Upgrade to remove ads
Chapter 5 Vocab - ISEC
Terms in this set (46)
Identifies some information about the intended user before an asset can be protected including identification, authentication, authorization, and accountability
Increases the probability of preventing an attack on your organization; set the threshold to a high enough number that authorized users aren't locked out due to mistyped passwords
The process of associating actions with users for later reporting and research
Uses an algorithm that calculates a number at both the authentication server and the device
authentication, authorization, and accounting (AAA)
Core services provided by one or more central servers to help standardize access control for network resources
An authorization method in which access resources are decided by the user's authority level.
Bell-La Padula access control mechanism
An access control model that provides multilayered security for access to systems, applications, and data based on a hierarchy.
Access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity; this prevents users from corrupting data at a higher level than what the user may have access to and helps ensure data integrity.
Brewer and Nash
Based on a mathematical theory published in 1989 to ensure fair competition.
involves a dialogue between the authentication service and the remote entity that it's trying to authenticate.
Challenge-Handshake Authentication Protocol (CHAP)
A decentralized access control that is more secure than PAP since it hashes the password with a one-time challenge number to defeat eavesdropping-based replay attacks.
Chinese Wall Security Policy
defines a wall, or barrier, and develops a set of rules that makes sure no subject gets to objects on the other side of the wall
the practice of using computing services that are delivered over a network. The computing services may be located within the organization's network or provided by servers that belong to some other network
Constrained user interface
a user's ability to get into—or interface with—certain system resources is restrained by two things: The user's rights and permissions are restricted, and constraints are put on the device or program providing the interface
used by systems that continuously validate the user's identity. This is often done with proximity cards or other devices that continuously communicate with the access control system.
Crossover error rate (CER)
The point at which the false rejection rate and the false acceptance rate are equal; it is the measure of the system's accuracy expressed as a percentage.
Decentralized access control
A system that puts access control into the hands of people such as department managers who are closest to system users; there is no one centralized entity to process access requests in this system.
A popular centralized access control protocol that succeeded RADIUS and provides access control for stable and static workforces.
Discretionary access control (DAC)
A means of restricting access to objects based on the identity of subjects and/or groups to which they belong.
False Acceptance Rate (FAR)
the rate at which invalid subjects are accepted
a computer network authentication protocol that allows nodes communicating over a nonsecure network to prove their identity to one another in a secure manner.
Key distribution centers (KDCs)
serves as the authentication server (AS) and as the ticket-granting server (TgS)
Logical access control
Security administrators use these to decide who can get into the system and what tasks they can perform
a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network.
Mandatory access control (MAC)
permission to access a system or any resource is determined by the sensitivity of the resource and the security level of the subject. It cannot be given to someone else.
allows different groups of users to access a database without being able to access each other's data. This ability is important to organizations that want to use the cloud for their shared applications and databases.
the concept of preventing people from gaining access to information they don't need to carry out their duties. Providing access on the basis of need to know can reduce the chance of improper handling of data or the improper release of information.
Something you have, such as a smart card, key, badge, or token.
a bit different from a password. It is longer and generally harder to guess, so it's considered more secure
Physical access control
These control access to physical resources. They could include buildings, parking lots, and protected areas. For example, you probably have a key to the door of your office. This key controls the physical access to your office.
Public key infrastructure
A general approach to handling encryption keys using trusted entities and digital certificates; the hardware, software, policies, and procedures to manage all aspects of digital certificates.
Remote Authentication Dial-In User Service (RADIUS)
It is an authentication server that uses two configuration files:
-A client configuration file that contains the client address and the shared secret for transaction authentication
-A user configuration file that contains the user identification and authentication data as well as the connection and authorization information
Role-based access control
bases access control approvals on the jobs the user is assigned. The security administrator assigns each user to one or more roles.
Security Assertion Markup Language (SAML)
an open standard used for exchanging both authentication and authorization data. _____ is based on XML and was designed to support access control needs for distributed systems. _____ is often used in web application access control. ____ is not a complete centralized AAA system. It is a data format specification
the central part of a computing environment's hardware, software, and firmware that enforces access control for computer systems. The __________ provides a central point of access control and implements the reference monitor concept. It mediates all access requests and permits access only when the appropriate rules or conditions are met
Separation of duties
the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task. This principle prevents people from both creating and approving their own work.
Single sign-on (SSO)
allows users to sign on to a computer or network once and have their identification and authorization credentials allow them into all computers and systems where they are authorized.
a security card programmed with your employee ID number
uses an algorithm that calculates a number at both the authentication server and the device. It displays the number on the device's screen. The user enters this number as a logon authenticator, just as he or she would use a password.
restricts access to specific times. It first classifies the sensitivity level of objects. Then it allows access to those objects only at certain times.
Terminal Access Controller Access Control System Plus (TACACS+)
is an Internet Engineering Task Force (IETF) standard that uses a single configuration file to:
-Control serve operations
-Define users and attribute/value pairs
-Control authentication and authorization procedures
The number of failed logon attempts that trigger an account action
Ticket-granting servers (TGSs)
provides a way to get more tickets for the same or other applications after the user is verified, so that step doesn't need to be repeated several times during a day
Trusted operating system (TOS)
A type of operating system that includes additional controls to address the additional security needs of systems that handle extremely sensitive information.
Two factor authentication
An authentication method that uses two types of authentication credentials. See also two-step authentication.
View-based access control
Limiting users' access to database views, as opposed to allowing users to access data in database tables directly.
Sets found in the same folder
Quiz #6 Info Sec
Quiz 6 Coms System Security
Info Security Chapter 6
Quiz 7 Information Security Fundamentals
Sets with similar terms
ISEC Chapter 5 Vocabulary
Chapter 5 Security
Network Security: Chp. 5 - Access Controls
Other sets by this creator
Strategic MGT Final
Gamblin Test 3
Project Management - CH 14
Other Quizlet sets
Appendix B - Glossary: A
Acct. 100 Final Exam