Page 3 - Security+ (635 notes by Nikkhah)

P. 3

General Security Concepts

Mandatory Access Control (MAC)
1- MAC is usually hardcoded into a device and is nondiscretionary.

2- MAC is universally applied to all objects.
3- Administrators or owners of the object cannot change MAC settings.

4- MAC is also known as label-based access control.

Discretionary Access Control (DAC)

5- DAC is usually provided by the operating system.
6- Administrators or owners of objects implement DAC.

7- DAC makes it possible to change the ownership of objects.

Role-based Access Control (RBAC)

8- RBAC is used to implement security on objects based on the job functions/roles of users.
9- It is highly configurable and offers the most flexibility in implementing access control.

10- It provides simplified and centralized administration of shared resources.
11- Administrators put users into groups and configure permissions based on job roles.

Authentication methods
12- Authentication verifies the identity of a person who wants to access a resource.

13- Authentication can be a one-way or a two-way process.
14- User credentials can be supplied by username/password combination, biometrics ,smart

cards, or multifactor methods.

Kerberos

15- Kerberos is an authentication protocol used for mutual (two-way) authentication.
16- It uses symmetric key cryptography with the help of a third party.

17- Kerberos realms leverage a Key Distribution Center (KDC) to issue secure encryption keys
and tokens.

18- When a user presents his credentials, a Ticket Granting Ticket (TGT) is cached locally on

the user’s computer.
19- The user presents the TGT to the server to obtain a session key, which is timestamped

www.hrnikkhah.com by : Hamid Reza Nikkhah Page 1

1 2 3 4 5 6 7 8