Shared Flashcard Set

Details

CompTIA Sec+ 4.3
Identity and access management controls
40
Computer Science
Professional
12/01/2018

Additional Computer Science Flashcards

 


 

Cards

Term
Access control models
Definition
- MAC
- DAC
- ABAC
- Role-based
- Rule-based
Term
MAC - Mandatory Access COntrol
Definition
-Operating system limits operation on an object
-Based on security clearance level
-Every object gets a label: Secret, Top Secret, Confidential
-Objects labeled with predefined rules
-Users granted access level
Term
DAC - Discretionary Access Control
Definition
-Owner of a file sets the access control
-Owner can modify access
-Flexible control
-Weak security because it relies on file owner to set appropriate level of access
Term
ABAC - Attribute Based Access Control
Definition
-Next generation model
-Access based on different criteria
-Aware of context
-Can be based on relationship such as Resource information, IP address, time of day, desired information, relationship to data and more.
Term
RBAC - Role-based Access Control
Definition
-Access control based on security groups such as a Windows Domain
-Groups are assigned access, and members of those groups receive rights implicitly
Term
Rule-based Access Control
Definition
-Type of access control based on conditions other than who you are
-Determined through system enforced criteria
-Associated with ACLs for an object
-Access based on time window, type of browser, etc
Term
Physical access control
Definition
-Proximity cards
-Smart cards
Term
Biometric factors
Definition
- Fingerprint scanner
- Retinal scanner
- Iris scanner
- Voice recognition
- Facial recognition
- False acceptance rate
- False rejection rate
- Crossover error rate
Term
False acceptance rate (FAR)
Definition
The measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user
Term
False rejection rate (FRR)
Definition
The measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user.
Term
Crossover error rate (CER)
Definition
The rate where both accept and reject error rates are equal.
Term
Tokens
Definition
- Hardware
- Software
- HOTP/TOTP
Term
• Certificate-based authentication
Definition
- PIV/CAC/smart card
- IEEE 802.1x
Term
File system security
Definition
-Permissions based on user or group
-Centrally administered, or users can manage access to their own files
-May be encrypted
-Uses ACL's
Term
Database security
Definition
-Separate from file security on back end servers
-BackEnd server with its own security for handling data
-Data integrity is usually an option
-No data is lost due to a fault
Term
AUthorization - Policy Enforcement
Definition
Process of ensuring only authorized rights are exercised
Term
AUthorization - Policy Definition
Definition
Process of determining rights
Term
Facial Recognition
Definition
Biometric authentication method that uses nodal points to identify the user
Term
Abandon
Definition
LDAP operation that will discontinue an operation that is in progress
Term
Radius Server Account information
Definition
Stored credentials in a centralized database for remote access.
Term
SASL
Definition
LDAP communication is secured through this standard interface
Term
BioCatch
Definition
Behavioral Biometrics company.
Term
Behavioral Biometric Profile
Definition
-Cognitive factors such as eye-hand coordination, applicative behavior patterns, usage preferences, device interaction patterns and responses to Invisible Challenges.

-Physiological factors such as left/right handedness, press-size, hand tremors, arm size and muscle usage.

-Contextual factors such as transaction, navigation, device and network patterns.
Term
Continuous Authentication
Definition
a technology that can continuously verify -the identity of the user throughout a session.
-Through analysis of a user’s behaviors and interactions with a device, continuous authentication can spot vulnerabilities at any point in a session.
Term
LDAP Bind
Definition
Authenticate a user and change the identity of the client connection.
Term
LDAP Search
Definition
Retrieve entries that match a given set of criteria.
Term
LDAP Compare
Definition
Determine whether a specified entry has a particular attribute value.
Term
LDAP Add
Definition
Create a new entry in the directory.
Term
LDAP Delete
Definition
Remove an entry from the directory.
Term
LDAP Modify
Definition
Alter the content of an entry in the directory
Term
LDAP Modify DN
Definition
Change the DN of an entry in the directory.
Term
LDAP Ubind
Definition
Close the connection to the directory server.
Term
LDAP Abandon
Definition
Request that the server stop processing a previously requested operation.
Term
LDAP Extended
Definition
Request some other type of processing that isn’t covered by one of the other operation types.
Term
LDAP Operation Types
Definition
1. Bind
2. Search
3. Compare
4. Add
5. Delete
6. Modify
7. Modify DN
8. Unbind
9. Abandon
10. Extended
Term
Tuning
Definition
-Can reduce false positives over time.
Term
HOTP
Definition
HMAC based one time password
Term
TOTP
Definition
Time based one time password
Term
Time based OTP
Definition
-Based on HMAC OTP
-Uses time instead of a counter
Term
HMAC based OTP
Definition
-Uses a secret key or seed known by the token and the server
-the token feeds the counter into the HMAC algorithm using the token seed as the key
Supporting users have an ad free experience!