Flow of information between subject (active entity) and object (passive entity)
Subjects: Clearance, capability
Object: Clasiffication, ACL
Principles:
Least privilege:
Separation of duties:
Identification:
Authentication
Authorization:
Accountability:
Controls types:
Administrative
Technical (logical)
Physical
Controls categories:
Directive:
Preventive:
Detective:
Corrective:
Recovery:
Deterrent:
Types:
Mandatory Access Control (MAC): Use labels
Discretionary Access Control (DAC)
Non-discretionary Access Control
Type I: Something you Know
Type II: Something you Have
Type III: Something you Are
Biometric:
Retina: Change over time, Invasion privacy
Iris: Remains (comparatively), not invasive
Minutiae:
Type I Error: FRR (False Reject Rate)
Type II Error: FAR (False Acceptance Rate)
CER (Crossover Error Rate) or Equal Error rate
Single Sign On (SSO)
Pro:
Cons:
Kerberos:
Symetric crypto
KDC
AS
TGT
TGS
SESAME:
KRYPTONIGHT
Directory Services:
Access Control Methodologies:
Centralized:
RADIUS:
DIAMETER:
CALLBACK:
CHAP
TACACS+
Smart Cards:
Contact
Contactless
Combi card
Identity Management:
Directory based
Web access management
Password management
Account management
Provisioning
Profile update
Threats:
Computing: DDOS, Unauthorized software, Software defects
Physical: Unauthorized access, electronic emanations
Personal: Social engineering
No hay comentarios.:
Publicar un comentario