Part-2 Acronyms Flashcards
IAM
Identity and access management
Security process that provides identity, the authentication and authorization mechanisms for users, computers and other entities to work with organizational assets like net works, operating systems and applications.
MAC
Mandatory access control
Subjects are assigned a security level or Clarence when they try to access an object their, clearance level must correspond to the object security level. If there is a match, the subject can access the objects; if there is no match, the subject is denied access. Mac security labels can generally be changed to only by system administrator.
DAC
Discretionary access control
When you were trying to access the file that is protected, all you need to do is Austin minute straighter to grant you access and then you can start using the file.
ACL
Access control list
List of subjects who are allowed access
RBAC
Role-based access control
Subjects are assigned to pre-defined roles, and network objects are configured to allow access only to specific roles. Access control based on the subjects assigned. An administrator assigns to a role only those privileges subjects in the role need to complete their work.
Rulebased access control
This is an access control technique that is based on a set of operational rules or restrictions.
ABAC
Attribute base access control
If x, then y
If a subject has both the type = database and department = customer service attributes then they are granted access to the computer database.
Since you, as a general administrator, do not possess these attributes, you’re denied access. Attributes are created ahead of time and must aptly Describe the important factors that distinguish one subject from another. Administrators can I sign these attributes during identity creation, or they can be assigned dynamically, depending on what the attributes are.
Physical access control devices
These are common in IAM architectures where organizations cannot rely solely on software based authentication and authorization solutions.
Example smart cards
Smart Cards are used as a “something you have “ for user to gain physical injury to location; to gain access to computer system or to initiate the transfer transaction with another entity.
Biometric devices
Fingerprint scanners Voice recognition devices Retinal scanners Iris scanners Facial recognition devices
Biometric factors
FAR false acceptance rate
FRR false rejection rate
CER Crossover error rate
Certificate based authentication
A technique used in a “something you have“authentication
CAC
Common access card
Directory service
A network service that stores identity information about all the objects in a particular network, including users, groups, servers, clients, printers, and network services.
LDAP
Lightweight directory access protocol
LDAP clients Authenticate to the LDAP service, and the service schema defines The tasks that clients can and cannot perform while accessing a directory database, the form the directory query must take, and how the directory server will respond.
Schema
The structure of the directory is controlled by a blank blank blank that defines rules for how objects are created and what their characters can be most blanks are extensible, so they can be modified to support the specific needs of an organization.
Active directory
This allows administrators to centrally manage and control access to resources using axis control us or ACL.
Tunneling
This is a data transport technique that can be used to provide remote access in which a data package is encrypted and encapsulated in another day to pack it in order to conceal the information of the packet inside.
Typically employed as a security measure in VPN connections
Remote access protocols
Point to point protocol (PPP)
Point to point tunneling protocol (PPTP)
Layer two tunneling protocol L2TP
Secure socket tunneling protocol SSTP
Point to point protocol
PPP
This is a legacy Internet standard for sending IP datagram packets over serial point to point links. It can be used in synchronous and asynchronous connections.
Point to point tunneling protocol
This is a Microsoft VPN layer 2 protocol that increases the security of PPP by providing tunneling and data encryption for PPP packets.
PPTP is no longer recommend by Microsoft.
Layer 2 Tunneling protocol
L2TP
L2 TP employees IP security transport mode for authentication
Secure socket tunneling protocol
SSTP
This protocol uses SSL/TLS and encapsulates an IP packet with a PPP header and then with an SSTP header.
HOTP
HM AC based one time password
An algorithm that generates one time passwords OTP using a hash based authentication code HM AC to ensure the authenticity of a message
Time based OTP
TimedHM AC best one time password TOTP improves upon the HOTP algorithm by introducing a time based factor to the one time password Authentication.
PAP
Password authentication protocol
It is a protocol that sends user IDs and passwords as plain text
MD5
Message digest 5
CHAP handshake process
Step one the remote client request a connection to the RAS
Step two the remote server sends a challenge sequence, which is usually a random value
Step three Remote client uses its password as an encryption key to encrypt the challenge sequence and sends a modified sequence to the server.
Step four The server encrypts the original challenge sequence with The password stored and it’s local credentials list and compare the results with the modified sequence received from the client:
If the two sequences do not match, the server closes the connection.
If the two sequences match, the server allows the client to access resources.
NTLM
NT LAN Manager is a challenge response authentication protocol created by Microsoft
Weaknesses include outdated encryption algorithms, which are susceptible to brute force cracking attempts.
AAA
Authentication, authorization and accounting
Security concepts and which is centralized platform verifies object identification, and choose the object is assigned relevant commissions, and then logs these actions to create an audit trail..
Diameter
This is an authentication protocol that improves upon RADIUS By strengthening some of its weaknesses
NPS
Network policy server
Is a window server implementation of a radius server it helps and administrating VPNs and wireless network
TACACS & TACACS plus
Terminal access controller access Control system
Protocols provide AAA services for remote users.
TACAS plus includes process wide encryption for I think Acacian, from authorization packets, where as radius combines these functions in the same packet.
TACAS plus also supports multi factor authentication.
Kerbos
And authentication service that is based on a time sensitive ticket granting system. It’s use for a single sign-on process.
This is used with active directory to authenticate users and computers any domain. This also employees mutual authentication to the both the client and server can verify each other’s identity. It also uses modern encryption standards like AES.
Kerbos Process
Number one. User logs onto the domain
Number two to the user request a ticket granting ticket TGT from the offense kidding service
Number three. But authenticating server response with a timestamp TGT
Number four. The user presents the TGT back to the authenticating server and requests a service Ticket to access a specific resource.
Number five. The authenticating server responds with a service ticket.
Number six. The user presents the service ticket to the resource they wish to access.
Number seven. The resource authenticates and allows access.
Account management
A common term used to refer to the processes, functions, and policies used to effectively manage user accounts within an organization
Account types
User account
Privileged account
Guest account
Computer and service account
Account policy
A document that includes and organizations requirements for account creation,account monitoring, and account removal.
Security control (account management)
Standard naming conventions On boarding and off boarding Access recertification Usage auditing Group based acces control Location based policies Time of day restrictions
Credential managers
This was created to help users and organizations to more easily store and organize user names and password da.
Defend against keystroke-logging malware
Credential management software
LastPass
KeePads
Apples Keychain
Identity federation
This is the practice of linking a single identity across multiple disparate identity systems.
Google account
Transitive Trust
A user account that is trusted by one system may be implicitly trusted by another system of those systems trust each other.
Identity federation methods
SAML
OPENid
OAuth
Shinboleth
SAML
Security assertion markup language
OPENID
A method for authenticating users.
Google and amazon uses their own.
OAuth
An authorization protocol that can be used to complement OPenID
Shinboleth
Based on SAML
Federated identity method
