Week 11

Created by

Daniel Shogun

Cards (45)

Access Control - It is the selective method by which systems specify who may use a particular resource and how they may use it.
Discretionary Access Controls - It is a control that are implemented at the discretion or option of the data user
Nondiscretionary Access Control - It is a strictly enforced version of MACs that are managed by a central oauthority in the organization and can be based on an individual user's role or a specified set of task
Mandatory Access Control - Whereby the organization specifies use of resources based on the assignment of data classification schemes to resources and clearance levels to users.
Role-Based Access Control - It is an example of nondiscretionary control where privileges are ties to the role of a user performs in an organization and are inherited when a used is assigned to that role.
Task-Based Access Control - It is an example of nondiscretionary control where privileges are tied to a task a user performs in an organization and are inherited when a user is assigned to that risk.
Identification - It is an access control mechanism whereby unverified supplicants who seek access to a resource provide a label by which they are known to the system.
Authentication - It is an access control mechanism that requires the validation and verification of a supplicant's purported identity.
Something a supplicant knows - It can be a password, passphrase, or other unique authentication code or PIN.
Something a supplicant has - It can be dumbcards such as ID card or ATM cards with magnetic stripes that contain digital or encrypted.
Synchronous Token - This token must be calibration with the corresponding software on the central authentication server.
Asynchronous token - This token does not require calibration to the central authentication server.
Something a supplicant is or can produce - It relies on individual characteristics, such as fingerprints, palm prints, hand topography, hand geometry, or retina or iris scans.
Authorization - It is the matching of an authenticated entity to a list of information assets and corresponding access levels.
Accountability - It is also known as auditability, and it ensures that all actions on system -- authorized or unauthorized -- can be attributed to an authenticated identity.
System Logs - It record specific information, such as failed access attempts and systems modifications.
Logs - It has many uses such as intrusion detection, determining the root cause of a system failure, or simply tracking the use of a particular resource.
Biometric Access Control - It is an access control approach based on the use of a measurable human characteristic or trait to authenticate the identity of a proposed systems user.
False Accept Rate - In biometric access controls, the percentage of identification instances which unauthorized users are allowed access. Also known as Type II error.
False Reject Rate - In biometric access controls, the percentage of identification instances in which authorized users are denied access. Also known as a Type I error.
Crossover Error Rate - In biometric access controls, the level at which the number of false rejection equals the false acceptances.
Security Access Control Architecture Model - These are often referred to simple as architecture models, illustrate access control implementations and can help organizations quickly make improvements through adaptation.
Trusted Computing Based - It is the combination of all hardware, firmware, and software responsible for enforcing the security policy.
Covert Channel - It is unauthorized or unintended methods of communications hidden inside a computer system.
Storage Channel - A covert channel that communicates by modifying a stored object.
Timing channel - A covert channel that transmits information by managing the relative timing of events.
Firewall - It is a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network.
Trusted Network - It is the system of networks inside the organization that contains its information assets and is under the organization's control.
Untrusted Network - It is the system of network outside the organization over which the organization has no control and the example of this is internet.
Packet-Filtering Firewall - It is also referred as filtering firewall wherein a networking device that examines the header information data packets that come into a network.
Static Filtering - A firewall type that requires configuration rules to be manually created sequenced, and modified within the firewall.
Proxy Server - It is a server or firewall device capable of serving as an intermediary by retrieving information from one network segment and providing it to a requesting user on another.
Reverse Proxy - A proxy server that most commonly retrieves information from inside an organization and provides it to a requesting user or system outside the organization.
Demilitarized Zone - It is an intermediate area between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside, untrusted network.
MAC Layer Firewalls - A firewall designed to operate at the media access control sublayer of the network’s data link layer
Virtual Private Network - A private and secure network connection between systems that uses the data communication capability of an unsecured an public network.
Trusted VPN - Also known as a legacy VPN, a VPN implementation that uses leased circuits from a service provider who gives contractual assurance that no one else is allowed to use these circuit and that they are properly maintained and protected.
Secure VPN - A VPN implementation the uses security protocols to encrypt traffic transmitted across unsecured public networks.
Hybrid VPN - A combination of trusted and secure VPN implementations.
Lattice-Based Access Control - it is an access control approach that uses a matrix or lattice of subjects and object to assign privileges.