Access Control Flashcards
CIA Triad
Confidentiality, Integrity and Availability - Cornerstone concept of Information Security
DAD
Disclosure, Alternation and Destruction - The opposing forces to the CIA triad
Confidentiality
CIA: prevention of unauthorized disclosure of information.
Integrity
CIA: prevention of unauthorized changes to information.
Integrity - 2 types
Data Integrity and System Integrity
AAA
Authentication, Authorization and Accountability.
Subject/Object
A subject is an active entity on a system. An OBJECT is any passive data (e.g. data files).
Defense-in-Depth
Layer Defense. Implementation of multiple safeguards (controls) to reduce risk.
DAC
Discretionary Access Control. Gives subjects full control of objects they have been given access to. Subject may give others access to their objects.
MAC
Mandatory Access Control. SYSTEM-enforced control based on clearance and object labels. Example: security classification (Secret, Confidential, FOUO). Expensive and difficult to implement.
RBAC
Role Based Access Control. Access is based on a user’s “role”. Example: administrator, nurse, backup-admin. Non-discretionary access control.
Centralized Access Control
Access Control at one logical point for a system or organization. Systems authenticate via third party authentication servers (e.g. SSO - single signon)
Decentralized Access Control
Local based control over multiple sites. AKA, “Distributed Access Control”.
RADIUS
Remote Authentication Dial-In User Service. This is an AAA system. Uses multiple servers. Encrypts only password.
Diameter
Access control protocol. Successor to RADIUS. Uses AAA framework. Uses single server. Uses TCP
TACACS & TACACS+
Terminal Access Controller Access Control System. Centralized access control system that requires users send and ID and static password for authentication. Uses UDP or TCP. Encrypts all authentication data.