Term
| Mandatory Access Control (MAC) |
|
Definition
| In MAC access is controlled by comparing an object's security designation and a user's clearance. |
|
|
Term
| Discretionary Access Control (DAC) |
|
Definition
| In DAC, access to each object is controlled on a customized basis based on a users identity. Objects are controlled with an Access Control List(ACL) of subjects who are allowed to access the object. |
|
|
Term
| Role Based Access Control (RBAC) |
|
Definition
| In RBAC, users are asigned to pre-defined roles, and network objects are configured to allow access only to specific roles. roles are created independent of user accounts. |
|
|
Term
|
Definition
Kerberos authentication is based on a time-sensitive ticket granting system.
1. User logs on to the domain
2. User requests a ticket granting Ticket(TGT) from the authenticating server
3. The Auth server responds with a Time Stamped TGT
4. The user presents the TGT back to the auth server and requests a service ticket to access a specific resource.
5. The auth server responds with a service ticket
6. The user presents the service ticket to the resource.
7. the resource authenticates the user and allows access. |
|
|
Term
Challenge Handshake Authentication Protocol (CHAP)
AUTHENTICATION |
|
Definition
CHAP is a username/password authentication scheme.
1. Client logs on
2. The authenticating server sends a challenge message containng a random value
3. The client encrypts the same calue with the client password stored in its database
4. The auth server encrypts the same value with the client password stored in its database
5. If the two values match the user is authenticated |
|
|
Term
|
Definition
| Tokens are physical objects, such as smart cards or ID Badges that store authentication information. tokens can store personal ID numbers(PIN), information about the user, or passwords. Unique token values can be generated by special devices in response to a challenge from an authenticating server or by using independent algorithms. |
|
|
Term
|
Definition
| Biometrics are authentication schemes based on individuals' physical characteristics. this can involve a fingerprint scanner, a retinal scanner, or voice-recognition and face recognition software. Because biometric authentication is currently very expensive to implement, it isn't as widely adopted as other authentication methods. |
|
|
Term
Multi-Factor
AUTHENTICATION |
|
Definition
| Multi Factor authentication scheme that requires validation of at least two of the possible authentication factors. It can be any combination of who you are(Biometrics), what you have(Tokens, Cards, etc), and what you know(Passwords) |
|
|
Term
Mutual Authentication
AUTHENTICATION |
|
Definition
| Mutual Authentication is a security mechanism that requires that each party in a communication verify its identity. First, a service or resource verifies the client's credentials and then the client verifies the resource's credentials. |
|
|
Term
User Name/Pasword
AUTHENTICATION |
|
Definition
| The combination of a user name and password is one of the most basic authentication schemes. In this type of authentication, a user's credentials are compared against credentials stored in a database. |
|
|
Term
User Name/Pasword
AUTHENTICATION |
|
Definition
| The combination of a user name and password is one of the most basic authentication schemes. In this type of authentication, a user's credentials are compared against credentials stored in a database. |
|
|
Term
| Social Engineering Attacks |
|
Definition
| A social engineering attack is a type of attack that uses deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines. Social engineering is often a precursor to another type of attack. Attacks can come ina variety of methods: in person, through email, or over the phone |
|
|
Term
| DoS Attack (Denial of Service) |
|
Definition
A Denial of Service (DoS) attack is a type of software attack in which an attacker attempts to disable systems that provide network services by:
1. Flooding a network link with data to consume all available bandwidth.
2. Sending data designed to exploit known flaws in an application.
3. Sending multiple service requests to consue a system's resources.
TARGETS: SERVERS, ROUTERS |
|
|
Term
| DDoS (Distributed Denial of Service Attack) |
|
Definition
| A DDoS attack is a type of DoS atack that uses multiple computers on disparate networks to launch the attack from many simultaneous sources. The attacker introduces unauthorized software called a zombie or drone that directs the computers to launch the attack. |
|
|
Term
|
Definition
| A backdoor atack is a type of software attack where an attacker creates a software mechanism called a backdoor to gain access to a computer. The backdoor can be a software utility or an illegitimate user account. Typically, a backdoor is delivered through use of a Trojan horse or other malware. Backdoor software typically listens for commands from the attacker on an open port. |
|
|
Term
|
Definition
| An IP Spoofing attack is a type of softare attack where an attaker crates IP Packets with a forges source IP addres and uses those packets to gain access to a remote system. One sign of an IP spoofing attack is a network packet from an external source that appears to have an internal source address. |
|
|
Term
|
Definition
| A man in the middle attack is a type of software attack where an attacker inserts himself between two hosts to gain access to their data transmissions. The attacker captures and reads each packet, responds to it, and forwards it to the intended host, so that both the sender and receiver believe that they are communicating directly with each other. This deception allows attackers to manipulate the communication rather than just observe it passively. |
|
|
