CBK#1 Access Control Systems & Methodology - Page 2

CBK#1 Access Control System & Method. - Page 1 2 3 4 5 6 7 8

Authentication
The subject is required to provide a second piece to the credential set.
Passwords:
Is a protected string of characters that is used to authenticate an individual.
Clipping level - An allowed number of failed logon attempts to happen before a user is locked out.
Password checkers - Test of user-chosen passwords.
Password Generators - Generators that produce users' passwords.
Password Aging - Expiration dates for passwords.
Limit Login Attempts - Threshold set to allow only a certain number of unsuccessful login attempts.
Cognitive password:
Fact- or opinionbased information used to verify an individual's identity.
One-time passwords / dynamic password:
After the password is used, it is no longer valid.
Token Device:
Is a password generator that uses a challenge response scheme.
Synchronous token device - Synchronizes with the authentication service by using time or an event as the core piece of the authentication process.
Time based synchronous token device - The device and the authentication service must hold the exact same time within their internal clocks.
Event-synchronization - The user may need to initiate the logon sequence on the computer and push a button on the token device.
Asynchronous token device - Uses challenge-response scheme to communicate with the authenticate with the authentication service.
Cryptographic Keys:
Presenting a private key or a digital signature.
Passphrase:
Is a sequence of characters that is longer than a password. The user enters this phrase into an application and the application transforms the value into a virtual password.
Memory Card:
A card that holds information, but does not process information.
Smart Card:
A card that has the capability of processing information because it has a microprocessor and integrated circuits incorporated into the card itself.
A smart card also provides a two-factor authentication method because the user has to enter a user ID and PIN to unlock the smart token.

Authorization
Granting access to a subject to an object after the object has been properly identified and authenticated.
Need-to-know:
Users will only have the necessary rights and permissions they need to fulfil the obligations of their jobs within the company.

CBK#1 Access Control System & Method. - Page 1 2 3 4 5 6 7 8

CISSP Summary 2002Related links | References

CBK#1 Access Control Systems & Methodology | CBK#2 Telecommunications & Network Security | CBK#3 Security Management Practices | CBK#4 Applications & Systems Development Security | CBK#5 Cryptography | CBK#6 Security Architecture & Models | CBK#7 Operations Security | CBK#8 Business Continuity Planning & Disaster Recovery Planning | CBK#9 Law, Investigations & Ethics | CBK#10 Physical Security

Contact:

E-mail: john.wallhoff@mailbox.swipnet.se
Written by: J.Wallhoff January - April 2002
Updated by: J.Wallhoff April 2002