Chapter 3: Access Control

12345678910111213141516171819202122
Across
  1. 2. The absence or weakness of a safeguard that could be exploited.
  2. 5. A subject provides some type of data to an authentication service. First step in the authentication process.
  3. 6. An access policy that restricts subjects’ access to objects based on the security clearance of the subject and the classification of the object. The system enforces the security policy, and users cannot share their files with other users.
  4. 8. A security principle that makes sure that information and systems are not modified maliciously or accidentally.
  5. 9. Administrative, physical, or technical control that is designed to detect and prevent unauthorized access to a resource or environment.
  6. 11. A list of subjects that are authorized to access a particular object. Typically, the types of access are read, write, execute, append, modify, delete, and create.
  7. 12. A security principle that works to ensure that information is not disclosed to unauthorized subjects.
  8. 15. Software employed to monitor and detect possible attacks and behaviors that vary from the normal and expected activity. The IDS can be network based, which monitors network traffic, or host based, which monitors activities of a specific system and protects system files and control mechanisms.
  9. 17. When used within computer security, identifies individuals by physiological characteristics, such as a fingerprint, hand geometry, or pattern in the iris.
  10. 18. A passive entity that contains or receives information. Examples include records, pages, memory segments, files, directories, directory trees, and programs.
  11. 19. A form of attack in which an attacker uses a large set of likely combinations to guess a secret, usually a password.
  12. 20. The reliability and accessibility of data and resources to authorized individuals in a timely manner.
  13. 21. A chronological set of logs and records used to provide evidence of a system’s performance or activity that took place on the system. These logs and records can be used to attempt to reconstruct past events and track the activities that took place, and possibly detect and identify intruders.
  14. 22. A security principle indicating that individuals must be identifiable and must be held responsible for their actions.
Down
  1. 1. Granting access to an object after the subject has been properly identified and authenticated.
  2. 3. A computer set up as a sacrificial lamb on the network in the hope that attackers will attack this system instead of actual production systems.
  3. 4. An access control model and policy that restricts access to objects based on the identity of the subjects and the groups to which those subjects belong. The data owner has the discretion of allowing or denying others access to the resources it owns.
  4. 7. To verify the identity of a subject requesting the use of a system and/or access to network resources. The steps to giving a subject access to an object should be identification, _____, and authorization.
  5. 10. The three security principles: availability, integrity, and confidentiality.
  6. 13. An attack that continually tries different inputs to achieve a predefined goal, which can be used to obtain credentials for unauthorized access.
  7. 14. Type of model that provides access to resources based on the role the user holds within the company or the tasks that the user has been assigned.
  8. 16. An active entity, generally in the form of a person, process, or device, that causes information to flow among objects or that changes the system state.