CISSP考试指南笔记:5.12 快速提示
作者:互联网
-
Access is a flow of information between a subject and an object.
-
A subject is an active entity that requests access to an object, which is a passive entity.
-
A subject can be a user, program, or process.
-
Some security mechanisms that provide confidentiality are encryption, logical and physical access control, transmission protocols, database views, and controlled traffic flow.
-
Identity management (IdM) solutions include directories, web access management, password management, legacy single sign-on, account management, and profile update.
-
Password synchronization reduces the complexity of keeping up with different passwords for different systems.
-
Self-service password reset reduces help-desk call volumes by allowing users to reset their own passwords.
-
Assisted password reset reduces the resolution process for password issues for the helpdesk department.
-
IdM directories contain all resource information, users’ attributes, authorization profiles, roles, and possibly access control policies so other IdM applications have one centralized resource from which to gather this information.
-
An automated workflow component is common in account management products that provide IdM solutions.
-
User provisioning refers to the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications.
-
User access reviews ensure there are no active accounts that are no longer needed.
-
The HR database is usually considered the authoritative source for user identities because that is where each user’s identity is first developed and properly maintained.
-
There are five main access control models: discretionary, mandatory, role based, rule based, and attribute based.
-
Discretionary access control (DAC) enables data owners to dictate what subjects have access to the files and resources they own.
-
The mandatory access control (MAC) model uses a security label system. Users have clearances, and resources have security labels that contain data classifications. MAC systems compare these two attributes to determine access control capabilities.
-
Role-based access control (RBAC) is based on the user’s role and responsibilities (tasks) within the company.
-
Rule-based RBAC (RB-RBAC) builds on RBAC by adding Boolean logic in the form of rules or policies that further restrict access.
-
Attribute-based access control (ABAC) is based on attributes of any component of the system. It is the most granular of the access control models.
-
Three main types of constrained user interface measurements exist: menus and shells, database views, and physically constrained interfaces.
-
Access control lists are bound to objects and indicate what subjects can use them.
-
A capability table is bound to a subject and lists what objects it can access.
-
Some examples of remote access control technologies are RADIUS, TACACS+, and Diameter.
剩余内容请关注公众号debugeeker, 链接为CISSP考试指南笔记:5.12 快速提示
标签:control,access,management,based,考试指南,CISSP,5.12,user,password 来源: https://blog.csdn.net/xuzhina/article/details/114420672