|
|
Logical Access Control / Technical Access Control
a few points I can recall from the Prep Guide book:
A)
- MAC: owner+system grant accee, based on Security Label on both subject (user) and object (data)
- DAC: owner grant access
- Role Based AC: related to job function, granted to a group of people of same job function - at least 2 list: user + ACL - userA->bank teller & ACL->bank teller can access fileABC
- Rule Based AC: managed by ACL - in ACL, user is related to capabilities
B)
- Preventitive: login, login banner, firewall, anti-virus (before affected)
- Detective: audit trail, log file, IDS, anti-virus (after affected)
- Corrective: back/recoveray, insident handling, anti-virus (clean up)
C)
- SSO: kerbero - uses secret/symmetricKey - authentication services is single point of failure
- SSO: sesame - uses public+secret key
D)
- Multifactor authentication: something you are, you have and you know
- Smart Card / Token / Biometrics: something you have + something you know + something you are (biometrics only)
- Token: main purpose is something you know
(more to come) |
|
楼主: 降龙十八掌
IP卡
狗仔卡
发表于 2002-9-4 12:54
显身卡
发表于 2002-9-5 14:32
