Chapter 2 Concepts Flashcards
Understand concepts in Chapter 2 of Security+ book
Identification
Identification occurs when a user CLAIMS an identity with a username or email address.
Authentication
Authentication occurs when the user PROVES the CLAIMED identity with a password or PIN and the credentials are verified.
Authorization
Authorization occurs when users are granted access to system resources based on the authentication of the proven identity.
Accounting
Accounting is the process of logging the actions that users take in system logs.
Authentication Factors
Authentication factors include something you know (password or PIN), something you have (smart cards, hardware tokens), something you are (biometric), somewhere you are (location based), and something you do (gestures on a screen).
False Acceptance (Rate)
False acceptance occurs when a biometric system incorrectly identifies an UNAUTHORIZED user as an authorized user. False acceptance rate denotes the percentage of time false acceptance occurs.
False Rejection (Rate)
False rejection occurs when a biometric system incorrectly REJECTS an AUTHORIZED user. False rejection rate denotes the percentage of time false rejections occur.
Crossover Error Rate
The crossover error rate is the point where the false acceptance rate crosses over with the false rejection rate. A lower crossover error rate indicates that the biometric system is more accurate.
Kerberos
Kerberos is a network authentication protocol within a Microsoft Windows Active Directory domain or a Unix realm. It uses a database of objects such as Active Directory and a Key Distribution Center (KDC) or Ticket-Granting Tickets (TGT) server to issue time-stamped tickets that expire a certain period of time. Kerberos uses symmetric-key cryptography to prevent unauthorized disclosure and to ensure confidentiality.
New Technology LAN Manager
NTLM is a suite of protocols that provide authentication, integrity, and confidentiality within Windows systems. NTLM has been cracked and is not recommended for use today.
Lightweight Directory Access Protocol
LDAP specifies formats and methods to query directories.
Single Sign-On
Single sign-on refers to the ability of a user to log on or access multiple systems by providing credentials only once.
Security Assertion Markup Language
SAML is an XML-based standard used to exchange authentication and authorization information between different parties. SAML provides single sing-on for web-based applications.
Federation
A federation requires two or more parties (companies) to agree on a standard for identities and then exchange information based on that standard. A federated identity links a user’s credentials from different networks or operating systems, but the federation teats it as one identity.
Role-Based Access Control
Role-based access control uses roles (or groups) to manage rights and permissions for users. An administrator will create a role (or group), assign specific rights and permissions to that role (or group) then assign individual users to that role (or group).
Rule-Based Access Control
Rule-based access control is based on a set of approved instructions, such as an access control list. Some rule-based access control systems use rules that trigger in response to an event, such as modifying access control lists after detecting an attack or granting additional permissions to a user in certain situations.
Discretionary Access Control
Discretionary access control specifies that every object (such as file and folders) has an owner, and the owner has full, explicit control of the object.
Mandatory Access Control
Mandatory access control uses sensitivity or security labels for users and data. Administrators assign labels to users and objects and when the labels match, the system can grant a user access to an object.
Attribute-Based Access Control
Attribute-based access control evaluates attributes and grants access based on the value of these attributes. Access to certain objects may require the user to have “employee, inspector, nuclear aware” attributes in order to access certain objects.
