Term | Definition |
Access Control | The mechanism used in an information system for granting or denying approval to use specific resources |
Access Control List | A set permissions that is attached to an object |
Access Control Model | A predefined framework found in hardware and software that a custodian can use for controlling access |
Account Expiration | The process of setting a users account to expire |
Discretionary Access Control | The least restrictive access control model in which the owner of the object has total control over it |
Extended TACACS | The second version of the Terminal Access Control Access Control System |
Group Policy | A Microsoft Windows feature that provides centralized management and configuration of computers and remote users |
Implicit Deny | Rejecting access unless a condition is explicitly met |
Job Rotation | The act of moving individuals from one job responsibility to another |
Kerberos | An authentication system developed by the Massachusetts Institute of Technology and used to verify the identify of networked users |
LDAP Injection Attack | An attack that constructs LDAP statements based on user statements allowing the attacker to retrieve information from LDAP database or modify its content |
Least Privilege | Providing only the minimum amount of privileges necessary to perform a job or function |
Lightweight Directory Access Protocol | A protocol for a client application to access an X.500 directory |
Mandatory Access Control | The most restrictive access control model typically found in military settings in which security is of supreme importance |
Mandatory Vacations | Requiring that all employees take vacations |
Remote Authentication Dial In User Service | An industry standard authentication service with widespread support across nearly all vendors of networking equipment |
Role Based Access Control | A real World access control model in which access is abased on a users job function within the organization |
Rule Based Access Control | An access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian |
Secure LDAP | Transporting LDAP traffic over Secure Sockets Layer Or Transport Layer Security |
Security Assertion Markup Language | An extensible Markup Language standard that allows secure web domains to exchange user authentication and authorization data |
Separation of Duties | The practice of requiring that processes should be divided between two or more individuals |
TACACS+ | The current version of the Terminal Access Control Access Control System TACACS authentication service |
Terminal Access Control Access Control System | An authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server Ther version is TACACS+ |
Time Of Day Restriction | Limitation imposed as to when a user can log in to a system or access resources |