6.4 Compare and contrast authentication, authorization, accounting and non-repudiation concepts

Hardware Token

A device held by a user that displays a number or a password that changes frequently, such as every 60 seconds. The number is synchronized with a server and used as a onetime password.

Discretionary Access Control (DAC)

A type of security access control that grants or restricts object access via an access policy determined by an object's owner group and/or subjects.

Role-based access control

Access control model where resources are protected by ACLs. However, management of ACLs is reserved to administrators rather than owners and users are assigned permissions according to job function rather than personally.

Software Token

An app, or other software that generates a token for authentication.

Rule-Based Access Control

Any access control model that follows system-enforced rules that cannot be countermanded can be described as rule-based.

what are the 4 access control methods covered in ITF+?

Role-based access Rule-based access mandatory access discretionary access

accounting

The process of keeping track of user activity while attached to a system.

Non-repudiation

The security principle of providing proof that a transaction occurred between identified parties. Repudiation occurs when one party in a transaction denies that the transaction took place.

all web browsers track:

Where you've gone

logs

a file that keeps registry of events, processes, messages & communication between various communicating software applications & the OS

Mandatory Access Control (MAC)

a set of security policies constrained according to system classification, configuration and authentication

permissions

access details given by users or network administrators that define access rights to files on a network.

Guest account

account used for users who need temporary access to the computer

standard account

account which is used for everyday computing but must provide the name & password for an admin before they can perform admin-like tasks

administrator account

account which provides the most control over the computer

which of the following terms specifically refers to methods for recording users access to internal & external resources?

accounting

biometric identification is a highly effective way of determining if:

an individual's presence physically allowed in a facility or on a computer system or network

network permissions apply to:

any remote user of a shared resource such as a folder file

high quality video recordings of an individual entering, leaving, or occupying a space can be used to:

determine if someone was present in an unauthorized location

Discretionary Access Control (DAC) enables users to:

determine which users & groups can have access to their resources, & at what level

what are the 3 common accounting methods?

logs tracking web browser history

what the user knows, what the user has, and who the user is are examples of which of the following?

multifactor Authentication

are receipts alone absolute proof of the ID of the sender?

no

you want to print a color presentation at 7pm, but the color laser printer wont be available until 9am tomorrow. what type of access control is in use in your organization?

rule-based

authentication

the act of proving an assertion, such as the identity of a computer system user

accounting accounts for:

the amount of time spent in the network services accessed while there amount of data transferred during the session

Least Privilege Principle

the concept & practice of restricting access rights for users, accounts, & computing processes to only those resources absolutely required to perform routine. legitimate activity

biometrics

the identification of a user based on a physical characteristic, such as a fingerprint, face, or retinal scan

online tracking refers to a website or company that tracks:

the pages you visit searches you perform other activities to improve their services or sell to other companies monitor your device's geographical location

single-factor authentication

the traditional security process, which requires a user name and password

multifactor authentication

the use of two or more types of authentication credentials in conjunction to achieve a greater level of security

what are the methods of non-repudiation?

video biometrics signature receipt

MFA works with some combination of the following:

what the user knows (password or pin) what the user has (smart card or fob) who the user is (biometric data) something the user does (walking gait, handwriting) where the user is (trusted or untrusted locations)