Access Control Flashcards
What are two types of Integrity?
Data Integrity & System Integrity
What is the opposite of the CIA triad?
Disclosure, Alteration, & Destruction (DAD)
What must occur before Authentication, Authorization, & Accountability(AAA)?
Identification
What combines authentication and integrity?
Non-repudiation
What means users should be granted the minimum amount of access(authorization) required to do their jobs?
Least privilege
What is more granular than Least privilege?
Need to know
An active entity that accesses a passive entity is known as?
Subject(active) and object(passive)
What applies multiple controls to reduce risk on an asset?
Defense-in-depth
What are the three primary access control models?
Mandatory, Discretionary, and Non-discretionary
What are two types of Non-discretionary access control models?
Role based and task based
What is a list of objects and for each entry describes what a subject can do?
Access Control List(ACL)
What is a one logical point for controlling access through a third party system? Provides a central point for AAA and an example would be Single Sign On(SSO)
Centralized access control
______ _________ occurs as individual users gain more access to systems. This can happen intentionally(SSO) or unintentionally which would result in _______ ________.
Access Aggregation, Authorization Creep
What is the following?
A client/server protocol
Runs in the application layer Uses UDP port 1812(authentication) and 1813(accounting)
Considered a AAA system
Remote Authentication Dial-In User Service(RADIUS)
What is the successor to RADIUS?
Diameter
What is the following?
Requires user to send an ID and static(reusable) password for authentication
Goes over UDP or TCP port 49
TACACS
What does TACACS+ offer over TACACS?
Provides better password protection through two factor authentication
Why is PAP insecure?
When user enters password, it goes over the network in cleartext thus allowing someone to sniff it.
What does CHAP protect against? What does it depend on?
Playback attacks. It depends on a secret only known to the authenticator and peer. This secret is not sent over the link.
Access Control categories fall into what?
Administrative(Directive), Technical(Logical), Physical
What is a combination of both the identification and authentication of a user?
Credential set
What are the three basic types of authentication methods?
Type 1(Something you know) Type 2(Something you have) Type 3(Something you are)
What is it when the user is required to provide more than one authentication factor?
Strong Authentication or multi factor authentication
What is often the weakest form of authentication?
Type 1(Something you know)
What are the four types of passwords?
Static
Passphrases
One-time
Dynamic
Reusable passwords that may or may not expire, work best when combined with another authentication type such as smart card or biometrics?
Static passwords
Can be made stronger using nonsense words like XYZZY, described as long static passwords?
Passphrases