The policy definition and enforcementĀ process an organization uses for authorizations granted
. The operating system limits operations on an object - every single object is assigned a label; then rights to those objects are determined by clearance level of the user (role based)
. Based on the individual - this is what we normally encounter and control ourselves as the owner of a file, etc.
. Role based, and rights are gained implicitly in a hierarchial way (feeds up); Windows Groups is an example of this being used
. Complex relationship between applications being used and the data itself; combines and evaluates many parameters
. Rule applies to the object and rules followed, not based on user; ex: network only available from 2AM-5PM; Chrome can only be used for 2 hours per day, etc.
. Passive device, doesn't send out signals but can be read by a reader to gain access
. More intelligent card (includes credit cards) that can actually be read for information; may contain digital certificate, and usually used in conjunction with a PIN (2 factors)
. Way to measure how well the biometrics are working; how many times an unauthorized user gained access
. Way to measure how well the biometrics are working; how many times an authorized user was rejected
. Rate at which the FAR and the FRR are equal; we want them to be equal to one another
. Carry around a fob with you or have a software generator on your phone and use it in conjuction with a username or password
. One time passwords - either hash based or time based
. Used as an ID card in government, certificate based ID card; uses 802.1x to authenticate
.
|