Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
SecurityCHPT9
terms
| Question | Answer |
|---|---|
| access control | granting or denying approval to use specific resources |
| roles in access control | owner |
| roles in access control | custodian |
| roles in access control | end user |
| basic steps in access control | identification |
| basic steps in access control | authentication |
| basic steps in access control | authorization |
| basic steps in access control | access |
| authentication | checking the persons credentials or id when logging into the system |
| authorization | granting permission to take action |
| access control model | standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications |
| four major access control models | mandatory access control |
| four major access control models | discretionary access control |
| four major access control models | role based access control |
| four major access control models | rule based access control |
| MAC | typically found in military settings in which security is of supreme importance |
| two elements of MAC | labels |
| two elements of MAC | levels |
| two major implementations of mandatory access control | lattice model |
| two major implementations of mandatory access control | bell-lapadula model |
| lattice | a type of screen or femcing that is used as a support for climbing garden plants |
| bella lapudla model | protection prevents subjects from creating a new object or performing specific functions on objects that are at a lower level than their own |
| microsoft windows four security levels | low |
| microsoft windows four security levels | medium |
| microsoft windows four security levels | high |
| microsoft windows four security levels | system |
| dac | discretionary access control |
| dac | least restrictive |
| dac model | every object has an owner who has total control over that object |
| dac has two significant weaknesses | poses risks in that it relies on decisions by the end user to set the proper level security |
| dac has two significant weaknesses | subjects permissions will be inherited by any programs that the subject executes |
| role based access control | rbac |
| rbac | non discretionary access control |
| rbac | based on a users job function within an organization |
| rbac model | assigns permissions to particular ???? pg 340 |
| access control models | mandatory access control |
| access control models | discretionary access control |
| access control models | role based access control |
| access control models | rule based access control |
| establishing a set of best practices for limiting access | can also help secure systems and data |
| best practices for access control | separation of duties |
| best practices for access control | job rotation |
| best practices for access control | least priviliege |
| best practices for access control | implicit deny |
| best practices for access control | mandatory vacation |
| separation of duties | requires that if the fraudulent application of a process could potentially result in breach of security,then the process should be divided between two or more individuals |
| job rotation | individuals are periodically moved from one job responsibility to another |
| job rotation advantages | limits the amount of time that individuals are in a position to manipulate security configurations |
| job rotation advantages | helps to expose any potential avenues for fraud by having multiple individuals with different perspectives learn about the job and uncover vulnerabilities that someoneelse may have overlooked |
| job rotation advantages | reduce burnout |
| challenges of least privileges | legacy applications |
| challenges of least privileges | common administrative tasks |
| challenges of least privileges | software installation/upgrade |
| least privilege in access control | means that only the minimum amount of privileges necessary to perform a job or function should be allocated |
| object | specific resource |
| subject | user or process function on behalf of the user |
| implicit deny | means that if a condition is not explicitly met then the request for access is rejected |
| dac model that uses explicit deny | have stronger security because access control to all users is denied by default and permissions must be explicitly granted to approved users |
| acess control list | set of permissions that are attached to an object |
| access control entry items | security identifier |
| access control entry items | an access mask that specifies the access rights controlled by the ace |
| access control entry items | a flag that indicates the type of ACE |
| access control entry items | a set of flags that determine whether objects can inherit permission |
| operation | the action that is taken by the subject over the object |
| labels | represent the relative importance of the object |
| in a system using mandatory access control every entitiy | is an object |
| MAC granst permissions by | matching object labels with subject labels based on their respective levels |
| rule based role based access control | can dynamically assign roles to subjects based on a set of rules defined by a custodian |
| sudo | superuser do command |
| sudo | prompts the user for their personal password and confirms the request to execute a command |
| registry | a database that stores settings and options for the operating system |
| group policy | windows feature that provides centralized management and configuration of computers and remote users using the microsoft directory services active directory |
| rbac | third access control model assigns permissions to particular roles in the organization, and then assigns users to those roles |
| rule based role based access control | dynamically assigns roles pg 340 |
| local group policy | lgp |
| lgp | used to configure settings for systems that are not part of active directory |
| two common account restrictions | time of day |
| two common account restrictions | account expiration |
| time of day restrictions | can be used to limit when a user can log on to a system |
| orphaned accounts | user accounts that remain active after an employee has left an organization |
| dormant accounts | an account that has not been accessed for a lengthy time period |
| recommendations for dealing with orphaned or dormant accounts | establish a formal process |
| recommendations for dealing with orphaned or dormant accounts | terminate access immediately |
| recommendations for dealing with orphaned or dormant accounts | monitor logs |
| account expiration | process of setting a users account to expire |
| AAA | authentication,authorization,accounting |
| most common type of authentication and AAA servers | RADIUS |
| most common type of authentication and AAA servers | Kerberos |
| most common type of authentication and AAA servers | Terminal access control access control systems |
| most common type of authentication and AAA servers | generic servers built on lightweight directory access protocol |
| radius | remote authentication dial in user service |
| kerberos | used to verify the identity of networked users |
| radius is suitable for | high volume service control applications |
| supplicant | wireless device |
| radius | allows an organization to maintain user profiles in a central database that remote servers can share |
| terminal access control access control system | tacacs |
| tacacs | is an authentication service commonly used on unix devices that communicates by forwarding user authentication information to a centralized server |
| directory service | database stored on the network itself that contains information about users and network devices |
| RADIUS features | user datagram protocol |
| RADIUS features | combined authentication and authorization |
| RADIUS features | unencrypted communication |
| TACACS features | transmission control protocol |
| TACACS features | encrypted communication |
| TACACS features | interacts with kerberos |
| TACACS features | can authenticate network devices |
Created by:
cgeaski
Popular Computers sets