6.4 Compare and contrast authentication, authorization, accounting and non-repudiation concepts
Hardware Token
A device held by a user that displays a number or a password that changes frequently, such as every 60 seconds. The number is synchronized with a server and used as a onetime password.
Discretionary Access Control (DAC)
A type of security access control that grants or restricts object access via an access policy determined by an object's owner group and/or subjects.
Role-based access control
Access control model where resources are protected by ACLs. However, management of ACLs is reserved to administrators rather than owners and users are assigned permissions according to job function rather than personally.
Software Token
An app, or other software that generates a token for authentication.
Rule-Based Access Control
Any access control model that follows system-enforced rules that cannot be countermanded can be described as rule-based.
what are the 4 access control methods covered in ITF+?
Role-based access Rule-based access mandatory access discretionary access
accounting
The process of keeping track of user activity while attached to a system.
Non-repudiation
The security principle of providing proof that a transaction occurred between identified parties. Repudiation occurs when one party in a transaction denies that the transaction took place.
all web browsers track:
Where you've gone
logs
a file that keeps registry of events, processes, messages & communication between various communicating software applications & the OS
Mandatory Access Control (MAC)
a set of security policies constrained according to system classification, configuration and authentication
permissions
access details given by users or network administrators that define access rights to files on a network.
Guest account
account used for users who need temporary access to the computer
standard account
account which is used for everyday computing but must provide the name & password for an admin before they can perform admin-like tasks
administrator account
account which provides the most control over the computer
which of the following terms specifically refers to methods for recording users access to internal & external resources?
accounting
biometric identification is a highly effective way of determining if:
an individual's presence physically allowed in a facility or on a computer system or network
network permissions apply to:
any remote user of a shared resource such as a folder file
high quality video recordings of an individual entering, leaving, or occupying a space can be used to:
determine if someone was present in an unauthorized location
Discretionary Access Control (DAC) enables users to:
determine which users & groups can have access to their resources, & at what level
what are the 3 common accounting methods?
logs tracking web browser history
what the user knows, what the user has, and who the user is are examples of which of the following?
multifactor Authentication
are receipts alone absolute proof of the ID of the sender?
no
you want to print a color presentation at 7pm, but the color laser printer wont be available until 9am tomorrow. what type of access control is in use in your organization?
rule-based
authentication
the act of proving an assertion, such as the identity of a computer system user
accounting accounts for:
the amount of time spent in the network services accessed while there amount of data transferred during the session
Least Privilege Principle
the concept & practice of restricting access rights for users, accounts, & computing processes to only those resources absolutely required to perform routine. legitimate activity
biometrics
the identification of a user based on a physical characteristic, such as a fingerprint, face, or retinal scan
online tracking refers to a website or company that tracks:
the pages you visit searches you perform other activities to improve their services or sell to other companies monitor your device's geographical location
single-factor authentication
the traditional security process, which requires a user name and password
multifactor authentication
the use of two or more types of authentication credentials in conjunction to achieve a greater level of security
what are the methods of non-repudiation?
video biometrics signature receipt
MFA works with some combination of the following:
what the user knows (password or pin) what the user has (smart card or fob) who the user is (biometric data) something the user does (walking gait, handwriting) where the user is (trusted or untrusted locations)
