Term
| Discretionary Access Control (DAC) |
|
Definition
| Everyone has access to their own system, where there is not a centralized file system. |
|
|
Term
| Role-based Access Control (RBAC) |
|
Definition
Centralized server that has an administrator that grants rights.
Based on assigning roles to users and giving users rights based on the roles they possess. |
|
|
Term
|
Definition
|
|
Term
| Mandatory Access Control (MAC) |
|
Definition
Uses labels, clearances and system policies to restrict access based on a confidentiality and integrity model.
Not very flexible. |
|
|
Term
| Attribute-based Access Control (ABAC) |
|
Definition
| Flexible and complex access control. |
|
|
Term
| Rule-based Access Control |
|
Definition
Contained system (sandbox), flexible access control.
Based on implicit deny, least privilege, need to know. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Database itself, tables, views, rows (records), and columns (fields). |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| SELECT, INSERT, UPDATE, DELETE |
|
|
Term
What are the following qualities of?:
oGroup account for privileged users
oDefault user account with full control over system (Administrator / root)
oKey target for attackersoOften disabled after install (generic account prohibition)
oNamed administrative accounts but control administrative privileges carefully |
|
Definition
|
|
Term
What are the following qualities of?:
oAssign privileges directly to user accounts
oUnmanageable if numbers of users is large |
|
Definition
|
|
Term
| What is a service account? |
|
Definition
| An account that runs specific services. |
|
|
Term
| What does Sudo do in Linux? |
|
Definition
| Grant Superuser privileges. |
|
|
Term
What are the following qualities of?:
oAssign permissions to security groups and assign user accounts to relevant groups
oIssues with users inheriting multiple permissions |
|
Definition
|
|
Term
What are the following qualities?:
oGroups reflect system roles only
oMembership of roles is more selective
oUser should only have permissions from one role at a time |
|
Definition
|
|
Term
| What are accounts whose credentials are known to more than one person? |
|
Definition
|
|
Term
| What is a default account created when OS or appliance is installed (historically configured with a default password too)? |
|
Definition
|
|
Term
| What is an account with no credentials (anonymous logon)? |
|
Definition
|
|
Term
| Identity and Access Management |
|
Definition
|
|
Term
What are the following:
oActive Directory
oLocal Users and Groups
oUser Accounts applet |
|
Definition
| Windows account management tools |
|
|
Term
|
Definition
| Accounts go into Global groups, which go into Domain Local groups, which get Permissions |
|
|
Term
What are the following qualities of?:
•Recording object access
•Recording privilege use
•Logging
•Account for actions
•Detect intrusions
•Choosing what to log |
|
Definition
|
|
Term
What are the following qualities of?:
•Monitoring use of privileges
•Granting / revoking privileges
•Communication between IT and HR |
|
Definition
|
|
Term
What are the following?:
oAccount logon and management events
oProcess creation
oObject access (file system / file shares)
oChanges to audit policy
oChanges to system security and integrity (anti-virus, host firewall, and so on) |
|
Definition
| Important Information To Log |
|
|
Term
| What is an account that has not been used for a long period of time? |
|
Definition
|
|
Term
| What forces a user to keep using different passwords? |
|
Definition
| Enforcing Password History |
|
|
Term
| What only allows users to log on during particular times? |
|
Definition
|
|
Term
| What happens if a user is logged in past Log On Hours? |
|
Definition
|
|
Term
| What is an inactivity log out? |
|
Definition
| It logs you out if you are inactive for an extended period. |
|
|
Term
| Why is it important to audit account activity? |
|
Definition
| In case of an incident, to help prevent incidents, etc. |
|
|
