FOS Flashcards
What are the 3 parts of the CIA triad and their objectives?
Confidentiality - Ensures info is only accessible. to those with the appropriate authorization.
Integrity - ensures that data remains accurate and unaltered unless modification is required.
Availability - ensures that information and resources are accessible and functional when needed by authorized users.
What are the 3 parts of AAA and their objectives?
Authentication - the process of verifying the identity of a user or system
Authorization - defines what actions or resources a user can access.
Accounting - The act of tracking user activity and resource usage, typically for audit or billing purposes
What is Zero Trust?
Security model that operates on the principle that no one, whether inside or outside the org, should be trusted by default
What does the Control Plane define?
Policies and Procedures
What does the Data Plane do?
Ensures the policies and procedures defined in the control plane are being enforced.
What are the parts of the Zero Trust Control Plane, and what do they do?
- Adaptive Identity - User adaptive identities rely on real-time validation that considers the user’s behaviour, device location, and other factors.
- Threat Scope Reduction - Limit the user’s access to only what they need for their work tasks because this drastically reduces the network’s potential attack surface.
- Policy-Driven Access Control - This entails developing, managing, and enforcing user access policies based on their access and responsibility.
- Secured Zones - Isolated environments within a network that are designed to house sensitive data.
What are the parts of the Zero Trust Data Plane, and what do they do?
- Subject/System - Refers to the individual or entity attempting to gain access. Verify authenticity before giving access.
- Policy Engine - Cross-reference the access request with its pre-defined policies
- Policy Administrator - Used to establish and manage the access policies. Dictates who gets access to what.
- Policy Enforcement Point - Final step in the process. Allow or restrict access, and it will effectively act as a gatekeeper to the sensitive areas of the systems or networks.
