The flashcards below were created by user
on FreezingBlue Flashcards.
Common Access Control Models
- Mandatory Access Control (MAC)
- Role-Based Access Control (RBAC)
- Rule-Based Access Control
- Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
- All Access is predefined.
- Example: clearance level
Role-Based Access Control (RBAC)
- Allows the user's role to dictate access.
- Example: Based on users job/position
Rule-Based Access Control
- Limits the user to settings on preconfigured policies.
- Example: Normally found in firewalls and routes (ACLs)
Discretionary Access Control (DAC)
- Incorporates some flexibility.
- Example: Individual has control
- Example: Owner gives control
Types of Authentication
- Something you know....
- Something you have....
- Something you are....
- Something you do....
- Somewhere you are....
Something you know....
- PINs or passwords
- Secure passwords
- Minimum length 8 characters
- Complex (use upper-lower case, numbers, special characters)
- Self-service password resets
- One-time Passwords
Something you have....
- Example: CAC card
- Authentication Tokens:
- Passive or Stored Value
- Static Password Token:
- Least secure and not considered a one-time password.
- Synchronous Dynamic Token:
- Time-Based: Synced with internal clock
- Counter-Based: Authentication service will advance to the next value
- Asynchronous Dynamic Token:
- Challenge Response Token
Something you are....
- Something intrinsic to the principal
- Fingerprint: Easy to use / associated with criminals
- Retina: High accuracy / expensive
- Iris: High accuracy / intrusive and expensive
- Face: Easy to use / accuracy issues
- Hand: Easy to use / accuracy issues
- Voice: Inexpensive and non-intrusive / accuracy issues
- Signature: Inexpensive and non-intrusive / accuracy issues
Something you do....
- Action you must take to complete authentication
- Example: Unlock pattern (Mobile devices) - Connecting the dots
Somewhere you are....
- Geolocating tracking (GPS)
- Example: Workstation only works within proximity of access badge
- Only Password encrypted
- 1812 - RADIUS Authentication
- 1813 - RADIUS Accounting
- Authentication, Authorization and Accounting (AAA)
- Entire body encrypted
- 49 - TACACS+
- Allows separate Authentication with Authorization and Accounting by TACACS+
- Authenticates principles (users) to realm