click below
click below
Normal Size Small Size show me how
Chapter 11
Chapter 11 Terms
Term | Definition |
---|---|
access control | The mechanism used in an information system for granting or denying approval to use specific resources. |
access control list | A set of permissions that is attached to an object. |
access control model | A predefined framework found in hardware and software that a custodian can use for controlling access. |
account expiration | The process of setting a user's account to expire. |
Discretionary Access Control (DAC) | The least restrictive access control model in which the owner of the object has total control over it. |
Extended TACACS (XTACACS) | The second version of the Terminal Access Control Access Control System (TACACS) authentication service. |
Group Policy | A Microsoft Windows feature that provides centralized management and configuration of computers and remote users. |
implicit deny | Rejecting access unless a condition is explicitly met. |
job rotation | The act of moving individuals from one job responsibility to another. |
Kerberos | An authentication system developed by the Massachusetts Institute of Technology and used to verify the identity of networked users. |
LDAP injection attack | An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content. |
least privilege | Providing only the minimum amount of privileges necessary to perform a job or function. |
Lightweight Directory Access Protocol | A protocol for a client application to access an X.500 directory. |
Mandatory Access Control (MAC) | The most restrictive access control model, typically found in military settings in which security is of supreme importance. |
mandatory vacations | Requiring that all employees take vacations. |
Remote Authentication Dial In User Service (RADIUS) | An industry standard authentication service with widespread support across nearly all vendors of networking equipment. |
Role Based Access Control (RBAC) | A "real-world" access control model in which access is based on a user's job function within the organization. |
Rule Based Access Control (RBAC) | An access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian. |
Secure LDAP | Transporting LDAP traffic over Secure Sockets Layer or Transport Layer Security. |
Security Assertion Markup Language | An Extensible Markup Language standard that allows secure web domains to exchange user authentication and authorization data. |
separation of duties | The practice of requiring that process should be divided between two or more individuals. |
TACACS+ | The current version of the Terminal Access Control Access Control System authentication service. |
Terminal Access Control Access Control System | An authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server. The current version is TACACS+. |
time-of-day restriction | Limitation imposed as to when a user can log in to a system or access resources. |