Security+ - Domain 3 - Access Control and Identity Management (Study)

Card Set Information

Author:
mpskeeter
ID:
310928
Filename:
Security+ - Domain 3 - Access Control and Identity Management (Study)
Updated:
2015-11-04 20:56:26
Tags:
Security Access Control Identity Management Study
Folders:
Security+
Description:
Security+ Domain 3 - Access Control and Identity Management
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user mpskeeter on FreezingBlue Flashcards. What would you like to do?


  1. Common Access Control Models
    • Mandatory Access Control (MAC)
    • Role-Based Access Control (RBAC)
    • Rule-Based Access Control
    • Discretionary Access Control (DAC)
  2. Mandatory Access Control (MAC)
    • All Access is predefined.
    • Example: clearance level
  3. Role-Based Access Control (RBAC)
    • Allows the user's role to dictate access.
    • Example: Based on users job/position
  4. Rule-Based Access Control
    • Limits the user to settings on preconfigured policies.
    • Example: Normally found in firewalls and routes (ACLs)
  5. Discretionary Access Control (DAC)
    • Incorporates some flexibility.
    • Example: Individual has control
    • Example: Owner gives control
  6. Types of Authentication
    • Something you know....
    • Something you have....
    • Something you are....
    • Something you do....
    • Somewhere you are....
  7. Something you know....
    • PINs or passwords
    • Secure passwords
    • Minimum length 8 characters
    • Complex (use upper-lower case, numbers, special characters)
    • Self-service password resets
    • One-time Passwords
  8. Something you have....
    • Tokens:
    •    Example: CAC card
    • Authentication Tokens:
    •    Passive or Stored Value
    •    Active
    • Static Password Token:
    •    Least secure and not considered a one-time password.
    • Synchronous Dynamic Token:
    •    Time-Based: Synced with internal clock
    •    Counter-Based: Authentication service will advance to the next value
    • Asynchronous Dynamic Token:
    •    Challenge Response Token
  9. Something you are....
    • Something intrinsic to the principal
    •    Fingerprint: Easy to use / associated with criminals
    •    Retina: High accuracy / expensive
    •    Iris: High accuracy / intrusive and expensive
    •    Face: Easy to use / accuracy issues
    •    Hand: Easy to use / accuracy issues
    •    Voice: Inexpensive and non-intrusive / accuracy issues
    •    Signature: Inexpensive and non-intrusive / accuracy issues
  10. Something you do....
    • Action you must take to complete authentication
    •    Example: Unlock pattern (Mobile devices) - Connecting the dots
  11. Somewhere you are....
    • Geolocating tracking (GPS)
    •    Example: Workstation only works within proximity of access badge
  12. Authentication Protocols
    • NTLM:
    •    Old,
    •    legacy,
    •    WINNT
    • RADIUS:
    •    Only Password encrypted
    •    Dial-up
    •    UDP
    •       1812 - RADIUS Authentication
    •       1813 - RADIUS Accounting
    •    Authentication, Authorization and Accounting (AAA)
    • TACACS+:
    •    Entire body encrypted
    •    TCP
    •       49 - TACACS+
    •    Allows separate Authentication with Authorization and Accounting by TACACS+
    • Kerberos:
    •    Authenticates principles (users) to realm
    •    Tickets

What would you like to do?

Home > Flashcards > Print Preview