Authentication, authorization, and accounting Flashcards
Access controls:
Security controls that manage access, authorization, and accountability of information
Application programming interface (API) token
A small block of encrypted code that contains information about a user
Asymmetric encryption:
The use of a public and private key pair for encryption and decryption of data
Algorithm:
A set of rules used to solve a problem
Basic auth
The technology used to establish a user’s request to access a server
Bit:
The smallest unit of data measurement on a computer
Brute force attack:
The trial and error process of discovering private information
Cipher:
An algorithm that encrypts information
Cryptographic key:
A mechanism that decrypts ciphertext
Cryptography:
The process of transforming information into a form that unintended readers can’t understand
Encryption:
The process of converting data from a readable format to an encoded format
Data owner:
The person that decides who can access, edit, use, or destroy their information
Hash function:
An algorithm that produces a code that can’t be decrypted
Data custodian:
Anyone or anything that’s responsible for the safe handling, transport, and storage of information
Digital certificate:
A file that verifies the identity of a public key holder
Hash collision:
An instance when different inputs produce the same hash value
Identity and access management (IAM):
A collection of processes and technologies that helps organizations manage digital identities in their environment
Hash table:
A data structure that’s used to store and reference hash values
Information privacy:
The protection of unauthorized access and distribution of data
Non-repudiation:
The concept that the authenticity of information can’t be denied
Multi-factor authentication (MFA):
A security measure that requires a user to verify their identity in two or more ways to access a system or network
OAuth:
An open-standard authorization protocol that shares designated access between applications
Payment Card Industry Data Security Standards (PCI DSS):
A set of security standards formed by major organizations in the financial industry
Personally identifiable information (PII):
Any information used to infer an individual’s identity
Protected health information (PHI):
Information that relates to the past, present, or future physical or mental health or condition of an individual
Principle of least privilege:
The concept of granting only the minimal access and authorization required to complete a task or function
Public key infrastructure (PKI):
An encryption framework that secures the exchange of online information
Rainbow table:
A file of pre-generated hash values and their associated plaintext
Salting:
An additional safeguard that’s used to strengthen hash functions
Security assessment:
A check to determine how resilient current security implementations are against threats
Security audit:
A review of an organization’s security controls, policies, and procedures against a set of expectations
Security controls
Safeguards designed to reduce specific security risks
Separation of duties
The principle that users should not be given levels of authorization that would allow them to misuse a system
Session ID:
A unique token that identifies a user and their device while accessing a system
Session:
A sequence of network HTTP basic auth requests and responses associated with the same user
Session cookie:
A token that websites use to validate a session and determine how long that session should last
Session hijacking:
An event when attackers obtain a legitimate user’s session ID
Single Sign-On (SSO):
A technology that combines several different logins into one
Symmetric encryption:
The use of a single secret key to exchange information
User provisioning:
The process of creating and maintaining a user’s digital identity
