Part 2 Lesson 3

Card Set Information

Part 2 Lesson 3
2015-02-17 14:28:26
Part Lesson
Part 2 Lesson 3
Part 2 Lesson 3
Show Answers:

  1. NOTE: A network is made up of several distributed systems, each of which generally acts independently as a separate security domain with its own login or access credentials. As a result, an active user may have several sets of login or access credentials: one for the network, one for the desktop, one for a database system, and others for various local or remote applications.
  2. NOTE: Users typically have several accounts, too: network, email, websites, database systems, intranet, and more. This in itself is not a particularly big problem, but it can create a threat because users have the habit of using the same password, and sometimes the same username, on several accounts. Should a hacker phish one account, he then has most of what he needs to hack any of the accounts with the same credentials.
  3. Website passwords are particularly vulnerable, especially on those sites that provide an automated password rest function. If a hacker knows anything about the target user, the security questions, which are supposed to provide some form of __________________, actually don't present much of a barrier at all.  Think about the password reset systems you've used on various websites.  All someone would need to know is your birthday, elementary school, childhood nickname, pet's name, or mother's maiden name to resent your password and gain access to whatever information you've provided to the site.
    Multifactor authentication
  4. One solution to multiple account credentials. Where the user logs into a primary login domain to establish a session. The primary domain requires a single set of credentials, typically a username and password that it associates with a particular user and set of rights and privileges. In most cases, the primary domain is an operating system session running on the user's computer. When the user wishes to access a secure application or network, the primary login domain supplies the required credentials for each authentication request.
    Single sign on (SSO)
  5. NOTE: There are several security administrative issues involved in an SSO environment:
    -The secondary login domains (the secure applications or systems) must accept the primary login domain as a trusted source. They also have to accept that the primary domain provides the correct authentication and identification credentials for each end user.
    - The secondary domain must also assume that the primary login domain has adequate protection for the user's authentication credentials. Specifically, the primary domain must protect the credentials against interception and eavesdropping, especially when the credentials pass between the primary and secondary domains.
  6. NOTE: One way to add more protection to an SSO environment is to implement multifactor authentication by adding a biometric (such as a fingerprint reader) or token (like a smart card) to the login process. The odds of a hacker knowing a password and possessing the owner's fingerprint, eye print, or security token is next to impossible.
  7. NOTE: Avoid overusing SSO. Within a single security domain, SSO is a time-saver for the user and an added security tool for the system administrators. However, you should shy away from applying SSO to remote logins, especially third-party accounts. You probably don't want to provide an outside supplier or customer with an SSO account on your network, nor should they provide you with one.
  8. NOTE: Its far easier for a system administrator to maintain permissions and privileges for a group of several users than to do the same for each user separately.
  9. allow the administrator to match the permissions and privileges of a group's members more closely to their job function and roles.
    Group Accounts.

    Member users obtain their rights from the group account rather than from individual accounts. Users can belong to one or both of two types of group accounts: a local group or a global group.
  10. NOTE: On a network, users or groups belong to either local accounts or domain (network) accounts.
  11. exists on a specific computer and is separate from any group or user accounts that exist on a network or domain.
    Local Group

    The users of a local group have local user accounts.
  12. Members of a local group have these, which, likewise, only exist on a network workstation or a member server.
    local user accounts

    For example: On a Windows network, local user accounts don't exist on a domain controller.
  13. NOTE: Essentially, a local group exist to manage the local user accounts on a given computer. A local group, which allows the administrator to secure local resources, can also contain domain or network users.
  14. Contains remote user accounts from around a network. In a Windows environment, it represents a collection of Active Directory user accounts.
    Global Groups
  15. A user attempting to log off a computer does so under this type of user privilege?
    Automatic privilege
  16. A user who has absolute power on a system is typically this type of user?
    Privilege user
  17. This type of user can operate a computer and open, create, and save documents, but cannot manipulate system settings?
    Restricted user
  18. A group account limited to a single computer
    Local group
  19. A group account that may include remote user accounts?
    global group
  20. A password that meets or exceeds the password policy requirements?
    Strong password
  21. A method for cracking a password by generating every possible combination of characters and comparing it to stored passwords?
    Brute Force Guessing
  22. An account policy that calls for disabling a user's account when a incorrect password is used a specific number of times.
    Account lockout
  23. A process that automatically presents credentials to the authentication and authorization authority of multiple applications?
    Single Sign-On
  24. A privilege extended to a user or application based on the use of a valid authentication credential?
    Granted Privilege