Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
32 Cards in this Set
- Front
- Back
|
What is Implicit Deny?
|
Default security stance that if you are not specifically granted access to a resource, you are denied access by default
|
|
|
What is Least Privilege?
|
Security stance that users are granted only the minimum necessary access, permissions and privileges that are required for them to do their job.
|
|
|
What is the Bell La Padula model of Access Control?
|
Intended to prevent unauthorized access to classified information. Prevents you from accessing information at a higher rating. If you can access secret, you can not access top secret and cannot write to any lower level than secret
|
|
|
What is the Biba model of Access Control?
|
Designed after Bell la Padula. More concerned with information integrity. Can't write up or read down. If you are assigned to top secret, you can't read secret. This keeps higher level information pure. Developed for industrial uses
|
|
|
What is the Clark-Wilson model of Access Control
|
Data can't be accessed directly. Accessed through applications that have predefined capabilities. Prevents unauthorized modifications, errors and frauds
|
|
|
What is the Information Flow model of Access Control?
|
Concerned with properties of information flow, not only the direction of the flow. Not just up and down flow. Each piece of information would have unique properties and the system would evaluate each request to read or right against the properties.
|
|
|
What is the Noninterference model of Access Control?
|
Higher level security functions don't interfere with lower level functions. Prevents lower level users from being able to deduce what changes are being made to system
|
|
|
What is Mandatory Access Control (MAC)?
|
A type of access control which is inflexible. All access capabilities are predefined based on set of rules based on sensitivity labels, security domains or classification.
|
|
|
What is Discretionary Access Control (DAC)?
|
Administrators have some flexibility about how information is accessed users can share info with others. Uses ACLs.
|
|
|
What is Role Based Access Control?
|
Roles based on job function or responsibility. Good for environments with high turn over rate.
|
|
|
What is Rule Based access control?
|
Preconfigured security policies make the decisions.
|
|
|
What is Centralized Privilege Management?
|
A single server or set of servers is responsible for managing, controlling and implementing all security access rights and privileges. Domain network and RADIUS authentication are examples.
|
|
|
What is Decentralized Privilege Management?
|
Each system is responsible for managing, controlling and implementing security controls, access rights, and privileges. Workgroup network is an example.
|
|
|
What is an Access Control List (ACL)?
|
Collection of usernames and group names with specific permission allow/deny assignments. Contains Access Control Entities (ACE).
|
|
|
What are Group Policies?
|
Allows centralized control and management over Windows client and server systems. Applied at startup.
|
|
|
What is Password Policy?
|
Both a set of rules written out as part of the organizational security policy that dictates the requirements of user and device passwords as well as a technical enforcement tool (typically part of the OS) that reinforces the password rules.
|
|
|
What is Domain Password Policy?
|
Password policy within a GOP that is applied throughout a MS AD domaine to all Windows domain members.
|
|
|
What is RADIUS?
|
Remote Authentication Dial-In User Service. Centralized authentication system which provides additional layer of security for networks. AAA server: Authentication, authorization and auditing. RADIUS server hosts the RADIUS service. The RADIUS client is the remote access server - not the remote system accessing the network.
|
|
|
What is Remote Access Server (RAS)?
|
Any server service that can connect to a remote system. RAS connection via dial up or network technologies such as VPN, ISPN, DSL and cable. Configure not to start automatically
|
|
|
What is Lightweight Directory Access Protocol (LDAP)?
|
Standardized access protocol, main access protocol used by AD.
|
|
|
What is a Virtual Private Network (VPN)?
|
Private network connection through public network. May be used to connect LANS over the internet. Typically use tunneling protocol L2TP, IPSec or point to point tunneling. PPTP offers some encryption, though weak. IPSec offer higher security. Provide access control, authentication, confidentiality, and data integrity.
|
|
|
What is Kerberos?
|
Symmetric key authentication protocol.
Uses Key Distribution Center (KDC). KDC authenticates the principal (user, program, system) provides with a ticket. Can be used to authenticate against other principals. Trusted third party authentication. Single sign on. Weakness - KDC is single point of failure. |
|
|
What is Challenge Handshake Authentication Protocol (CHAP)?
|
Challenges system to verify identity. Uses one way hash to protect passwords. Primarily over dialup connections (usually PPP). Periodically reauthenticates.
|
|
|
What is Password Authentication Protocol (PAP)?
|
Not true security, but simple form of authentication. Username and password sent to server in clear text
|
|
|
What is Mutual Authentication?
|
When 2 or more parties authenticate each other. Used for critical data transmissions. A client may authenticate to a server and a server to a client when need to establish secure connection.
|
|
|
What is 802.1x?
|
Port based authentication mechanism. Based on EAP commonly used in wireless networks. Vulnerable to man in the middle and hijacking attacks.
|
|
|
What is TACACS?
|
AAA server. Used to authenticate connections
Client server oriented environment Operates like RADIUS, but uses TCP as opposed to UDP. Requires more bandwidth. TACACS/+ allows credentials to be accepted from multiple methods including Kerberos. |
|
|
What is the difference between Identification and Authentication?
|
Identification is the act of claiming an identity using just one authentication factor. Authentication is act of proving identity using one or more authenticator factors.
|
|
|
What is Diameter?
|
RADIUS implementation that deals with VoIP.
|
|
|
What is the KDC used for?
|
To store, distribute and maintain cryptographic session keys and secret keys. Also provides authentication services.
|
|
|
What is EAP used for?
|
Remote access Server can authenticate users with smart cards.
|
|
|
What is TGT used for?
|
Entity issued by the authentication service on the KDC to a principal. Proves principal identity thoughout the communication process.
|
