Access Control Flashcards
A type of access control where the owner of a resource decides who can access it and what permissions they have, often based on user identity.
Example: A file owner grants read and write access to specific users on a shared document.
DAC (Discretionary Access Control)
An access control model that grants or denies access based on attributes associated with users, resources, and the environment, such as time, location, or roles. This provides fine-grained access control.
Example: A policy allows access to a file only if the user is in the HR department and accessing it during business hours.
ABAC (Attribute-Based Access Control)
An access control model that assigns permissions based on the roles of users within an organization, simplifying access management by grouping users under specific roles.
Example: An employee assigned to the “Manager” role automatically gets access to all resources designated for managers.
RBAC (Role-Based Access Control)
A strict access control model where system-enforced policies determine who can access resources, often based on classifications like security labels or user clearance.
Example: In a military system, files are labeled with classifications (e.g., Top Secret), and only users with the appropriate clearance can access them.
MAC (Mandatory Access Control)
A feature of Windows that allows users to encrypt individual files or folders to protect data from unauthorized access.
EFS (Encrypting File System)
A list that specifies the permissions granted to users and groups for accessing specific files or directories on a system.
FACL (File Access Control List)
A security technique used to monitor and detect unauthorized changes to files and directories by comparing their current state to a known good baseline.
FIM (File Integrity Monitoring)
A file system used by Windows operating systems that supports large file sizes, file permissions, encryption, and other advanced features.
NTFS (New Technology File System)
A policy that ensures equitable distribution of resources, typically in network management, by preventing overuse or abuse by any single user or group.
Example: A company implements a fair access policy to limit bandwidth consumption for high-demand users, ensuring all employees have adequate network resources.
Fair Access Policy
A security principle where any access that is not explicitly granted is automatically denied, providing a default security stance of restriction.
Example: In a firewall configuration, all incoming traffic is blocked by default unless explicitly allowed through the firewall rules.
Implicit Deny Policy
A trust relationship in a network where if system A trusts system B, and system B trusts system C, then system A can also trust system C.
Example: If an organization’s domain trusts another domain, and that domain trusts a third domain, users in the third domain can access resources in the first domain.
Transitive Trust
An authentication method that considers the context of a user’s login attempt, such as location, time, or device, to determine whether to grant access.
Example: A user is required to provide additional authentication if they log in from an unrecognized device or location.
Context-Aware Authentication
Hardware authentication token
Typically, a physical USB stick or key fob-sized device
Primarily used for digital security (2FA/MFA)
Security Key
