Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
False Rejection Rate
|
or type 1 error – gives the percentage of subjects a system falsely rejects. In biometric authentication this increases with increasing system sensitivity.
|
|
False Acceptance Rate
|
or type 2 error – gives the percentage of invalid subjects a system falsely accepts. In biometric authentication this decreases with increasing system sensitivity.
|
|
Crossover Error Rate
|
gives the rate at which FRR equals FAR. This measure can be used to compare the overall accuracy of different authentication devices – with a lower value indicating greater accuracy.
|
|
Kerberos
|
is a trusted third-party protocol that works in a client/server model. It uses symmetric key cryptography to provide end-to-end security for large, heterogeneous networks.
|
|
Key Distribution Center
|
is the most important component of a Kerberos system. It holds the cryptographic keys of all users and services. It's also responsible for distributing keys and providing authentication and security services for a set of principles.
|
|
authentication server
|
Component of KDC
which authenticates a principal using the Data Encryption Standard – or DES – algorithm |
|
Ticket Granting Server
|
KDC component
that grants tickets to principals |
|
synchronized time clocks
|
Functional problems associated with running Kerberos are that all systems must have _________________ for it to function properly. Hosts with multiple network interface controllers may have problems using tickets.
|
|
User Datagram Protocol
|
Kerberos depends on this protocol which firewalls often block.
|
|
SESAME
|
uses public key cryptography to extend the functionality of Kerberos and overcome its weaknesses. Uses the Needham-Schroeder protocol.
|
|
Privilege Attribute Certificate
|
SESAME uses tickets for authentication. Each ticket is called a ____
|
|
One-time password
|
An ______________ is generated using a handheld token device, which displays the generated password to a user and synchronizes with an authenticating server.
|
|
Synchronous token
|
_____________________ devices synchronize with the authentication service using either system clock time or a counter. So the devices can be either clock-based or counter-based.
|
|
Asynchronous token
|
___________________ devices generate passwords for users using a challenge-response scheme
|
|
data custodian
|
A _________________ is responsible for performing backups to meet the backup requirements the data owner specifies and for restoring lost data in cases of system failure
|
|
data owner
|
Responsibilities of whom?
"classify data and review classification categories to accommodate changing business needs ensure security controls for the classified data review and ensure that the owner's access rights match the information assets the owner holds determine security and backup requirements and access criteria perform or delegate approval authority for access requests from other organizations delegate backup and recovery duties approve information disclosure, and act on security violation notifications |
|
Discretionary Access Control
|
This model restricts access to objects based on the identity of the subjects and the groups – such as Sales and Purchases – to which those subjects belong.
With this model, the data or resource owner has the discretion either to allow or deny other users access to the owned resources. These resources could, for instance, be files and printers. |
|
access control lists
|
You implement DAC using ________________. These contain the identities of system users who have access to specific resources.
|
|
Mandatory Access Control
|
model restricts the access of subjects to objects based on the security clearance of the subjects – such as secret, top secret, and confidential – and the classification of the objects.
The system implements a defined security policy, rather than enabling users who own resources from choosing to share these with other users. This model makes it possible to prevent users with lower clearance levels from accessing confidential information at higher levels. It is used in environments where information confidentiality is important. |
|
Mandatory Access Control
|
This model to provide access control based on rules, role-based access control, or what's known as lattice-based access control.
|
|
nondiscretionary
|
Role-based access control is also referred to as __________________control. It's based on users' roles within an organization and so corresponds to the organization's structure.
|