Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
IDA
|
Identity and Access
Users and other security principals, which may include computers, services, and groups, are named as identifies (also called "accounts" that are given access (permissions) to information, resources, or systems (Microsoft, 2011 p. 1-4) |
|
|
AAA
|
Authentication, Authorization, and Accounting
Users provide username and password that are authenticated when their credentials are validated. Users are given permissions to resources (access control) that are used to authorize access requests. Access is monitored, providing accounting and auditing. In some documentation, auditing is split out as a separate "A" form accounting leading to the Acronym (Microsoft, 2011 p. 1-4) |
|
|
CIA
|
Confidentiality
Integrity Availability and Authentication Information is protected ti ensure that it is not disclosed to unauthorized individuals (confidentiality, it is not modified incorrectly (integrity) intentionally or accidentally, and is available when needed (availability). (Microsoft, 2011 p. 1-4) |
|
|
Identity protections consists of
|
IDA, AAA, CIA
|
|
|
Components of IDA
|
Identity and Access
- Identify a user account - Saved in an identity store (directory database) - represented by the SID - Resources: Shared folder - Secured with Security Descriptor - DACL or "ACL" - ACE or "permissions" (Microsoft, 2011 p. 1-5) |
|
|
SID
|
Security Identifier
An Identity is called a security principal in Windows system, Security principles are uniquely by an attribute called the security identifier (SID). (Microsoft, 2011 p. 1-5) |
|
|
ACE
|
Access Control Entry
(Microsoft, 2011 p. 1-5) |
|
|
DACL
|
Discretionary access Control List
(Microsoft, 2011 p. 1-5) |
|
|
Step 1 - Authentication and Authorization
|
A user presents credentials that are authenticated by using the information stored with the user's identity
(Microsoft, 2011 p. 1-6) |
|
|
Step 2 - Authentication ans Authorization
|
The system Creates a security token that represents the user with the user's SID and all related group SID
(Microsoft, 2011 p. 1-6) |
|
|
Step 3 - Authentication and Authorization
|
A resource is secured with ACL: permissions that pair a SID with a level of access
(Microsoft, 2011 p. 1-6) |
|
|
Step 4 - Authentications and Authorization
|
The user's security token is compared with the ACL of of the resource to authorize a requested level of access
(Microsoft, 2011 p. 1-6) |
|
|
Authentication
|
Authentication is the process that verifies a user's identity
(Microsoft, 2011 p. 1-7) |
|
|
What are the types of authentication
|
- Local
- Remote (network) (Microsoft, 2011 p. 1-7) |
|
|
Local Authentication
|
Local (interactive) Logon - Authentication to the local computer
(Microsoft, 2011 p. 1-7) |
|
|
Remote Authentication
|
Remote (network) - Logon authentication for access to resources on another computer.
(Microsoft, 2011 p. 1-7) |
|
|
Parts of User's Access Token
|
- User SID
- Members Group SID - Privileges (user rights) - Other access Information (Microsoft, 2011 p. 1-8) |
|
|
SACL
|
Security Access Control List
contains auditing settings and attributes such as the objects owner (Microsoft, 2011 p.1-9 ) |
|
|
Security descriptor
|
combines
- SACL -DACL or ACL (Microsoft, 2011 p. 1-9) |
|
|
Three components for authentication
|
1. Resource
2. Access Request 3. Security Token |
|
|
SAM
|
Security Accounts Manager
(Microsoft, 2011 p. 1-12) |
|
|
Active Directory Domains: Trusted identity store
|
- Centralized Identity Store trusted by all domain members
- Centralized Authentication - Hosted by a server performing the role of AD DS domain controller (Microsoft, 2011 p. 1-12) |
|
|
IDA infrastructure
|
- Store information about users, groups, computers and other identities
- Authenticate an Identity (Kerberos authentication) - Control access - Provide an Audit trail (Microsoft, 2011 p. 1-13) - |
|
|
Which version of active directory is considered a stand alone version
|
AD- LDS
(Microsoft, 2011 p. 1-15) |
|
|
AD LDS replaced what
|
ADAM
Active Directory Application Mode (Microsoft, 2011 p. 1-15) |
