Domain 1 Questions Flashcards
WHAT IS acess subject object
Access is the flow of information between a subject and an object. A subject is an active entity that requests access to an object or the data within an object. A subject can be a user, program, or process that accesses an object to accomplish a task. When a program accesses a file, the program is the subject and the file is the object. An object is a passive entity that contains information. An object can be a computer, database, file, computer program, directory, or field contained in a table within a database. When you look up information in a database, you are the active subject and the database is the passive object. Figure 4-1 illustrates subjects and objects.
what is first step in security
So, the first step in protecting data’s confidentiality is to identify which information is sensitive and to what degree, and then implement security mechanisms to protect it properly.
what is identification
Identification describes a method of ensuring that a subject (user, program, or process) is the entity it claims to be. Identifica-tion can be provided with the use of a username or account number
how are you authorized
To be properly authenticated, the subject is usually required to provide a second piece to the credential set. This piece could be a password, passphrase, cryptographic key, personal identifica-tion number (PIN), anatomical attribute, or token
what is a race condition
exploit. A race condition occurs when two or more processes use the same resource and the se-quences of steps within the software can be carried out in an improper order, something which can drastically affect the output. So, an attacker can force the authorization step to take place before the authentication step and gain unau-thorized access to a resource.
what are the 4 steps for an object to acces an object
identification,authent,authorize,account
what are logical access controls
Logical access controls are tools used for identification, authentication, authorization, and accountability. They are software components that enforce access control measures for systems, programs, processes, and information. The logical access controls can be embedded within operating systems, applications, add-on security packages, or data-base and telecommunication management systems. It can be challenging to synchro-nize all access controls and ensure all vulnerabilities are covered without producing overlaps of functionality.
Name the 2 steps of authentication
An individual’s identity must be verified during the authentication process. Authen-tication usually involves a two-step process: entering public information (a username, employee number, account number, or department ID), and then entering private in-formation (a static password, smart token, cognitive password, one-time password, PIN, or digital signature)
What is a cognitive password
NOTE A cognitive password is based on a user’s opinion or life experience. The password could be a mother’s maiden name, a favorite color, or a dog’s name.
What is verification 1:1
measurement of an identity against a single claimed id
Give example of verification 1:n
fingerprints - you find one and comapre it to a database of many
what is the least expensive authentication
something you know is least expensive to implement - but another person may acquire what you know
what si calssified as strong authentication?
using 2 out of the 3 methods - something you have, something you know, something you is
what type of system provides what a person is?
biometrics
what is two factor authentication
it is the same as strong authentication using 2 our of the 3 methods
when creating secure identities what 3 key aspects should be included
uniqueness, non descriptive, issuance
what is uniqueness and why is it important
identifiers that are specific to an individual and it is important for accountability
what is non descriptive
accounts should be non descriptive - they should not include the purpose of the account - no CEO, Backup Operator, etc. The naming scheme chould also be standard
what is issueance
elements provided by another authority as a means to prove identitiy - id cards
what is identity management
broad term emcompasses different products to identify automate and
name some IDM technologies
directories - web access management - password management - legacy single sign on -
directories that pertain to a networks resources and users are usually built on
x.5 standard and a protocol like lightweight directory access protocol LDAP
objects in a directory are managed by a
directory service - allows the admin to configure and manage how ident, authorize,access take place
Walk through the log in process on a windows box
log into a domain controller, which has a database called active directory which organizes the network and carries out user access control functionality
what is the difference between SSO and password sync
SSO software intercepts login prompts from network systems and fills in the necessary info (username and passowrd) Password Sync - lets the user have one password between multiple systems
What is provisioning?
User provisioning is the creation, maint, and deactiv of user objects and attributes
what is the system of HR reffered to when provisioning?
authoritative source
what are the 3 factors for authentication
shomething you have, something you know, something you are
what are subjects
users, programs and process
what is identification
a method to ensure that a subject is the entity that it claims to be - identification is the username and account
if identification is the subjects username and or account what is authentication
the password, token , key, pin
what is a federated identity
portable identitiy and its entitlements to be used across business bounderies
what is spml
service provisioning markup language - allows company interfaces to pass service requests and allow access to the services
the company that send the authorization of data is
producer of assertations the receiver is the consumer of assertations
name a behavioral biometric
signing a signature - physiological is what you are - behavioral is what you do.
what is sesame
ticket based system built by european computer mfg assoc - weaknessbasis authentication on small part of msg, key is not very random
what is kyrpto knight
created by ibm it is ticket service - it is compact and flexible unlike kerbos it does not require clock sync
kerbos krypto knight and sesame are all
ticket based technologies based on sso
namme the two general cats of access control
centralized and decentralized
nname 4 centralized access contl protocooals
LDAP,RAS, PAP,CHAP, EAP,RADIUS,TACACS
what doees LDAP sttannd for
lightweight directory access protocol -
What is RAS
Remote Access Serverices Protocol utilize POINT to POINT protocol to encapsulate packets and establish dialin connections over seriel links
RAS uses PPP ther are 3 flaovors of PPP what are they?
PAP - Password Authentication Protocol–(a 2 way handshake to authenticate a peeer on a server TRANSMITS PASSWORDS in CLEAR ttext