AAA Cybersecurity Flashcards
What is AAA in cybersecurity?
Authentication
Authorization
Accounting
What is authentication?
A process of verifying the identity of a user, machine, or system by validating the credentials provided by the entity against the stored data
What are 5 methods of authentication?
Knowledge
Possession
Inherence
Location
Behavior
What is the difference between single, two, and multi factor authentication?
Authentication that uses one, two or multiple categories of authentication factors.
What is Single Sign-On (SSO)?
An authentication method that allows users to log in with a single ID to any of several related, yet independent, software systems
What are the 4 types of authorization models in a system?
Discretionary Access Control (DAC)
Role-based Access Control (RBAC)
Mandatory Access Control (MAC)
Rule-based Access Control
What is authorization?
Process that comes after authentication and involves granting or denying
permissions to authenticated users
What is accounting?
Also known as auditing, a critical process that involves the systematic tracking and recording of user activities on a system or network
What are 3 methods of accounting?
Logs
Tracking
Web Browsing History
What is non-repudiation?
Used to provide assurance of the integrity and origin of data by preventing an entity from denying the authenticity of their actions
What are 4 methods of non-repudiation?
Video-based mechanisms
Biometric data
Digital signatures
Receipts
What is encryption?
Process of converting readable data, known as plain text, into an unreadable format, known as cipher text, using an algorithm (known as a cipher) and an encryption key
What is symmetric encryption?
Also known as private-key encryption, uses the same key for both the encryption and decryption processes
What is asymmetric encryption?
Also known as public-key Cryptography, uses two different keys: a public key for encryption and a private key for decryption
What is the public key infastructure?
Framework for managing digital certificates
and public-key encryption and provides a
way to create, distribute, store, and revoke
digital certificates and manage public-key
encryption