13.5.2 Module 3 - Access Control Quiz and Flashcards

Study Notes

Understanding Access Control: Four-Part System, Categories, Policies, and Authentication

Access control is used to restrict and allow access to resources like computers, homes, and smartphones.
The four parts of access control are identification, authentication, authorization, and accountability.
Identification asks "who" is requesting access, authentication verifies the requester's identity, authorization determines what the requester can access, and accountability tracks actions to individuals.
Access control has two phases: policy definition and policy enforcement.
Physical access controls restrict access to physical resources like buildings and parking lots, while logical access controls restrict access to computer systems and networks.
Access control policies are a set of rules that allow a specific group of users to perform a particular set of actions on a particular set of resources.
The four central components of access control policies are users, resources, actions, and relationships.
There are five types of authentication: knowledge, ownership, characteristics, location, and action.
Brute-force and dictionary attacks are common methods used by attackers to crack passwords.
A brute-force attack involves trying every possible combination of characters, while a dictionary attack hashes words in a dictionary and compares them to the system password file.
Examples of logical access controls for a human resources system include deciding which users can access sensitive information, monitoring user actions, and restraining or influencing user behavior.
Access control is important for protecting resources from unauthorized use and ensuring that actions can be traced back to individuals.