• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/46

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

46 Cards in this Set

  • Front
  • Back
Subject
An active entity requesting access to an object or data
Object
A passive entity that contains info or data
Access
Ability of a subject to do something such as: read, write, create, execute
Access control
A security feature that controls how subjects and
objects interact with each other
Granularity
The fine divisions of a component so that it can be
fine-tuned which access controls can be regulated.
Identification
The association of some unique or at least useful
label to a subject. Ascertains the identity of a subject.
Authentication
proving that the subject is who he claims to be.
Something he knows, password; something he has, smart card;
something he is, fingerprint.
Authorization
granting access to resources based on criteria list.
Strong authentication (two factor)
the requirement of having
two of the three factors of authentication.
Excessive privilege
User or administrator has more privileges then he/she needs for the security of the system
Crypto keys
private key or digital signature to prove one’s
identity. A private key is a secret value in possession by one person. Digital signature is encrypting a hash value with the private key. More secure than static passwords.
Passphrases
A sequence of characters is typed; software transforms them into a virtual password. More secure than a password because it is longer and easier to remember
Memory cards
It holds the authentication information. Just like an
ATM. Added cost of reader, card creation and maintenance
Cognitive passwords
When fact based information is used to verify identity. A question is asked to the subject and he answers.
Mother’s name, pet name, favorite idol. It is easy to remember.
One-time password
It is good only for one authentication, uses a
token.
Synchronous one-time password generator
synchronized with
the authentication service by using time or an event to authenticate. Time /event driven. Encrypted using time value.
Asynchronous one-time password generator
same thing but uses
a challenge response.
Passwords characteristics
cheapest, least secure (easy to
shared, written down), most widely used authentication technology.
Biometrics
Physical attributes for authentication through unique physical personal attributes, most accurate, sophisticated, and very expensive. It is not very accepted by society
Type I
False Reject Rate or false negative) is when a good subject is not authenticated
Type II
False Accept Rate or false positive) is when an impostor is authenticated
Crossover Error rate (CER)
The CER is the point where rejection and acceptance intersects.
Discretionary Access Control (DAC)
solely granted based on the authorization granted by the owner. Uses ACL.
Mandatory Access Control (MAC)
Is based on the security clearance of subject and classification of object, in other words based on labels. The OS determine access.
Role-Based Access Control (RBAC)
It’s also called a non-discretionary access control. It allows access to objects based on the role the user holds within the company. Administrator assigns to a role certain rights and each user is placed in a role. Oracle works that way.
Lattice-based Access Control
Every pair of elements is compared to roles, their permission and clearance levels with the sensitivity level of the object to determine access level.
Ruled based
Security policy based on global rules imposed for all subjects.
MAC is an example. Rule-based access techniques are based on specific rules that indicate what can and cannot happen to an object
Menus
administrator specifies the menu available to the user
Shells
the administrator specifies the menu available to the user through OS command.
Database view
limited by table view
Physically constrained
limiting keypad or touch buttons like an ATM
Control matrix
Table of subjects and object specifies their access relationship
Capability table
specifies the access rights a certain subject has to an object
Access Control Lists (ACLs)
Are used to authorize a subject to access an object and they are bounded to the object
Content-dependent access control
Access to objects can be determined by the sensitivity of the content within the objects. As an example a user may have access to a payroll DB but another user cannot.
Access controls attributes
Groups, physical location, logical location, time of day, transaction type
Access control administration
centralized One entity, senior management make access rights policies admin enforce it, RADIUS, TACAS+, DIAMETER
Remote Authentication Dial-in Service (RADIUS)
An authentication protocol that authenticates and authorizes. It provides a handshakes protocol. User dials-in to communicate.
DIAMETER
A protocol that provides users authentication with more than just SLIP and PPP,
it provide protocols for PDAs, laptops or cell phones. It includes a better message transport, proxying, session control and higher security transactions.
Terminal Access Controller Access Control System (TACACS+)
An authentication protocol to authenticate remote users. It splits authentication, authorization and auditing features. It is a Cisco protocol.
Single Sign-on (SSO) technology
A technology where the user
presents their credential once, the user can then access all resources across accredited network. It is less administration,
user is centralized, user only needs to remember one set of credentials. It uses scripts or a directory services (LDAP). The
various protocols are: Kerberos, Sesame, Thin clients.
Kerberos
1)user authenticates to the Authentication Server (AS)
2) AS sends initial ticket
3) user requests to access an object
4) each time user requests to access an object the Ticket Granting
Serv (TGS) creates new ticket with session key from the Kerberos
Distribution Center (KDC),
5) user accesses the object. Downfalls are single point of failure, secret key stored with users, dictionary attacks, KDC must be available, by default not encrypted.
Secure European Applications Multi-vendor Environment (Sesame)
1) user sends credentials to AS
2) AS sends token back to user
3) user with token requests to the Privilege Access Server (PAS) a Privilege Access Certificate (PAC), user accesses the object server.
Thin-client
dumb terminals network where each terminal requests tickets from the mainframe.
Steps of controlling access
1) Decide on the model,
2) Decide on the technology/techniques,
3) How is access be managed (centralized, decentralized, hybrid)
Auditing
controls through tracking activities of users and systems