Chapter 6 - Access Controls Flashcards
Access Control
Protecting a resource so that it is only accessed by those allowed to use it
Parts of four-part access control
- Identification
- Authentication
- Authorization
- Accountability
Policy definition phase
Define who has access and which resources they can use
Policy enforcement phase
Reject or grant requests for access based on authorizations from the definition phase
Two types of access controls
- Physical
- Logical
Physical access controls
Control entry into a building or other protected area
Example of physical access controls
Smart cards
Logical access controls
Control entry into a computer system or network
Example of logical access controls
Pin or biometrics
The security kernel is what?
The central point of access control
Security kernel (Definition)
permits access when conditions are met
Components of access control
Users, resources, actions, and relationships (conditions between users and resources)
Synchronous token
Use time or events to synchronize with an authentication server
Asynchronous token
uses a challenge-response mechanism
Types of biometrics
dynamic and static
Dynamic biometrics examples
voice inflections or keyboard strokes (what you do)
Static biometrics examples
fingerprints, facial recognition (what you are)
Advantages of biometrics
person must be physically present, difficult to fake, don’t have to worry about lost IDs or forgotten passwords
Disadvantages of biometrics
physical characteristics may change, required devices are expensive
Single sign-on (SSO)
sign onto a computer or network once and then be allowed access into all computers and systems where authorized
Advantages of SSO
Efficient, reduces human error, locks out users with too many failed attempts
Disadvantages of SSO
compromised passwords grant complete access to an intruder, limited security, authentication server can become a single point of failure
Identification
who is trying to gain access?
Authentication
can their identities be verified?
