Security Question

Topics: Access control, Authentication, Computer security Pages: 2 (504 words) Published: June 23, 2013
Question 1
the four means of authenticating user identity are based on: • SOMETHING THE INDIVIDUAL KNOWS - password, PIN, answers to prearranged questions • SOMETHING THE INDIVIDUAL POSSESS (TOKEN)- smartcard, electronic keycard, physical key • SOMETHING THE INDIVIDUAL IS (STATIC BIOMETRIC) – fingerprint, retina, face • SOMETHING THE INDIVIDUAL DOES (DYNAMIC BIOMETRIC) - voice pattern, handwriting, typing rhythm One technique is to restrict access to the password file using standard access control measures. Another technique is to force users to select passwords that are difficult to guess.

Question 2
* One-way function: The system stores only the value of a function based on the  user's password.When the user presents a password, the system transforms  that password and compares it with the stored value. In practice, the system  usually performs a one-way transformation (not reversible) in which the  password is used to generate a key for the one-way function and in which a  fixed-length output is produced. 

* Access control: Access to the password file is limited to one or a very few  accounts.

2.Role-based access control (RBAC) is an access policy determined by the system, not the owner. RBAC is used in commercial applications and also in military systems, where multi-level security requirements may also exist. RBAC differs from DAC in that DAC allows users to control access to their resources, while in RBAC, access is controlled at the system level, outside of the user's control. Although RBAC is non-discretionary, it can be distinguished from MAC primarily in the way permissions are handled. MAC controls read and write permissions based on a user's clearance level and additional labels. RBAC controls collections of permissions that may include complex operations such as an e-commerce transaction, or may be as simple as read or write. A role in RBAC can be viewed as a set of permissions. Three primary rules are defined for RBAC:

Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • The Questions Essay
  • Biometrics and Network Security Essay
  • MIS question Essay
  • Pause And Reflection: Questions And Questions Essay
  • Question and Teacher Essay
  • “Interview Questions” Essay
  • Top Ten questions of Life adjustment Essay

Become a StudyMode Member

Sign Up - It's Free