Chapter 10: Access Control Systems and Methodology

Question 1

Accountability

Answer 1

Proving that a particular person committed a specific action at a particular time

Question 2

Identification

Answer 2

A name, a handle, a SSN, student ID number, etc

Question 3

Authentication

Answer 3

Additional information given to verify an identification; a password, for example, is simple authentication. A work badge or other ID gained by showing other documents counts as well.

Question 4

Least Privilege/ Need to Know

Answer 4

Confining information or access to the smallest amount needed for the smallest number of people possible

Question 5

Information Owner

Answer 5

The person who decides who gets access to the information inside the system they own. They “own” the information contained in the system whereas a custodian manages the equipment that the information runs or is stored on

Question 6

Discretionary Access Control (DAC)

Answer 6

Access mediated by an information owner or management. Most access across well known systems (such as Windows) rely on DAC

Question 7

Access Control Lists (ACL)

Answer 7

Lists of users and their associated privileges and permissions

Question 8

Mandatory Access Control (MAC)

Answer 8

System granted access mediated via:

Subjects: People or other systems that are granted access to objects

Objects: Elements within the system that are being protected, usually data or information

Labels: Designators applied to objects and subjects that allows the “match up” of people and stuff

Question 9

Role-Based Access Control

Answer 9

Access granted by individuals filling a predefined role and receiving the privileges that go with it.

Question 10

Problems with passwords

Answer 10

Passwords can be insecure

Passwords are easily broken

Passwords are inconvenient

Passwords are repudiable

Question 11

Two Factor Authentication

Answer 11

SYH/SYK (Something you have, something you know)

Example: a physical debit card or card number, and a PIN

A password token (maybe like the verification codes?) would count as 2 factor as well

Question 12

Three factor authentication

Answer 12

SYH/SYK/SYA (Something you have, know, and are)

An example would be a person who swipes a badge, enters a pin, and scans a fingerprint

Question 13

Biometrics

Answer 13

Includes fingerprints, signature dynamics, iris scanning, retina scanning, voice prints, facial recognition

Question 14

Single Sign On

Answer 14

Setting up multiple systems to refer to one username and password for multiple systems instead of having to use a new one for each database or service

Question 15

Kerberos

Answer 15

Single sign on Authentication for client/server applications. Allows for authentication across an insecure data channel such as the Internet. After a subject proves its identity, Kerberos assigns a unique ticket to subjects at sign on, and then embeds that ticket in all the communications so that the sender can be verified.

Question 16

Federation

Answer 16

When services or sites alloww users to use another set of passwords to log on. Using your Facebook password to log in to Etsy, for example.

Question 17

Remote Access Dial In User Service (RADIUS)

Answer 17

a client/server protocol that enables remote users to work with company sites, databases or other resources. Puts user profiles into a central databases that all the services can check against. Might use a name and password, a token, or a smart card to authenticate a user.

Question 18

VPN

Answer 18

Another way to authenticate users and guard traffic from the outside in to company resources