| A | B |
|---|
| Access control | combines authentication and authorization |
| authentication | proves users idenity |
| authorization | granting users access |
| CIA elements | confidentiality, integrity,availability |
| share-based access control | same as password-based control |
| access based on user identity | user- based identity |
| depends on workstation being used | location based identity |
| Interoperability | ability of objects to interact with each other |
| authenticity | determines trustworthiness |
| synergistic | single control manages many objects |
| Discretionary control (DAC) | uses ACLs to define access |
| Mandatory access Control (MAC) | uses sensitivity labels and need to know |
| Role-based (RBAC) | uses work task list |
| Kerberos | authentication mechanism that encrypts logon credentials |
| Internet Protocol Security (IPSec) | used to encrypt transmissions, sessions and network traffic |
| Single-factor authentication | weakest form of authentication |
| Tojan horse,key loggers, shoulder surfing | can capture passwords |
| impersonation | logging on with someone elses password |
| easy to remember, difficult to guess | good password |
| biggest drawback in strong passwords | users write down password |
| enrollment | required for biometric authorization |
| Crossover rate | measure of reliability using rate of false rejections and acceptace |
| acceptance | how users feel about biometric device |
| capability | ability of users to use device |
| token | device issued to user for login |
| drawback of tokens | difficult to deploy and expensive, may run out of battery |
| drawback of biometrics | may not be acceptable to users, can be spoofed by photo, gelatin, etc. |
| drawback of passwords | impersonation |
| strongest authentication | use of more than one factor |
| ticket granting | gives users use (Kerberos) |
| Key Distribution | authentication (Kerberos) |
| RADIUS | allows users to authenticate to remote servres |
| Realm | organization boundry |
| RTGS | grants tickets for remote realms |
| CHAP | protocol that authenticates remote clients or routers, periodic reauthorization |
| MD5 | hash function |
