Section 20: Access Control Flashcards
Access Control Models
DAC, MAC, RBAC, ABAC
Discretionary Access control
The access control policy is determined by the owner
Mandatory Access Control
An access control policy where the computer gets to control who gets access, does it through data labels (used in FreeBSD and Linux)
Rule Based Access Control
Label-based access control that defines whether access
Lattice Based Access Control
Utilizes complex mathematics
Role-Based Access Control
An access model that is controlled by the system (like MAC) but utilizes roles in order to dole out access
Attribute Based Access Control
think tags
Implicit Deny
All access is denied by default unless specifically stated
Least Privilege
Only allowed to do what is needed to do their job
Separation of Duties
Requires more than one person to conduct a sensitive task or operation (think two people signing a check)
Job Rotation
Occurs when users are cycled through various jobs to learn the overall operations of the company
Mandatory Vacation
Making someone take a vacation so you can audit them
Organizational Unit in AD
Departments in the company
User Rights
Permissions assigned to a given user
Groups
Collection of users based on common attributes