Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
38 Cards in this Set
- Front
- Back
The two types of bio-metric authentication are: |
Static - Physiological feature that wont change Dynamic - What actions you do |
|
Advantages of Biometric authentication are: |
- The user has to be physically present - Nothing for you to forget - Hard to fake |
|
Disadvantages of Biometric Authentication are: |
- Some biometric features may change (retina or any dynamic features) -Some are not effective (such as voice) - Devices are expensive - Responses are rather slow |
|
Problem with Biometric Authentication is |
PRIVACY |
|
Single-Sign-On Authentication (SSO) |
Signs in on one server and can access everything without authentication that is connect to that server |
|
Advantage of SSO is |
If the user needs to remember only one password, he can choose a VERY STRONG password |
|
Disadvantage of SSO is |
The server becomes the single point of failure. If password cracked, the cracker has EVERYTHING! |
|
Kerberos Authentication protects against |
- Eavesdropping - Replay attacking |
|
to grant means ... |
A user passing on the access rights
|
|
Owners in AC can... |
grant him/her any right he/she wants |
|
Attenuation of Privilege |
A user can only grant rights that he/she possesses |
|
Some methods of Access Control |
DAC MAC N-DAC RBAC RuleBAC CDAC |
|
What is Discretionary Access Control (DAC)? |
Owners have discretion to who gets access and how they get access to objects |
|
What is Mandatory Access Control (MAC)? |
Users are assigned security clearance, objects are assigned classification level. Access is granted based on rules of clearance and classifications. |
|
What is Non-Discretionary Access Control (N-DAC)? |
Security officers decides what access is granted |
|
What is Role-Based Access Control (RBAC)? |
Users are assigned roles (that already have accesses preset on them) that allow them to access specific objects |
|
In DAC, there are two types: |
1 - Operating System Based 2 - Application Based |
|
Operating-System-Based DAC is effective because ... |
None other than the authorized user can access the resource |
|
Operating-System-Based DAC is efficient when ... |
An authorized user should be able to access all resources that they have access to |
|
Application-based DAC has two types of security control: |
-Content-based (object analysis): Depends on sensitiveness of data -Context-based (subject analysis): Depends on user's function/role |
|
Object classification levels of sensitivity are |
Top Secret (Classified) Secret (Classified) Confidential (Classified) Unclassified (Unclassified) |
|
What AC is based on "need to know"? |
MAC |
|
What structure does MAC represent? |
A security lattice structure |
|
What is a security lattice structure in MAC? |
It is a partial ordering layered structure where higher subjects can read below and lower subjects can write up. Every classification has several compartments. |
|
Partial ordering is ... |
Picking any two elements and they MAY or MAY NOT have order |
|
A dominated relationship is defined by ... |
security level (class 1, compart 1) DOMINATES security level (class 2, compart 2) IFF (class 1 >= class 2) AND (compart 1 is a superset of compart 2) |
|
What is the Bell-LaPadulla Model? |
A model that protects confidentiality of data by allowing users to read down and write up using two policies: 1) Simple Security 2) Star-Policy |
|
The Simple Security Policy |
A subject can READ an object IFF the subject's clearance level dominates the objects classification level |
|
The Star Policy |
A subject can WRITE an object IFF the subject's clearance level is dominated by the object's classification level |
|
Covert Channels are |
Secretive ways of communicating between subjects of different clearance levels by using an object. |
|
The two ways of covert channeling are: |
1) Covert Timing Control - works by observing time modulation of utilization of resources. 2)Covert Storage Control - works by observing storage location of an object. |
|
Military protects ______ while Commercial protects _______ |
confidentiality, integrity |
|
Non-DAC offers ... |
-better security than DAC -some benefits of MAC without overhead |
|
In Rule-BAC where users make their rules, it offers _____ but ________ |
-stricter than DAC -security depends on user's technical knowledge & ability to make correct rules |
|
Rules in Rule-BAC must use ... |
user's access history |
|
In RBAC (Role based), role engineers.... |
develop roles of people & hierarchy to be accessed |
|
The problem with RBAC is that... |
The parent automatically inherits whatever the child can load. Therefore, if a child is under two parents of different operations, then Parent A and B can view each other's information. |
|
In Content-Dependent Access Control (CDAC) ... |
Access is given by considering the sensitivity of the data. The objects are analysis. ex. Local manager vs. HR manager (in regards to payroll) |