Lecture 7 - Ch. 5 Access Control

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is role-based access control?

(RBAC). Basing access rules on organizational roles. Cheaper and less prone to human error than individual accounts.

What're the 4 types of credentials a user can provide based on?

1) What you know (PW) 2) What you have (Access card) 3) What you are (Biometric) 4) What you do (Speak pass-phrase)

What're two examples of hardware devices used for access control? What're cons?

Access cards - Have microprocessor and RAM Tokens - One-time passwords Loss and theft are frequent

What is mandatory access control (MAC)?

Access controls are set by higher power, with no ability to alter by department

Define: Piggybacking

Also known as tailgating. Following authorized user through door

Define: AAA Protections

Authentication, Authorization, Auditing

What is the basis of biometric authentication and why is it desirable?

Based on biological measurements and will make usable passwords obsolete

What is individual access control?

Basing access permissions on individual accounts

What is discretionary access control (DAC)?

Department has ability to control rules set by higher power

What're the 2 generic types of cryptographic function used for authentication?

Electronic signatures in the forms of HMACS (fast and inexpensive) and Digital Signatures (extremely strong, but slow)

What is subject of ISO/IEC 9.2 and give an example on relevant control

Equipment security. Supporting utilities - Frequent testing.

What may cause FTE?

Failure to Enroll. Poor fingerprints due to clerical work or age

What is the difference between FARs and FRRs

False Acceptance Rates (FARs) is % of people identified as template matches but should not be. FRRs is the opposite.

What is a PKI and its weak link?

Firms are own CAs. Weakest link = human registration

Why are passwords not considered strong anymore?

Increased computer speeds available to hackers

What is the Principle of Least Permissions?

Initially giving people permissions needed to complete job

Does biometric require exact math between template and sample data?

It will never match, adjustments are made using the match index

What is subject of ISO/IEC 9.1 and give an example on relevant control

Secure areas. Create rules for working in secure areas - Limit unsupervised work.

What is multi-factor authentication?

Using two or more types together. Ex. Access card and PIN


Ensembles d'études connexes

United States and Capitals with pictures

View Set

Ch. 16: Absolutism and Constituionalism

View Set

Chapter 26: Phylogeny and the Tree of Life (MasteringBiology- Pearson)

View Set

Chapter 3 - Collecting Objective Data

View Set

Chapter Ten: Translation of Foreign Currency Financial Statements

View Set

Peds Practice: Ch 43 (Urinary) & CH 44 (Musculoskeletal)

View Set

Databases - Adaptive Reading Assignment

View Set