Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
54 Cards in this Set
- Front
- Back
Access Control
|
Security features that control how users and systems communicate and interact with other systems.
|
|
Access
|
The flow of information between subject and an object
|
|
Subject
|
An active entity that requests access to an object or the data within an object.
|
|
Object
|
A passive entity that contains information or needed functionality.
|
|
Indentification
|
A method of ensuring that a subject (user, program, or process) is the entity it claims to be.
|
|
Authenicated
|
The subject is usually required to provide a second piece to the credential set. This piece could be a password, passphrase, cryptographic key, personal indentification (PIN), anatomical attribute, or token.
|
|
Authorize
|
The system determines that the subject may have access to the resource
|
|
Logical Access Controls
|
Technical tools used for indentification, authenication, authorization, and accountability. They are software components that enforce access control measures for systems, programs, processes, and information.
|
|
Race Condition
|
when processes carry out their tasks on a shared resource in an incorrect order.
|
|
Factors of Authenication
|
Something a person knows, something a person is, something a person has.
|
|
Strong Authenication.
|
Uses two out of three factors of authentication.
|
|
Identity Management
|
A broad and loaded term that encompasses the use of different products to identify, authenicate, and authorize users through automated means.
|
|
Access Control Review
|
Identificaiton, authenication, authorization, accountability
|
|
Directory Services
|
Allows an administrator to configure and manage how identification, authenication, and access control take place within the network and on individual systems.
|
|
namespace
|
A method of keeping all of the directory service entities organized.
|
|
Meta-directory
|
Gathers the necessary information from multiple sources and stores it in one central directory.
|
|
Virtual Directory
|
Play the same roel and can be used instead of a meta-directory.The difference between the two is that the meta-directory physically has the identity data in its directory, whereas a virtual directory does not and point to where the actual data reside.
|
|
Web Access Management Web Access Management (WAM)
|
Software controls what users can access when using a web browser to interact with web-based enterprise assets.
|
|
Password Synchronization
|
Reduces the complexity of keeping up with different passwords for differents systems.
|
|
Self-Service Password Reset
|
Reduces help-desk call volumes by allowing users to reset their own passwords
|
|
Assisted Password Reset
|
Reduces the resolutions processfor password issues for the help desk. This may included authenication with other types of authenication mechanisms (biometrics, tokens)
|
|
Legacy Sigle Sign-On
|
Users products are commonly used as an IdM solution or as part of a larger IdM enterprise-wide solutions.
|
|
Account Management
|
Deals with creaing user accounts on all systems, modifying the account privileges when necessary, and decommissioning the accounts when they are no longer needed.
|
|
Authoritative Source
|
User information will be copied from the HR database
|
|
Identity Repository
|
When a user requests access to a resource, all of his identity data have already been copied from other identity stores and the HR database and held in this centralized directory.
|
|
User provisioning
|
The creation, maintenance, and deactivation of user objects and attributes as they exist in one of more systems, directories, or applications
|
|
Self-service
|
User profiles contain nonsenistive data that the user can update himself.
|
|
Federate Identity
|
A prtoable identity, and its associated entitlements, that can be used across business bounderies.
|
|
Web Portals
|
Parts of a website that act as a point of access to information. A portal presents information from diverse sources in a unified manner.
|
|
portlets
|
Pluggable user interface software components that present information from other systems.
|
|
Service Provisioning Markup Language (SPML)
|
allows for the exchange of provisioning data between application, which could reside in one organization or many.
|
|
Security Assetion Markup Langauge (SAML)
|
It is used when there is a need to allow a user to log in one time and gain access to different and separate web-based applications, the actual authen cation data have to be shared between the systems maintaining those web applications securely and in a standardized manner.
|
|
Web Services
|
a collection of technologies and standards that allow services to be provided on distributed systems and be "served up" in one place.
|
|
Simple Object Access Protocol (SOAP)
|
A specification that outlines how information pertaining to web services is exchanged in a structured manner. It provides the basic messaging framework, which allows users to request a service and, in exchange , the service is made available to the user.
|
|
Service Oriented Architecture (SOA)
|
A way to provide independent servies residing on different systems in different domains in one consistent manner.
|
|
Extensible Access Control Markup Langauge (EACML)
|
Used to express security policies and access rights to assets provided through web services and other enterprise applications.
|
|
Biometrics
|
Verifies an individual's identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identifications.
|
|
TYpe I error
|
false rejection rate
|
|
Type II error
|
False acceptance rate
|
|
crossover error rate (CER)
|
A percentage and represents the point at which the false rejection rate equals the false acceptance rate.
|
|
Electronic Monitoring
|
Listening to nework traffic to capture informatino, especially when a user is sending her password to an authenication server.
|
|
Replay Attack
|
The password can be copied and reused by the attacher at another time.
|
|
Access the password file
|
Usually done on the authenication server. The password file contains many users passwords end, if compromised, can be the source of the a lot of damage. This file should be protected with access control mechanisms and encryption.
|
|
Brute Force Attacks
|
Performed with tools that cycle through many possible character, number, and symbol combinations to uncover a password.
|
|
Dictionary Attacks
|
Files of thousands of words are compared to the user's password until a match is found.
|
|
Social Engineering
|
An attacker falsely convinces an individual that she has the necessary authorization to access specific resources.
|
|
Rainbow table
|
An attacker uses a table that contains all possible passwords already in a hash format.
|
|
Password Checker
|
Used to check the strength of a password
|
|
Password hacker
|
used to discover a password
|
|
Cognitive Passwords
|
Fact or opinion based information used to verify an individual's identity.
|
|
One-time password
|
Also called a dynamic password, it is used for authenication purposes and is only good once.
|
|
The token device
|
Usually a handheld device that has an CLD display and possibly a keypad.
|
|
Sychronous token device
|
Used with the authenication srvice by using time or a counter as the core piece of the authenication process.
|
|
Asychronous
|
A token device using an asychronous token-generating method employs a challenge/response scheme to authenicate the user.
|