defense in depth - the basic concept is to formulate a multilayered defense that will allow you to still mount a successful resistance should one or more of your defensive measures fail, Identification - is simply an assertion of who we are. This may include who we claim to be as people, who a system claims to be over the network, or who the originating party of an email claims to be., identity verification - Examples driver's licenses or social security cards, birth certificate, Authentication - the set of methods used to established whether a claim of identity is true., What are the five authentication factors ? - Something you do,Where you are,Something you have,something you are,Something you know, Multi-factor authentication - uses one or more of the factors discussed in the preceding section., Mutual Authentication - is an authentication mechanism in which both parties in a transaction authenticate each other., Hardware Tokens - A standard hardware token is a small device, typically in the general form factor (size and shape) of a credit card or keychain fob, Authorization - is the process of determining exactly what an authenticated party can do, Access controls - which are the tools and systems you use to deny or allow access. (Granting, denying, limiting, revoking), sandbox - is an isolated environment that protects a set of resources. can be useful for containing things that you can’t trust, such as code from public websites, File System ACLs - The ACLs in most file systems will have three types of permissions (the authorizations that allow access to specific resources in a specific manner): read, which allows a user to access the contents of a file or directory; write, which allows a user to write to a file or directory; and execute, which allows a user to execute the contents of the file if that file contains either a program or a script capable of running on the system in question., Network ACLs - In network ACLs, you typically filter access based on identifiers used for network transactions, such as Internet Protocol (IP) addresses, Media Access Control addresses, and ports., Media Access Control - address filtering is one of the simplest forms of network-oriented ACLs. Media Access Control addresses are unique identifiers hard-coded into each network interface in a given system., IP address - an IP address is a unique address assigned to each device on any network that uses the Internet Protocol for communication., Black holes - apply large-scale filtering to block out known attacks, spammers, and other undesirable traffic. Such filtering might include dropping traffic from individual IP addresses, ranges of IP addresses, or the entire IP spaces of large organizations, internet service providers, or even entire countries., Sockets - you can allow or deny network traffic from one or more IP addresses with one or more applications on your network in a workable fashion., network port ( filtering traffic) - is a numerical designation for one side of a connection between two devices, and we use them to identify the application to which traffic should be routed., cross-site request forgery (CSRF - is an attack that misuses the authority of the browser on the user's computer. If the attacker knows of, or can guess, a website that has already authenticated the user—perhaps a common site such as Amazon.com—the attacker can embed a link in a web page or HTML-based email, generally to an image hosted from a site controlled by the attacker., confused deputy problem - These often involve tricking the user into taking some action when they really think they are doing something else entirely. Many of these attacks are client-side attacks, which take advantage of weaknesses in applications running on the user’s computer., clickjacking - is a particularly sneaky and effective client-side attack that takes advantage of some of the page rendering features that are available in newer web browsers., access control model - is a way of determining who should be allowed access to what resources., Discretionary Access Control - the owner of the resource determines who gets access to it and exactly what level of access they can have. You can see DAC implemented in most operating systems; if you decide to create a network share in a Microsoft operating system, for instance, you're in charge of people's access to it., Mandatory Access Control (MAC) - the owner of the resource doesn’t get to decide who gets to access it. Instead, a separate group or individual has the authority to set access to resources. You can often find MAC implemented in government organizations, where access to a given resource is largely dictated by the sensitivity label applied to it (secret or top secret, for example), by the level of sensitive information the individual is allowed to access (perhaps only secret), and by whether the individual actually has a need to access the resource (a concept called the principle of least privilege, discussed in the box)., Principle of Least Privilege - dictates that you should give a party only the bare minimum level of access it needs to perform its functionality., Rule-Based Access Control - allows access according to a set of rules defined by the system administrator., Attribute-based access control (ABAC) - is based on the specific attributes of a person, resource, or environment., Subject attributes - belong to an individual. We could choose any number of attributes, such as height in the classic “you must be this tall to ride” access control in amusement park rides., The Biba Models - primarily concerned with protecting the integrity of data, even at the expense of confidentiality. That means it’s more important to keep people from altering the data than from viewing it., The Bell-LaPadula - implements a combination of discretionary and mandatory access controls (DAC and MAC) and is primarily concerned with the confidentiality of the resource in question—in other words, making sure unauthorized people can’t read it. Generally, in cases where you see these two models implemented together, MAC takes precedence over DAC, and DAC works within the accesses allowed by the MAC permissions.,
0%
Fundamentals of Information Security - D430 Terms Pt 2
Share
Share
Share
by
Rareintuitions
Edit Content
Print
Embed
More
Assignments
Leaderboard
Show more
Show less
This leaderboard is currently private. Click
Share
to make it public.
This leaderboard has been disabled by the resource owner.
This leaderboard is disabled as your options are different to the resource owner.
Revert Options
Match up
is an open-ended template. It does not generate scores for a leaderboard.
Log in required
Visual style
Fonts
Subscription required
Options
Switch template
Show all
More formats will appear as you play the activity.
Open results
Copy link
QR code
Delete
Continue editing:
?
Rareintuitions