Describe the process of Identification, Authentication, Authorization, and Accountability. What is a race condition?
1. Access controls are security features that are usually considered the first line of defense in asset protection. They are used to dictate how subjects access objects, and their main goal is to protect the objects from unauthorized access. Access control models are frameworks that use access controls to enforce the rules and objectives of the model. In your essay response, compare the different Access Control Models and give an example of one that you have used in a work situation or if that is not possible, one that you’ve read about in a scholarly article.
2. Relying on a password to secure access to a system does not provide enough security in today’s complex world. The Office of Personnel Management learned this the hard way in 2015. Since OPM was hacked and it was learned that the attackers compromised their system administrator accounts that were protected only with passwords, the Federal government has required the use of multifactor authentication for privileged accounts. Describe the three factors that can be used in authentication and give at least two examples for each.
3. There are two main methods of access control administration that an organization can choose between to achieve the level of protection that they need to secure their assets and information: centralized and decentralized. Describe the RADIUS, TACACS, and DIAMETER forms of centralized access control administration. What are the advantages and disadvantages of decentralized administration.
4. What are the challenges that an Identity and Access Management system helps overcome? What benefits does it provide?
5. Describe the process of Identification, Authentication, Authorization, and Accountability. What is a race condition?
6. Discuss the single sign-on technologies Kerberos, security domains, directory services and thin clients. What does federation provide?
7. Describe the functions of hubs/repeaters, bridges, switches, routers, and gateways. At what layers of the OSI model does each device operate? (last week question was skipped)