CHAPTER SUMMARY

In this chapter, you learned the basics of access control. The purpose of access control is to regulate interactions between a subject (such as a human user) and an object (such as data, a network, or a device). The key difference between the subject and the object is passivity: The subject acts upon a passive object. There are three key components of access control: identification, authentication, and authorization. First, both the subject and object must be identified. Second, the subject’s identity must be proven or authenticated. Finally, the authenticated subject is authorized to act upon the object. You can establish logical access controls for individual subjects, groups of subjects, and objects.

Authentication methodologies are based on three factors: something you know, something you have, and something you are. Once the subject is identified and authenticated using one or more of these factors, the authorization system grants access to an object based on a specified rule base.

KEY CONCEPTS AND TERMS

Access

Access control

Authentication

Authentication factor

Authorization

Biometrics

Identification

Identity and access management (IAM)

Identity management

Media Access Control (MAC) address

Object

Passphrase

Password

Physical security

Policy

Procedure

Shared secret

Smart card

Subject

Token

Tool

CHAPTER 1 ASSESSMENT

  1. The three principal components of access control are _____________, subjects, and objects.
  2. The subject is always a human user.
    1. True
    2. False
  3. Which of the following describes technical methods used to enforce policies?
    1. Access control
    2. Procedures
    3. Tools
    4. Physical security
    5. Authentication
  4. An organization typically uses procedures and tools together to enforce policies.
    1. True
    2. False
  5. The three states of a subject in an access control scenario are authorized, unauthorized, and _____________.
  6. Physical security is typically the responsibility of the IT department.
    1. True
    2. False
  7. What is the first step in the access control process?
    1. Logging in
    2. Authorization
    3. Authentication
    4. Identification
    5. Access
  8. Which of the following is an example of the “something you know” authentication factor?
    1. Username
    2. Token
    3. Password
    4. Retinal scan
    5. Access control list
  9. Which of the following is an example of “something you have”?
    1. Username
    2. Token
    3. Password
    4. Retinal scan
    5. Access control list
  10. Which of the following is an example of “something you are”?
    1. Username
    2. Token
    3. Password
    4. Retinal scan
    5. Access control list
  11. Authorization rules can be as simple or complex as business needs require.
    1. True
    2. False
  12. The four basic access levels are _____________, author, read-only, and no access.
  13. Assigning group access controls eliminates individual accountability.
    1. True
    2. False
  14. The two types of biometric authentication methods are _____________ and physical.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.252.238