Logical security - encompasses measures and protocols implemented in software to protect data, network resources, and systems from unauthorized access and attacks., Encryption - used to convert readable data into a secure format that can only be read or processed after it is decrypted., Data in transit - information that is being transferred over a network, from one device to another or across the internet., Data at rest - any data stored on physical media, from hard drives to USB drives, awaiting use or retrieval., certificates - digital documents that use cryptographic techniques to bind a public key with an identity, (person, organization, or device)., Public key infrastructure (PKI) - is a framework used to create, manage, distribute, use, store, and revoke digital certificates, self signed - issued and signed by the entity itself, rather than a trusted certificate authority (CA)., Identify and access management (IAM) - framework of business processes, policies, and technologies that facilitates the management of electronic or digital identities., Authentication - This process involves validating credentials also like passwords, biometrics, or other verification methods before granting access to systems., Multi factor authentication - enhances security by requiring two or more verifications on factors to gain access to a resource,, Single sign on (SSO) - allows users to log in once and gain access to multiple related but independent software systems without being prompted to log in again at each of them., Remote identification dial in user service (RADIUS) - provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. It is widely used by ISPs and enterprises to manage access to the network, keeping track of logging by users and ensuring their credentials als are correct., LDAP - standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. It functions like a phone book for networks, used to search, manage, and access information in a hierarchical directory, often for user authentication and authorization, Security assertion mark up language (SAML) - open standard for exchanging authentication and authorization data between parties, specifically between an identity type provider and a service provider., Terminal access controller access control system plus (TACACS+) - protocol that handles authen ca on, authoriza on, and accounting services for networked access control. It separates these three functions which allows more flexibility in administration and provides better control over who can access what on the network., Time based authentication - involves the use of a time-limited code or token as part of the authentication process., Authorization - determines what resources a user can access and what operations they can perform after they have been authenticated., Least privilege - requires that users, programs, or processes operate using the minimum set of privileges necessary to complete their tasks., role based access control - method of restricting network access based on the roles of individual users within an enterprise., Geofencing - location-based service in which a software program uses GPS, RFID, Wi-Fi, or cellular data to trigger a preprogrammed ac on when a mobile device or RFID tag enters or exits a virtual boundary set up around a geographical location,,

4.1 Network security concepts

打印
嵌入

排行榜

视觉风格

选项

切换模板

恢复自动保存: