Term
|
Definition
- MAC
- DAC
- ABAC
- Role-based
- Rule-based |
|
|
Term
| MAC - Mandatory Access COntrol |
|
Definition
-Operating system limits operation on an object
-Based on security clearance level
-Every object gets a label: Secret, Top Secret, Confidential
-Objects labeled with predefined rules
-Users granted access level |
|
|
Term
| DAC - Discretionary Access Control |
|
Definition
-Owner of a file sets the access control
-Owner can modify access
-Flexible control
-Weak security because it relies on file owner to set appropriate level of access |
|
|
Term
| ABAC - Attribute Based Access Control |
|
Definition
-Next generation model
-Access based on different criteria
-Aware of context
-Can be based on relationship such as Resource information, IP address, time of day, desired information, relationship to data and more. |
|
|
Term
| RBAC - Role-based Access Control |
|
Definition
-Access control based on security groups such as a Windows Domain
-Groups are assigned access, and members of those groups receive rights implicitly |
|
|
Term
| Rule-based Access Control |
|
Definition
-Type of access control based on conditions other than who you are
-Determined through system enforced criteria
-Associated with ACLs for an object
-Access based on time window, type of browser, etc |
|
|
Term
|
Definition
-Proximity cards
-Smart cards |
|
|
Term
|
Definition
- Fingerprint scanner
- Retinal scanner
- Iris scanner
- Voice recognition
- Facial recognition
- False acceptance rate
- False rejection rate
- Crossover error rate |
|
|
Term
| False acceptance rate (FAR) |
|
Definition
| The measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user |
|
|
Term
| False rejection rate (FRR) |
|
Definition
| The measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user. |
|
|
Term
| Crossover error rate (CER) |
|
Definition
| The rate where both accept and reject error rates are equal. |
|
|
Term
|
Definition
- Hardware
- Software
- HOTP/TOTP |
|
|
Term
| • Certificate-based authentication |
|
Definition
- PIV/CAC/smart card
- IEEE 802.1x |
|
|
Term
|
Definition
-Permissions based on user or group
-Centrally administered, or users can manage access to their own files
-May be encrypted
-Uses ACL's |
|
|
Term
|
Definition
-Separate from file security on back end servers
-BackEnd server with its own security for handling data
-Data integrity is usually an option
-No data is lost due to a fault |
|
|
Term
| AUthorization - Policy Enforcement |
|
Definition
| Process of ensuring only authorized rights are exercised |
|
|
Term
| AUthorization - Policy Definition |
|
Definition
| Process of determining rights |
|
|
Term
|
Definition
| Biometric authentication method that uses nodal points to identify the user |
|
|
Term
|
Definition
| LDAP operation that will discontinue an operation that is in progress |
|
|
Term
| Radius Server Account information |
|
Definition
| Stored credentials in a centralized database for remote access. |
|
|
Term
|
Definition
| LDAP communication is secured through this standard interface |
|
|
Term
|
Definition
| Behavioral Biometrics company. |
|
|
Term
| Behavioral Biometric Profile |
|
Definition
-Cognitive factors such as eye-hand coordination, applicative behavior patterns, usage preferences, device interaction patterns and responses to Invisible Challenges.
-Physiological factors such as left/right handedness, press-size, hand tremors, arm size and muscle usage.
-Contextual factors such as transaction, navigation, device and network patterns. |
|
|
Term
| Continuous Authentication |
|
Definition
a technology that can continuously verify -the identity of the user throughout a session.
-Through analysis of a user’s behaviors and interactions with a device, continuous authentication can spot vulnerabilities at any point in a session. |
|
|
Term
|
Definition
| Authenticate a user and change the identity of the client connection. |
|
|
Term
|
Definition
| Retrieve entries that match a given set of criteria. |
|
|
Term
|
Definition
| Determine whether a specified entry has a particular attribute value. |
|
|
Term
|
Definition
| Create a new entry in the directory. |
|
|
Term
|
Definition
| Remove an entry from the directory. |
|
|
Term
|
Definition
| Alter the content of an entry in the directory |
|
|
Term
|
Definition
| Change the DN of an entry in the directory. |
|
|
Term
|
Definition
| Close the connection to the directory server. |
|
|
Term
|
Definition
| Request that the server stop processing a previously requested operation. |
|
|
Term
|
Definition
| Request some other type of processing that isn’t covered by one of the other operation types. |
|
|
Term
|
Definition
1. Bind
2. Search
3. Compare
4. Add
5. Delete
6. Modify
7. Modify DN
8. Unbind
9. Abandon
10. Extended |
|
|
Term
|
Definition
| -Can reduce false positives over time. |
|
|
Term
|
Definition
| HMAC based one time password |
|
|
Term
|
Definition
| Time based one time password |
|
|
Term
|
Definition
-Based on HMAC OTP
-Uses time instead of a counter |
|
|
Term
|
Definition
-Uses a secret key or seed known by the token and the server
-the token feeds the counter into the HMAC algorithm using the token seed as the key |
|
|
