Authentication Flashcards
What is Access Control?
Access Control is the set of technical controls that governs how subjects (users) may interact with objects (network resources).
What is an Access Control List (ACL)?
An ACL is a list of subjects and the rights or permissions they have been granted on an object.
What are the four main processes in an Access Control system?
- Identification, 2. Authentication, 3. Authorization, 4. Accounting.
What is Identification in Access Control?
Identification is creating an account or ID that identifies the user or process on the system.
What is Authentication in Access Control?
Authentication is proving that a subject is who or what it claims to be when it attempts to access a resource.
What are the five authentication mechanisms?
- Something you know, 2. Something you have, 3. Something you are, 4. Something you do, 5. Somewhere you are.
What are Physical Access Controls?
Physical Access Controls govern the movement of people within an organization’s facilities, using methods such as walls, fencing, guards, and ID cards.
What are Logical Access Controls?
Logical Access Controls govern access to specific system resources, controlling who or what can access them and the type of access permitted.
What is Mandatory Access Control (MAC)?
MAC is a model where access is granted based on data confidentiality and user clearance levels, typically used in government and military environments.
What is Discretionary Access Control (DAC)?
DAC is an identity-based model that allows data owners to define access permissions for specific users or groups.
What is Role-Based Access Control (RBAC)?
RBAC assigns access rights based on the role an individual has within an organization, rather than to individuals directly.
What is Rule-Based Access Control?
Rule-Based Access Control allows or denies access based on a set of predefined rules, such as IP address restrictions or time-based access permissions.
What is the Bell-LaPadula model?
The Bell-LaPadula model enforces confidentiality with the rules: “No read up, no write down.” It is focused on preventing information leaks in secure systems.
What is the Biba model?
The Biba model focuses on data integrity with the rules: “No read down, no write up.” It is designed to prevent unauthorized changes to data.
What is the Clarke-Wilson Security Model?
The Clarke-Wilson model focuses on maintaining data integrity by preventing unauthorized modifications and ensuring internal consistency of data through well-formed transactions.
