Page 23 - StudyBook.pdf
P. 23

General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1  7

                 tion of credentials (such as a username and password, Smart Card, or personal iden-
                 tification number [PIN]) to a NOS (logging on to a machine or network), remote
                 access authentication, and a discussion of certificate services and digital certificates.
                 The authentication process uses the information presented to the NOS (such as
                 username and password) to allow the NOS to verify the identity based on those
                 credentials.

                 Auditing

                 Auditing is the process of tracking and reviewing events, errors, access, and authenti-
                 cation attempts on a system. Much like an accountant’s procedure for keeping track
                 of the flow of funds, you need to be able to follow a trail of access attempts, access
                 grants or denials, machine problems or errors, and other events that are important
                 to the systems being monitored and controlled. In the case of security auditing, you
                 will learn about the policies and procedures that allow administrators to track
                 access (authorized or unauthorized) to the network, local machine, or resources.
                 Auditing is not enabled by default in many NOSes, and administrators must often
                 specify the events or objects to be tracked.This becomes one of the basic lines of
                 defense in the security and monitoring of network systems.Tracking is used along
                 with regular reading and analysis of the log files generated by the auditing process
                 to better understand if the access controls are working.


                 Access Control

                 As we further develop the concepts of AAA, we need to explore the subcompo-
                 nents of the three parts. In the case of access control, we must further explore
                 methods and groupings that apply to the area.We will look at new terminology
                 and then explore, through examples, what the subcomponents control and how
                 they are used to secure networks and equipment.



                 EXAM WARNING
                      One of the most important things to learn for the Security+ exam is the
                      terminology used in the IT security industry. Throughout this chapter and
                      others, you will be presented with a large number of terms and acronyms
                      that may or may not be familiar to you. These are all industry-recognized
                      terms and form the unique language used by IT security professionals.
                      Knowing and understanding the terms and acronyms used in this book
                      will help you to understand the questions presented on the exam.




                                                                              www.syngress.com
   18   19   20   21   22   23   24   25   26   27   28