Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

SecurityCHPT9

terms

QuestionAnswer
access control granting or denying approval to use specific resources
roles in access control owner
roles in access control custodian
roles in access control end user
basic steps in access control identification
basic steps in access control authentication
basic steps in access control authorization
basic steps in access control access
authentication checking the persons credentials or id when logging into the system
authorization granting permission to take action
access control model standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications
four major access control models mandatory access control
four major access control models discretionary access control
four major access control models role based access control
four major access control models rule based access control
MAC typically found in military settings in which security is of supreme importance
two elements of MAC labels
two elements of MAC levels
two major implementations of mandatory access control lattice model
two major implementations of mandatory access control bell-lapadula model
lattice a type of screen or femcing that is used as a support for climbing garden plants
bella lapudla model protection prevents subjects from creating a new object or performing specific functions on objects that are at a lower level than their own
microsoft windows four security levels low
microsoft windows four security levels medium
microsoft windows four security levels high
microsoft windows four security levels system
dac discretionary access control
dac least restrictive
dac model every object has an owner who has total control over that object
dac has two significant weaknesses poses risks in that it relies on decisions by the end user to set the proper level security
dac has two significant weaknesses subjects permissions will be inherited by any programs that the subject executes
role based access control rbac
rbac non discretionary access control
rbac based on a users job function within an organization
rbac model assigns permissions to particular ???? pg 340
access control models mandatory access control
access control models discretionary access control
access control models role based access control
access control models rule based access control
establishing a set of best practices for limiting access can also help secure systems and data
best practices for access control separation of duties
best practices for access control job rotation
best practices for access control least priviliege
best practices for access control implicit deny
best practices for access control mandatory vacation
separation of duties requires that if the fraudulent application of a process could potentially result in breach of security,then the process should be divided between two or more individuals
job rotation individuals are periodically moved from one job responsibility to another
job rotation advantages limits the amount of time that individuals are in a position to manipulate security configurations
job rotation advantages helps to expose any potential avenues for fraud by having multiple individuals with different perspectives learn about the job and uncover vulnerabilities that someoneelse may have overlooked
job rotation advantages reduce burnout
challenges of least privileges legacy applications
challenges of least privileges common administrative tasks
challenges of least privileges software installation/upgrade
least privilege in access control means that only the minimum amount of privileges necessary to perform a job or function should be allocated
object specific resource
subject user or process function on behalf of the user
implicit deny means that if a condition is not explicitly met then the request for access is rejected
dac model that uses explicit deny have stronger security because access control to all users is denied by default and permissions must be explicitly granted to approved users
acess control list set of permissions that are attached to an object
access control entry items security identifier
access control entry items an access mask that specifies the access rights controlled by the ace
access control entry items a flag that indicates the type of ACE
access control entry items a set of flags that determine whether objects can inherit permission
operation the action that is taken by the subject over the object
labels represent the relative importance of the object
in a system using mandatory access control every entitiy is an object
MAC granst permissions by matching object labels with subject labels based on their respective levels
rule based role based access control can dynamically assign roles to subjects based on a set of rules defined by a custodian
sudo superuser do command
sudo prompts the user for their personal password and confirms the request to execute a command
registry a database that stores settings and options for the operating system
group policy windows feature that provides centralized management and configuration of computers and remote users using the microsoft directory services active directory
rbac third access control model assigns permissions to particular roles in the organization, and then assigns users to those roles
rule based role based access control dynamically assigns roles pg 340
local group policy lgp
lgp used to configure settings for systems that are not part of active directory
two common account restrictions time of day
two common account restrictions account expiration
time of day restrictions can be used to limit when a user can log on to a system
orphaned accounts user accounts that remain active after an employee has left an organization
dormant accounts an account that has not been accessed for a lengthy time period
recommendations for dealing with orphaned or dormant accounts establish a formal process
recommendations for dealing with orphaned or dormant accounts terminate access immediately
recommendations for dealing with orphaned or dormant accounts monitor logs
account expiration process of setting a users account to expire
AAA authentication,authorization,accounting
most common type of authentication and AAA servers RADIUS
most common type of authentication and AAA servers Kerberos
most common type of authentication and AAA servers Terminal access control access control systems
most common type of authentication and AAA servers generic servers built on lightweight directory access protocol
radius remote authentication dial in user service
kerberos used to verify the identity of networked users
radius is suitable for high volume service control applications
supplicant wireless device
radius allows an organization to maintain user profiles in a central database that remote servers can share
terminal access control access control system tacacs
tacacs is an authentication service commonly used on unix devices that communicates by forwarding user authentication information to a centralized server
directory service database stored on the network itself that contains information about users and network devices
RADIUS features user datagram protocol
RADIUS features combined authentication and authorization
RADIUS features unencrypted communication
TACACS features transmission control protocol
TACACS features encrypted communication
TACACS features interacts with kerberos
TACACS features can authenticate network devices
Created by: cgeaski