Chapter 6 Flashcards
What is the definition of single-factor authentication?
Single-factor authentication is where the user can obtain access to an account or service using one factor such as a password.
What is the definition of two-factor authentication?
Two-factor authentication is a security method by which users obtain access by providing two separate factors to identify themselves.
What are the limitations of single-factor authentication?
- Risky if same password used for many apps
- Recommended using unique password for each app
What are the 3 different types of factors that can be used for authentication?
- Knowledge factor (knowing a password/PIN number)
- Possession factor (owning a membership card/mobile)
- Biometric factor (human characteristic fingerprint/DNA)
What is the bank card reader example?
what does it need and how does it work
Customer needs:
- PIN number (knowledge)
- Debit card (possession)
Customer places card in reader and enters PIN number. The passcode displayed on the care reader is entered into a web login page to allow the customer account access.
What are the benefits of two-factor authentication?
- Greater security
- Secure (hackers tend to avoid)
What are the limitations of two-factor authentication?
- Phone or card/reader needed to log in
- Customers dislike the extra time taken to log in
What are the most commonly given password advice?
- Use strong passwords (numbers, letters, symbols etc)
- Change passwords regularly
How is access rights set up?
It is set up by system administrator to limit network access to relevant files only for a user.
How is encryption used?
It is used to make stored data more secure, by making it unreadable to people who do not have the key to decode it.
What is firewall?
- Firewall is designed to check incoming messages and requests for service from the system
- Suspicious messages or request can be rerouted temporarily until it has been established
What is intrusion detection systems?
- Designed to monitor the network or computer system for malicious activities
- If an incident is detected, a report is sent to the network management
- Further action taken if necessary to prevent any risks to the system
What is antivirus software?
- Used to minimise the risk to data from viruses
- This software searches the computer system for viruses and deletes them once detected
- Treat files and attached email files from unknown sources with caution to avoid viruses getting into the system
What is spyware?
- Spyware can be loaded into a computer system as a software virus
- Important to run an anti-spyware program which will prevent and detect spyware from being installed
- To remove any spyware that has previously been installed
What is the purpose of the acceptable use policy?
To ensure that members of the centre understand what is appropriate browsing behaviour, and to specify the directives necessary to protect the IT network infrastructure.
