9781111640125_IM_ch09

Security+ Guide to Network Security Fundamentals

This preview shows page 7 - 10 out of 10 pages.

6. Discuss the weakness of LDAP.
Image of page 7

Subscribe to view the full document.

Security+ Guide to Network Security Fundamentals, Fourth Edition 9-8 Quick Quiz 2 1. True or False: A RADIUS client is the device requesting authentication, such as a desktop system or wireless notebook computer. Answer: False 2. ____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users. Answer: Kerberos 3. A(n) ____ is a database stored on the network itself that contains information about users and network devices. Answer: directory service 4. True or False: LDAP makes it possible for almost any application running on virtually any computer platform to obtain directory information. Answer: True Class Discussion Topics 1. Discuss with students the difficulty in using true role-based access control for every system throughout an organization. 2. Briefly describe the following four access control models: a. Mandatory Access Control (MAC) b. Discretionary Access Control (DAC) c. Role Based Access Control (RBAC) d. Rule Based Access Control (RBAC) Additional Projects 1. Have students research the Bell-Lapadula access control model or another lattice-based model and have them compare the model to the models presented in the chapter. 2. Have students examine a common business function and then explain whether there is appropriate separation of duties in the business function and whether introducing such a control would actually enhance security of the business function. Additional Resources 1. Least Privilege
Image of page 8
Security+ Guide to Network Security Fundamentals, Fourth Edition 9-9 2. Kerberos 3. Separation of Privilege 4. Role Based Access Control (RBAC) and Role Based Security 5. Authentication, Authorization, and Access Control Key Terms access control The mechanism used in an information system to allow or restrict access to data or devices. access control list (ACL) A set of permissions that are attached to an object. access control model A standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications. account expiration The process of setting a user’s account to expire. Discretionary Access Control (DAC) The least restrictive access control model in which the owner of the object has total control over it. Extended TACACS The second version of the Terminal Access Control Access Control System (TACACS) authentication service. implicit deny Rejecting access unless a condition is explicitly met.
Image of page 9

Subscribe to view the full document.

Image of page 10
You've reached the end of this preview.
  • '
  • NoProfessor

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern