Study sets, textbooks, questions
Upgrade to remove ads
Windows Security Ch 1-3
Terms in this set (50)
are continually crafting new methods to defeat the most secure environments.
The assurance that the information is available
available only to a limited number of authorized users. ex. financial information either personal or corporate, personal medical information, and secret military plans
repair the effects of damage from an attack. Corrective controls include virus removal procedures, firewall table updates, and user authorization database updates.
Defense in Depth
It take a collection of strategies to make a computer environment safe. this approach to using a collection of strategies is often called _______
detect that an action has occurred. They include smoke detectors, log monitors, and system audits.
The assurance that the information cannot be changed by unauthorized users
AKA technical controls. are devices or processes that limit access to resources. Ex. antivirus software and firewalls
are devices that limit access or otherwise protect a resource ex. fences, doors, locks, and fire extinguishers
Prevent an action. include locked doors, firewall rules, and user passwords
so many business rely on available information to function properly, unavailable information poses a risk to the primary business function.
is any action that could lead to damage, disruption, or loss
can't change information
weaknesses in the operating system and application software
The process of collecting network messages as they travel across a network in hopes of divulging sensitive information, such as passwords
process of providing access to authorized users and denying access to unauthorized users
Access Control List
Where Windows stores access rules, or permissions, for resources (objects)
a core windows feature. All Windows operating systems since NT have the ability to share user and group definitions. Many OS support a generic capability to share such information
The total collection of all possible vulnerabilities that could provide unauthorized access to computer resources
all data objects are labeled with a specific _______. Governments classifications are unclassified, restricted, confidential, secret, and Top Secret.
any mechanism or action that prevents, detects, or addresses an attack
Discretionary access control (DAC)
one of the most common access control rules. DAC strategies are defined primarily at the user, or subject, level.
Hardware abstraction layer (HAL)
provides the actual access to physical hardware. All other kernal mode programs interact with hardware through the HAL. This allows Microsoft to support multiple hardware platforms by just writing different HAL modules, instead of rewriting all operating system programs.
Access control is a multi step process that starts here and with authentication. The operating system needs to identift the user asking for access to a resource. Most often, the user provides a username (or User ID)
is the part of the operating system that may reside partially in memory and provides the backbone of the operating system's services.
Mandatory access control (MAC)
type of access control. A familiar MAC implementation is used in military and government environments.l In such an environment, all data objects are labeled with a specific classification.
using more than 2 types of authentication.
The resource to which the subject requests access is call the access object.
define what a user can do to a specific object
User rights define task that a user is permitted to carry out. Such as take ownership of objects or shut down the computer
Role based access control (RBAC)
RBAC extends, or generalizes, DACE. Obects access is defined by role, as opposed to individual users.
Security identifier (SID)
each local user and group in a Windows has a unique SID. Windows uses the SID to identify users and groups, not names
Any user or program that requests access to a resource is call the access _______
Processes run in _________ can perform more tasks and access more restricted parts of the computer system.
Access Control Entry (ACE)
is each entry in the DACL
the process of collecting performance information on which actions were tken and storing that information for later analysis.
Class identifiers (CLSIDs)
Windows uses GUIDs extensively to keep track of many objects. The Windows Registry uses GUIDs to identify objects and records many of their attributes. When used in this context, the GUIDs are stores as CLSIDs.
sends security information to the computer where a user logs on
in the advanced security settings dialogue box. This page displays calculated permissions for any user or group
All windows users are associated with one or more groups
Key Distribution Center (KDC)
Stores all user and computer Kerberos master keys
Managed Service accounts
can be stored accorss systems. Admins create these accounts as managed domain accounts that provide automatic password management
Network translation LAN manager (NTLM)
Older Windows authentication method. differs from Kerberos in function and strength. In NTLM, a client requests access to an object on a server. The client sends the server its password for access, the server then forwards the password to the domain controller. The domain controller validates the password and returns the appropriate result to the server. Has been shown to protects passwords poorly
AKA The United States Department of Defense Trusted Computer System Evaluation Criteria, DOD-5200.28-STD. Was one of the first generally accepted standards for computer security. Has since been replaced
The Principle of least privilege
In a Windows environment, the principle of least privilege is implemented at the user account level. In fact, Microsoft refers to user accounts defined uing this principle as _________
The access ticket contails all of the subjects SIDs and is encrypted with the target server's ______. The subject then presents the access ticket to the server where the desired object resides.
Rights Management Services (RMS)
can encrypt files that contain tagged sensitive data without requiring user interaction.
User account control (UAC)
Windows feature of prompting users before escalating to administrator privileges
is a fast and scalable protocol that allows for secure exchange of information. Each domain controller functions as a _____ key distribution center.
Becomes the new owner of this object
Sets with similar terms
Windows Security Chapter 1-3
Identity & Access Management
Other sets by this creator
Windows Security 7and8
Other Quizlet sets
Love Justice Final Quizlet