Security Controls Flashcards
Auditing (security controls)
One time evaluation
vs monitoring which is on going
Bollards
Vehicle barricades usually outside of government buildings
Duress based alarm
Alarm that’s set off by a person when there is some kind of emergency
Proximity alarms
RFID to tell when something moves
Like tagged clothing at a retail store
Magnetometer
Metal detectors
5 types of door locks
Key
Mechanical (cipher lock) like at fast food
Electronic
Badge reader
Biometric
Biometric scanner intrusiveness order
Least to most
Facial id
Fingerprint
Palm reader
Retina scan
Access control vestibule
Metro turnstile access type thing
Can be a full cage also
(Prevent tailgating and piggybacking)
3 types of badge readers
Magnet strip (old)
Smart card (new) like a credit card
RFID (new)
3 types of equipment locks
(Not including Kensington locks)
Lockable rack cabinet
Chassis locks
Faceplate
Least privilege principle
Things and people should always use as little permission possible
Three role based access types
DAC (discretionary access control)
MAC (mandatory access control)
RBAC (role based access control)
Discretionary access control
(DAC)
Each owner decides rights and permissions
Mandatory access control
(MAC)
The computer system decides who gets access (military style)
-Unclassified
-Confidential
-Secret
-Top secret
Also uses “need to know”
Role-Based Access Control
(RBAC)
Group based permissions like in a domain
(Considered best practice)