Access Control Flashcards

0
Q

Type 2 authentication method

A

What you have: e.g. Token, smart card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

Type 1 authentication method

A

What you know: e.g. Password or Pin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Type 3 authentication method

A

What you are: e.g. Biometric info

  • Fingerprint
  • Handprint
  • Iris/retina
  • voice
  • typing patterns
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does CIA stand for in Access Controll?

A

Confidentiality
Integrity
Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a race condition?

A

Two processes carry out their tasks on a shared resource in the incorrect order:
If authentication and authorisation are carried out in the wrong order, an attacker can force authorisation before being authenticated and therefor access data he shouldn’t

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

4 steps for a subject to access an object?

A

1) identification
2) authentication
3) authorisation
4) accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Biometric type 1 error?

A

False rejection (rate) - rejecting an authorised subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Biometric type 2 error?

A

False acceptance (rate) - accepting an unauthorised subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Biometric: what is CER?

A

Crossover error rate: (aka equal error rate - EER)
Is a percentage and represents the point where false rejection (type1) rate = false acceptance (type2) rate.
Determines systems accuracy, lower = better

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Clipping level?

A

Threshold of accepted number of errors (e.g. Failed login attempts)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Synchronous token device

A

Time or counter bases (event based) which needs to be in sync with the authentication server.

Example: RSA SecurID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Asynchronous token device?

A

Challenge response scheme: not based on time/event/counter sync. For example: server sends random code which user encrypts and sends back. Server confirms random code encrypted with correct algorithm to identify/authenticate user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Difference between memory card and smart card?

A

Memory card HOLDS information, smart card PRODUCES information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Least privilege?

A

Only access to resources absolutely required to accomplish a certain task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly