounts are left active
|
1. The admin is not aware they exist or doesn’t know how to disable them.
2. The admin wants a “failsafe” mechanism (in case the vendor needs to access the system should a major problem occur) 3. The admin wants to make sure that he/she doesn’t get locked out |
|
|
Name a few rules for passwords
|
Don’t pick an easy one to guess
mix upper and lower case, add special characters and numbers at least 6 characters in length, 8 better, 10 even better maybe use pass-phrases instead of dictionary words Don’t write it down Don’t reuse previous passwords (or just add a # to it) Change it on a regular basis (but not too often), 45 days. If you’re the sysadmin, run a password cracker periodically. If one-time passwords are possible, consider using them (they have their own problems though) |
|
|
Name some password management issues
|
Default accounts
Easily guessed or cracked passwords Unpassworded accounts Shared accounts Password aging Password policy enforcement Password auditing |
|
|
What are the 3 basic Authentication Techniques
|
1. Something you know
2. Something you have 3. Something about you |
|
|
Problems with the 3 basic Authentication Techniques
|
- Something you know:
*people write things down, they *choose poorly - Something you have *requires additional hardware ($) *people lose them - Something about you *requires additional hardware ($$) *things about you can change |
|
|
something you have includes
|
*May combine a method below with a userid/password
*Physical keys *Magnetic cards *Smart cards * "calculators” device that looks like (and may even function as) a calculator. |
|
|
Something about you includes
|
Biometrics
Voice prints Fingerprint Retinal Scan Hand Geometry Signature analysis |
|
|
“Access controls serve to enforce
|
“Access controls serve to enforce an authorization policy, which specifies what activity is allowed and who is allowed to initiate it.”
|
|
|
T/F: access controls can apply to any media – print, tapes, networks, memory, . . .
|
True
|
|
|
NT Access Control Lists (ACL) Consists of
|
- Owner SID: The owner’s security ID
- Group SID: The security ID fo the primary group. - Discretionary Access Control List (DACL): specifies who has what access to the object. - System Access Control List (SACL): Specifies which operations by which users should be logged in the security audit log. |
