Lesson 9 - Chapter 2: Authorization Flashcards
(41 cards)
What is authorization?
giving permission to access certain resources
Which happens first, authorization or authentication?
authentication, authorization relies upon on the accuracy of authentication methods used
What’s another name for authorization?
access control
(because you’re controlling who can access a resource)
The primary consideration in access control is the principle of least privilege. What does that mean?
The permissions and rights assigned to a user account should be the minimum they need to perform their tasks
How do you make sure you keep user access permissions tight? (2)
- Disable any unused user accounts
- Remove all other permissions, and assign only the access required
What happens when a user is a member of more than one group? What permissions do they have?
their permissions are combined from each group
When you combine all the permissions a user has across multiple groups, what is that called?
effective permissions
What are some ways you can use directory permissions? (3)
limit
protect
protect
- limit access to sensitive information on a shared file server
- protect others from snooping your user-specific files on a multi-user system
- protect a system’s software from being compromised by any scripts/programs that are run by a user
Using strict directory permissions won’t work if a bad actor has access to what?
if someone has physical access to the hard drive
What do you use to protect (hard drive) data while it is at rest (not moving around the network)?
full-disk data encryption (like BitLocker)
What’s one thing to pay attention to when it comes to default accounts and groups?
the default groups (Everyone, Guest, Users) are a broad group, so never use them unless you want to permit ALL of those people access
(you can use them but remember to configure them with the proper permissions)
What does ACL stand for?
Access Control List
What is an ACL?
Access Control List,
A list that determines who or what can have access to a certain resource
What are the 2 basic types of ACLs?
- A list stored in the boot drive of a file system; provides the basis for user/group permissions
- A list of allowed MAC addresses from a wireless network that is stored on a WAP
What are the differences and similarities between the 2 basic ACL types?
they work differently, but both share an ability to permit or block access to a resource
Permissions control how users….
access resources
What are policies?
permissions for activities (access command prompt, install software, log-on times, etc)
(different from an ACL which are true permissions that control access to a certain resource)
What type of policies can you find in the Local Security Policy? (secpol.msc)
More than password policies, many policies for managing security
Where would you find the setting that prevents a Guest account from signing into the computer from the network?
Local Policies > User Rights Assignment
Local Policies work great for individual systems, but a pain to apply the same settings to more than 1 PC on your network. What’s the next step up you can use to apply policy settings to a whole group at once?
Windows Active Directory’s domain-based Group Policy utility
What would you use to set a default wallpaper for every PC in your domain?
Group Policy
What is data at rest?
Data that is not in use (in memory) or is being transmitted
How is data at rest best protected in its helpless state?
encryption
What is encryption?
the conversion of plain text into cipher text