Domain 5 - Identity And Access Management Flashcards
Low security cost because security is configured based on roles.
Role-based access control (RBAC)
Easier to implement than other access control models.
RBAC
Is not user friendly.
RBAC
More user friendly than other access control models.
Discretionary Access Control (DAC)
Allow the data owner to determine user access rights.
DAC
If a user needs access to a file, he only needs to contact the file owner.
DAC
Is not discretionary in nature.
RBAC
is discretionary in nature.
DAC
Is not used in a highly secure environment.
RBAC
Use in a highly secure environment.
Mandatory Access Control (MAC)
Every subject and object is assigned a security label.
MAC
Is easy to enforce minimum privilege for general users.
RBAC
Users are assigned into roles based on the structure of the organization, which is usually hierarchical.
RBAC
A popular access control model used in commercial applications, especially large network applications.
RBAC
Access Control models considered non-discretionary in nature.
RBAC, MAC, and context-based access control (CBAC)
This method type relies on security policies and security labels to determine an object’s access to resources.
Non-discretionary access control method
This type of access control allows the resource owner to determine the level of resource access given to a user.
Discretionary Access Control (DAC)
These type of method of access control is usually managed by a central administrator who determines that the subject’s access rights are based on security policy and the user’s roles and responsibilities related to his duties in the organization.
Non-discretionary access control method
Benefits of Role-based access control.
Easy to implement and manage; cost effective
Drawbacks of Role-based access control.
Not user friendly, not discretionary, not good for highly secure environments.
Popular access control model used for commercial applications.
Role-based access control
User name + password
one-factor authentication (something you know)
User name + password + smart card
two-factor authentication (something you know and something you have)
User name + password + smart card + fingerprint
three-factor authentication (something you know, something you have, something you are)
Allows access based on a user’s or a group’s identity.
DAC
What is a Preventative Access Control?
A Preventitive Control attempts to stop unwated access
What is a Dectective Access Control?
A Detective Control attempts to discover or detect unwanted or unauthorized activity
What is a Corrective Access Control?
A Corrective Access Control modifies the enviroment to return systems to a normal after an unwanted or unauthorized activity has occurred
What is a Detettent Access Control?
A Deterrent Access Control attempts to discourage security policy violations
What is a Recovery Access Control?
A Recovery Access Control attempts to repair or restore resources, functions, and capabilities after a security policy violation.
What is a Directive Access Control?
A Directive Access Control attempts to direct, confine, or control the actions of subjects to force or encourage compliance with security policies.
What is a Compensating Access Control?
A Compensating Access Control provides an alternative when it isn’t possible to use a primary control, or when necessary to increase the effectiveness of a primary control.
What is an Administrative Access Control?
An Administrative Access Control are the policies and procedures defined by an organizations security policy , regulations or requirements.
What is a Logical/Technical Access Control?
Logical Access Controls (also known as technical access controls) are the hardware or software mechanisms used to manage access and to provide protection for resources and systems.
What is a Physical Access Control?
Physical Access Controls are items that you can physically touch (doors, gates etc).
What Identification as it relates to Authentication?
Identifiction is how you claim your identity to a system such as a username. Identification and Authentication always occur together as a single two-step process.
What is Authentication as it relates to Identification?
If Identification is the username that you provide and Authentication would be a password. Identification and Authentication always occur together as a single two-step process.
What is Authotization as it relates to IAAA?
Subjects are granted access to objects based on proven identies. For example, administrators grant users access to files based on the users proven identity.
What does IAAA stand for?
Identify, Authentication, Authorization and Accountability
What is a Type 1 Authentication Factor?
Type 1 authentication is something that you know
What is a Type 2 Authentication Factor?
Type 2 authentication factor is something you have.
What is a Type 3 Authentication Factor?
Type 3 authentication factor is something you are
What is context aware authnetication?
Location of the user, time of day, mobile device etc
What is a cognitive password?
A cognative password is a series of challenge questions about facts or predefined responses that only the subject should know
What type of certificate does a Smartcard use?
Asymmetric
What is a Common Access Card or a Personal Identity Vertification Card?
It’s a smart card with the employees photo on it which they wear as they walk around the building. This is used in government buildings.
What is a Token Device?
OTP tokens like RSA tags
What is a Synchronous Dynamic Password Token?
Hardware tokens that create synchronous dynamic passwords are time-based and synchronized with an authentication server. Usually every 60 seconds.
What is an Asynchronous Dynamic Password Token?
Does not use a clock, instead it generates the password based on an algorithm and an incrementing counter. Each time you log in it will create a new password token.
