Other security concepts Flashcards

1
Q

AAA Services

A

The three A’s in this abbreviation refer to authentication, authorization, and accounting (or sometimes auditing). Although there are three letters in the acronym, it actually refers to five elements: identification, authentication, authorization, auditing, and accounting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Identification

A

Claiming to be an identity when attempting to access a secured area or system.

Identification is the process by which a subject professes an identity and accountability is initiated. A subject must provide an identity to a system to start the process of authentication, authorization, and accountability (AAA).

Providing an identity can involve typing in a username; swiping a smart card; waving a proximity device; speaking a phrase; or positioning your face, hand, or finger for a camera or scanning device. Providing a process ID number also represents the identification process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Authentication

A

Proving that you are that identity.

The process of verifying or testing that the claimed identity is valid is authentication. The most common form of authentication is using a password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Authorisation

A

Defining the permissions (i.e., allow/grant and/or deny) of a resource and object access for a specific identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Auditing

A

Recording a log of the events and activities related to the system and subjects.

Auditing, or monitoring, is the programmatic means by which a subject’s actions are tracked and recorded for the purpose of holding the subject accountable for their actions while authenticated on a system. It is also the process by which unauthorized or abnormal activities are detected on a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Accounting (aka accountability)

A

Reviewing log files to check for compliance and violations in order to hold subjects accountable for their actions.

An organization’s security policy can be properly enforced only if accountability is maintained.

Effective accountability relies on the capability to prove a subject’s identity and track their activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Monitoring and auditing

A

Monitoring is a type of watching or oversight, while auditing is a recording of the information into a record or file. It is possible to monitor without auditing, but you can’t audit without some form of monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly