Term
|
Definition
| Granting or denying approval to use specific resources. |
|
|
Term
|
Definition
| Consists of fencing, hardware door locks, and mantraps to limit contact with devices. |
|
|
Term
|
Definition
| Consists of technology restrictions that limit users on computers from accessing data |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Granting permission to take action |
|
|
Term
|
Definition
| A record that is preserved of who accessed the network, what resources they accessed, and when they disconnected |
|
|
Term
| What are the steps to Access Control? |
|
Definition
| Identification, Authentication, Authorization and Accounting |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A user or process functioning on behalf of a user |
|
|
Term
|
Definition
| The action taken by the subject over an object |
|
|
Term
|
Definition
| Ensures the enterprise complies with data privacy laws and its own privacy policies |
|
|
Term
|
Definition
| Periodically reviews securitysettings and maintains records of access by end users |
|
|
Term
|
Definition
| Determines the level of security needed for the data and delegates security duties as required |
|
|
Term
|
Definition
| Follows organization’s securityguidelines and does not attempt to circumvent security |
|
|
Term
|
Definition
| Standards that provide a predefined framework for hardware or software developers |
|
|
Term
| Discretionary Access Control (DAC) |
|
Definition
•Least restrictive model
•Every object has an owner
•Owners have total control over their objects
•Owners can give permissions to other subjects over their objects |
|
|
Term
| What OS use Discretionary Access Control (DAC)? |
|
Definition
| Unix and Microsoft Windows |
|
|
Term
| What are the weaknesses of Discretionary Access Control (DAC) ? |
|
Definition
•Poses a risk in that it relies on decision by the end user to set the proper level of security
•A subject’s permissions will be “inherited” by any programs that the subject executes |
|
|
Term
| What Is Mandatory Access Control (MAC)? |
|
Definition
| •User has no freedom to set any controls or distribute access to other subjects |
|
|
Term
| What are the two elements of Mandatory Access Control (MAC)? |
|
Definition
|
|
Term
| Mandatory Access Control (MAC) Labels |
|
Definition
Every entity is an object and is assigned a classification label that represents the relative importance of the object
•Subjects are assigned a privilege label (clearance) |
|
|
Term
| Mandatory Access Control (MAC) Levels |
|
Definition
A hierarchy based on the labels is used.
•Top secret has a higher level than secret, which has a higher level than confidential |
|
|
Term
| How does Mandatory Access Control (MAC) grant permissions? |
|
Definition
By matching object labels with subject labels
•Labels indicate level of privilege |
|
|
Term
| How does Mandatory Access Control (MAC) determine if a file may be open? |
|
Definition
•Object and subject labels are compared
•The subject must have equal or greater level than object to be granted access |
|
|
Term
| What are the two major implementations of Mandatory Access Control (MAC)? |
|
Definition
| Lattice model and Bell-LaPadula model |
|
|
Term
| What is the Lattice Model? |
|
Definition
•Subjects and objects are assigned a “rung” on the lattice
•Multiple lattices can be placed beside each other |
|
|
Term
| What is the Bell-LaPadula (BLP) model? |
|
Definition
•Similar to lattice model
•Subjects may not create a new object or perform specific functions on lower level objects |
|
|
Term
| In what environment is Mandatory Access Control (MAC) used? |
|
Definition
|
|
Term
| Microsoft Windows uses a MAC implementation called...? |
|
Definition
| Mandatory Integrity Control (MIC) |
|
|
Term
| User Access Control (UAC) |
|
Definition
| Windows feature that controls user access to resources |
|
|
Term
| How Does Mandatory Integrity Control (MIC) Work? |
|
Definition
| A security identifier (SID) is issued to the user, group, or session that is used to identify the user during Windows Interactions based on the SID's integrity level. |
|
|
Term
| Role Based Access Control (RBAC) |
|
Definition
| Assigns permissions to particular roles in the organization and then users are assigned to roles |
|
|
Term
| Rule-Based Role-Based Access Control (RB-RBAC) |
|
Definition
| Dynamically assigns roles to subjects based on a set of rules defined by a custodian |
|
|
Term
| Attribute-Based Access Control |
|
Definition
Uses policies that can combine attributes.
Super Flexible. |
|
|
Term
| Steps to Hiring a New Employee In A Microsoft Environment |
|
Definition
•Provision the new computer
•Create email mailboxes and AD users
•Add user accounts to groups
•Create home folder
•Review security settings |
|
|
Term
| Steps to Firing an Employee |
|
Definition
•Back up all employee files from local computer and server
•Archive email
•Forward email to a manager or coworker
•Hide the name from the email address book |
|
|
Term
|
Definition
| User accounts that remain active after an employee has left |
|
|
Term
|
Definition
| An account that has not been accessed for a lengthy period |
|
|
Term
|
Definition
| Used to limit when a user can log into their account |
|
|
Term
| Least privilege in access control |
|
Definition
| Only the minimum amount of privileges necessary to perform a job or function should be allocated |
|
|
Term
| Best Practices of Access Control |
|
Definition
•Separation of duties
•Job rotation
•Mandatory vacations
•Clean desk policy |
|
|
Term
|
Definition
| Requires that if the fraudulent application of a process could potentially result in a breach of security, the process should be divided between two or more individuals |
|
|
Term
|
Definition
| Individuals periodically moved between job responsibilities |
|
|
Term
|
Definition
| Limits fraud, because perpetrator must be present daily to hide fraudulent actions |
|
|
Term
|
Definition
| Designed to ensure that all confidential or sensitive materials are removed form a user’s workspace and secured when the items not in use |
|
|
Term
| Technologies used to implement access control: |
|
Definition
•Access control lists (ACLs)
•Group-based access control |
|
|
Term
|
Definition
| A set of permissions attached to an object |
|
|
Term
| Each entry in the ACL table is called an ... ? |
|
Definition
| Access control entry (ACE) |
|
|
Term
| Group-based access control |
|
Definition
| Permits the configuration of multiple computers by setting a single policy for enforcement |
|
|
Term
| What services can be used to provide identity and access services? |
|
Definition
•RADIUS
•Kerberos
•Terminal Access Control Access Control Systems
•Generic servers built on the Lightweight Directory Access Protocol (LDAP)
•Security Assertion Markup Language
•Authentication framework protocols |
|
|
Term
| Lightweight Directory Access Protocol |
|
Definition
•Contains information about users and network devices
•Keeps track of network resources and user’s privileges to those resources
•Grants or denies access based on its information |
|
|
Term
| The Standard Directory of Services for LDAP is? |
|
Definition
|
|
Term
| Security Assertion Markup Language (SAML) |
|
Definition
| An Extensible Markup Language (XML) standard that allows secure web domains to exchange user authentication and authorization data |
|
|
Term
| Extensible Authentication Protocol (EAP) |
|
Definition
| A framework for transporting authentication protocols |
|
|
