Authentication server
Supplicant
Authenticator
User
Controlling access to network resources (authentication)
Enforcing security policies (authorization)
Determining user need (analyzing)
Auditing usage (accounting)
RDAP
DAP
RADIUS
AAA
IEEE 802.1x
RADIUS
Kerberos
LDAP
DAP
LDAP
IEEE X.501
Lite RDAP
Authentication
Identification
Authorization
Access
Object
Subject
Resource
Operation check
Supervisor
Owner
Custodian
Manager
Discretionary Access Control
Security Access Control
Mandatory Access Control
Restricted Access Control
Is considered obsolete today
Dynamically assigns roles to subjects based on rules
Is considered a real-world approach by linking a user’s job function with security
Requires that a custodian set all rules
Processes should be divided between two or more individuals
End users cannot set security for themselves
Managers must monitor owners for security purposes
Jobs be rotated among different individuals
Denial of duties
Implicit deny
Explicit rejection
Prevention control
Access control list (ACL)
Subject Access Entity (SAE)
Object modifier
Security entry designator
Windows Register Settings
Group Policy
Resource Allocation Entities
AD Management Services (ADMS)
SQL/LDAP insert attack
Modified Trojan attack
LDAP injection attack
RBASE plug-in attack
Role Based Access Control (RBAC)
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Rule Based Access Control (RBAC)
Enterprise Security
Least privilege
Deny all
Mandatory Limitations
Owner
Custodian
End user
Administrator
Is restricted and cannot be accessed
Is assigned a label
Can be changed by the owner
Must be given a number from 200–900
Orphaned
Limbo
Static
Dormant
What you have
What you are
What you discover
What you know
A lengthy and complex password can be difficult to memorize.
A security policy requires a password to be changed regularly.
Having multiple passwords makes it hard to remember all of them.
Most sites force users to create weak passwords although they do not want to.
Resetting
Capturing
Social engineering
Online guessing
An attack that combines a dictionary attack with an online guessing attack
A brute force attack that uses special tables
An attack that slightly alters dictionary words
An attack that uses both automated and user input
Use a short password so the computer can process it more quickly
Avoid using phonetic words
Do not use sequences
Do not use personal information