CISSP考试指南笔记:5.12 快速提示

2021-03-23 11:06:46 浏览数 (1)
  • Access is a flow of information between a subject and an object.
  • A subject is an active entity that requests access to an object, which is a passive entity.
  • A subject can be a user, program, or process.
  • Some security mechanisms that provide confidentiality are encryption, logical and physical access control, transmission protocols, database views, and controlled traffic flow.
  • Identity management (IdM) solutions include directories, web access management, password management, legacy single sign-on, account management, and profile update.
  • Password synchronization reduces the complexity of keeping up with different passwords for different systems.
  • Self-service password reset reduces help-desk call volumes by allowing users to reset their own passwords.
  • Assisted password reset reduces the resolution process for password issues for the helpdesk department.
  • IdM directories contain all resource information, users’ attributes, authorization profiles, roles, and possibly access control policies so other IdM applications have one centralized resource from which to gather this information.
  • An automated workflow component is common in account management products that provide IdM solutions.
  • User provisioning refers to the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications.
  • User access reviews ensure there are no active accounts that are no longer needed.
  • The HR database is usually considered the authoritative source for user identities because that is where each user’s identity is first developed and properly maintained.
  • There are five main access control models: discretionary, mandatory, role based, rule based, and attribute based.
  • Discretionary access control (DAC) enables data owners to dictate what subjects have access to the files and resources they own.
  • The mandatory access control (MAC) model uses a security label system. Users have clearances, and resources have security labels that contain data classifications. MAC systems compare these two attributes to determine access control capabilities.
  • Role-based access control (RBAC) is based on the user’s role and responsibilities (tasks) within the company.
  • Rule-based RBAC (RB-RBAC) builds on RBAC by adding Boolean logic in the form of rules or policies that further restrict access.
  • Attribute-based access control (ABAC) is based on attributes of any component of the system. It is the most granular of the access control models.
  • Three main types of constrained user interface measurements exist: menus and shells, database views, and physically constrained interfaces.
  • Access control lists are bound to objects and indicate what subjects can use them.
  • A capability table is bound to a subject and lists what objects it can access.
  • Some examples of remote access control technologies are RADIUS, TACACS , and Diameter.
linux python access 数据库 sql

0 人点赞