Access Control Flashcards
(33 cards)
Access control methodology that only uses access control lists to maintain subject permissions for objects:
Discretionary access control
What is the least reliable value for logical access control to use?
Physical location
What is best paired with a password to provide improved security?
A biometric factor
What AC methodology only uses ACL’s to maintain subject permissions for subjects
Discretionary access control
What is the access control method where the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object.
Mandatory Access Control
What is best paired with a password to provide more secure authentication?
A biometric factor
What would be the least reliable value for a logical access control to use?
Physical location
Why would someone be opposed to Biometric Authentication?
Biometric authentication can reveal PII and medical information about a person (especially when using the iris and retinal patterns)
What is the CIA triad?
Confidentiality, Integrity, Availability
What function of the CIA triad does Hashing provide?
Integrity
What function of the CIA triad does Cryptography provide?
Confidentiality
What function of the CIA triad does Authentication provide?
Availability (to only the right people, ideally)
What authentication service grants access through tickets?
Kerberos
What AC model enforces permissions based on data labels?
Mandatory Access Control
What authentication service uses the X.500 spec?
Lightweight Directory Access Protocol (LDAP)
What are the three most effective authentication factors?
Something you are, Something you know, Something you have
What is Role Based Access Control?
A list of user roles matched with the levels of access they require to perform their function (often in a matrix)
What does RADIUS stand for?
Remote Authentication Dial-In User Service
What is Diameter?
A more powerful version of RADIUS (not backwards compatible) with much greater capability notably the use of Extensible Authentication Protocol.
What is Role Based Access Control?
A list of rules defining user roles and the levels of access they require to perform their function
What is need-to-know ideology?
If a person has sufficient privilege to view information but does not require that information for the execution of their duties, then they do not get access.
List three Type 2 authentication inputs
Common Access Card (CAC), RFID Card, Token
What is the benefit of De-centralized Access control?
Policy is easily adjusted to local laws and requirements
What is summary of the Bell-La Padula Security model?
3 Rules
- Simple: read access no read above your level
- *: write access up, not down
- strong *: no read/write
