Term
|
Definition
| The mechanism used in an information system to allow or restrict access to data or devices. |
|
|
Term
| access control list (ACL) |
|
Definition
| A set of permissions that are attached to an object. |
|
|
Term
|
Definition
| A standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications. |
|
|
Term
|
Definition
| The process of setting a user's account to expire. |
|
|
Term
| Discretionary Access Control (DAC) |
|
Definition
| The least restrictive access control model in which the owner of the object has total control over it. |
|
|
Term
|
Definition
| The second version of the Terminal Access Control Access Control System (TACACS) authentication service. |
|
|
Term
|
Definition
| Rejecting access unless a condition is explicitly met. |
|
|
Term
|
Definition
| The act of moving individuals from one job responsibility to another. |
|
|
Term
|
Definition
| An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users. |
|
|
Term
|
Definition
| An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content. |
|
|
Term
|
Definition
| Providing only the minimum amount of privileges necessary to perform a job or function. |
|
|
Term
| Lightweight Directory Access Protocol (LDAP |
|
Definition
| ) A protocol for a client application to access an X.500 directory. |
|
|
Term
| Mandatory Access Control (MAC) |
|
Definition
| The most restrictive access control model, typically found in military settings in which security is of supreme importance. |
|
|
Term
|
Definition
| Requiring that all employees take vacations. |
|
|
Term
| Remote Authentication Dial In User Service (RADIUS) |
|
Definition
| An industry standard authentication service with widespread support across nearly all vendors of networking equipment. |
|
|
Term
| Role Based Access Control (RBAC) |
|
Definition
| A "real-world" access control model in which access is based on a user's job function within the organization. |
|
|
Term
| Rule Based Access Control (RBAC) |
|
Definition
| An access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian. |
|
|
Term
|
Definition
| The practice of requiring that processes should be divided between two or more individuals. |
|
|
Term
|
Definition
| he current version of the Terminal Access Control Access Control System (TACACS) authentication service. |
|
|
Term
| Terminal Access Control Access Control System (TACACS) |
|
Definition
| An authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server. The current version is TACACS+. |
|
|
Term
|
Definition
| Limitations imposed as to when a user can log on to a system. |
|
|
