Shared Flashcard Set

Details

ITEC CH9
ITEC CH9
43
Computer Science
Undergraduate 4
03/21/2013

Additional Computer Science Flashcards

 


 

Cards

Term
Identification
Definition
Presenting credentials
–Example: delivery driver presenting employee badge
Term
Authentication
Definition
Checking the credentials
–Example: examining the delivery driver’s badge
Term
Authorization
Definition
Granting permission to take action
–Example: allowing delivery driver to pick up package
Term
Object
Definition
Specific resource
–Example: file or hardware device
Term
Subject
Definition
User or process functioning on behalf of a user
–Example: computer user
Term
Operation
Definition
Action taken by the subject over an object
–Example: deleting a file
Term
Access Control Models
Definition
Standards that provide a predefined framework for hardware or software developers
Term
Access Control Models (cont’d.)
Definition
Mandatory Access Control
–Most restrictive access control model
–Typically found in military settings
–Two elements
•Labels
•Levels
Security+
Term
Discretionary Access Control (DAC)
Definition
Least restrictive model
–Every object has an owner
–Owners have total control over their objects
–Owners can give permissions to other subjects over their objects
Term
Role Based Access Control (RBAC)
Definition
Also called Non-discretionary Access Control
–Access permissions are based on user’s job function
Term
RBAC assigns permissions to particular roles in an organization
Definition
Users are assigned to only 1 role
Term
Rule Based Access Control (cont’d.)
Definition
Each resource object contains access properties based on the rules
–When user attempts access, system checks object’s rules to determine access permission
–Often used for managing user access to one or more systems
•Business changes may trigger application of the rules specifying access changes
Term
Separation of duties
Definition
Fraud can result from single user being trusted with complete control of a process
–Requiring two or more people responsible for functions related to handling money
–System is not vulnerable to actions of a single person
Term
Directory service
Definition
Database stored on a network
–Contains information about users and network devices
–Keeps track of network resources and user’s privileges to those resources
–Grants or denies access based on its information
Term
(LDAP)
Definition
Lightweight Directory Access Protocol
Term
Owner
Description
Definition
Person responsible for the information
Term
Owner duties
Definition
Determines the level of security needed for the data and delegates security duties as required
Term
Owner Example
Definition
Determines that the file salary.xlsx can be read only by department managers
Term
Custodian
Description
Definition
Individual to whom day-to-day actions have been assigned by the owner
Term
Custodian
Duties
Definition
periodically reviews security settings and maintains records of access by end users
Term
Custodian
Example
Definition
Sets and reviews security settings on Salary.xlsx
Term
End User
Description
Definition
user who accesses information in the course of routine job responsibilities
Term
End user
Duties
Definition
Follows organization's security guidelines and does not attempt to circumvent security
Term
End User
Example
Definition
Opens Salary.xlsx
Term
Access
Description
Definition
Right given to access specific resources
Term
Access
Scenerio example
Definition
Delivery person can only retrieve box by door
Term
Access
Computer process
Definition
user allowed to access only specific data
Term
MAC
Mandatory Access Control
Definition
Most restrictive
found in military settings
2 elements: labels and levels
Matching object labels with subject labels based on their respective labels
Term
2 major implementations of MAC
Definition
Lattice
Bell-LaPadula
Term
Bell LaPadula Model
Definition
additional restriction not found in the original lattice model
prevents subjects from creating new object or performing specific functions on objects that are lower level than their own
Term
UAC
Windows User Account Function
Definition
Standard user who attempts to install software is required by UAC to enter a high level administrative password.
Attempts to match the subjects privilege level with that of the object
Term
DAC
Discretionary Access Control
Definition
least restrictive
every object has an owner
owners can create and access their objects freely
the owner can give permissions to other subjects
Term
Weaknesses of DAC
Definition
Relies on decisions by the end user to set the proper level of security
subjects permissions will be inherited by any programs that the subject executes
inheritance are vulnerable to Trojans
Term
RBAC
Role Based Access Control
Definition
Non discretionary Control
based on users job function within an organization
assigns permissions to a particular role, then assign users to those roles
users and objects inherit all of the permissions for the role
Term
RBAC
Rule Based Access Control
Definition
Automated provisioning
dynamically assign roles to subjects based on a set of rules defined by a custodian
each resource object contains a set of access properties based on rules
cannot be changed by users
Term
Access Control models
Definition
MAC
DAC
RBAC
RBAC
Term
Best Practices for Access Control
Definition
Separation of duties
job rotation
least privileges
implicit deny
mandatory vacations
Term
separation of duties
Definition
requires that if the fraudulent application of a process could be potentially result in a breach of security, then process should be divided between two or more individuals
Term
job rotation
Definition
employees rotate either within their home department or across positions in other departments
Term
least privilege
Definition
only minimum amount of privileges necessary to perform a job or function should be allocated
Term
Implicit deny
Definition
if a condition is not explicitly met, then the request for access is rejected
Term
mandatory vacations
Definition
an audit is performed while they are on vacation
Term
ACL
Access Control Lists
Definition
set of permissions that are attached to an object
which subjects are allowed to access the object and what operations they can perform
Supporting users have an ad free experience!