Accounting
What is keeping track of who does what on a computer or network.
What is Accounting?
The process of specifying the actions a user can perform once they have authenticated themselves.
What is Authorization?
Type 1 Authentication is...
What is something you know.
Ex:
PIN
Passphrase
Pattern Lock
Proving you are who you say you are.
What is Authentication?
Anything that happens on a computer or network.
What is an Event?
EX:
Signing in or out, accessing or modifying a file, or visiting a website.
This model of ACL emphasizes the importance of the owner (creator) of a resource.
What is Discretionary Access Control (DAC)?
EX:
Only person with full access to the resource
Can modify to the ACL to allow others to view to view, edit, or copy
Can also transfer ownership to another user
By authenticating one time, you get access to all other related systems.
What is Single Sign On?
This denies access to any user who does not have explicit authorization granted.
What is An Implicit Deny Rule?
Keeping a detailed list of anything the happens on a computer or network.
What is Logging?
Ex:
Users name, computer accessed, date and time of login, how long user was signed in, and websites visited.
This grants permissions to users based on each user's role and modifies the ACL based on pre-configured rules.
What is Role-based access control systems?
Ex:
A student user has permission to view course resources, such as videos, labs, and text lessons. However they don't have permission to view other's grades or make direct changes to the gradebook.
Teachers have the same permissions as students, plus the ability to view and edit the grades of their students. However, they can't access grades of students in other teachers' classes.
Administrators can view and edit the grades for every student at the school, regardless of who the teacher is.
Type 2 Authentication is...
What is Something you have.
Ex:
Keys
Tokens
One Time Passwords
Users are given only the access they need to do their specific tasks.
What is the principle of Least Privilege?
When something goes wrong, they find out who was signed in, what files were accessed, and how permissions were used.
What is A system Accountant?
What is Uses security clearance levels to specify the users who can access designated resources?
What is Mandatory access control (MAC)
Using two or more of the types to gain access to a system.
What is Multifactor Authentication?
EX:
Use Type 1 (A password) and Type 2 (A smart card) to gain access.
Allowed actions that are assigned in an access control list (ACL).
What are Permissions?
Taking measures to verify the identity of someone performing an action.
What is Non-Repudiation?
Non-Repudiation techniques:
Setting up a surveillance camera, Strong authentication protocols, signatures and receipts
Mandatory access control is an example of
What is Least Privilege?
Type 3 Authentication is...
What is Something you are.
Ex:
Finger print
Face / Retina Scan
Voice Recognition
Google Docs is an example of what kind of ACL Model?
What is Discretionary Access Control (DAC)?