CISSP考试指南笔记:5.6 访问控制手段和技术

最新推荐文章于 2021-03-30 00:15:18 发布
最新推荐文章于 2021-03-30 00:15:18 发布
阅读量205 收藏
点赞数
分类专栏: CISSP备考资料
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/xuzhina/article/details/113806965
版权

Constrained User Interfaces

Constrained user interfaces restrict users’ access abilities by not allowing them to request certain functions or information, or to have access to specific system resources. Three major types of constrained user interfaces exist: menus and shells, database views, and physically constrained interfaces.

Remote Access Control Technologies

RADIUS

Remote Authentication Dial-In User Service (RADIUS) is a network protocol that provides client/server authentication and authorization, and audits remote users.

TACACS

Terminal Access Controller Access Control System (TACACS) has been through three generations: TACACS, Extended TACACS (XTACACS), and TACACS+. TACACS combines its authentication and authorization processes; XTACACS separates authentication, authorization, and auditing processes; and TACACS+ is XTACACS with extended two-factor user authentication.

TACACS uses fixed passwords for authentication, while TACACS+ allows users to employ dynamic (onetime) passwords, which provides more protection.

RADIUS encrypts the user’s password only as it is being transmitted from the RADIUS client to the RADIUS server. Other information, as in the username, accounting, and authorized services, is passed in cleartext.TACACS+ encrypts all of this data between the client and server and thus does not have the vulnerabilities inherent in the RADIUS protocol.

The RADIUS protocol combines the authentication and authorization functionality.

TACACS+ uses a true authentication, authorization, and accounting/audit (AAA) architecture, which separates the authentication, authorization, and accounting functionalities.

Diameter

Diameter is another AAA protocol that provides the same type of functionality as RADIUS and TACACS+ but also provides more flexibility and capabilities to meet the new demands of today’s complex and diverse networks.

Diameter protocol consists of two portions. The first is the base protocol, which provides the secure communication among Diameter entities, feature discovery, and version negotiation. The second is the extensions, which are built on top of the base protocol to allow various technologies to use Diameter for authentication.

Diameter uses TCP and AVPs, and provides proxy server support.

Diameter has the functionality and ability to provide the AAA functionality for other protocols and services because it has a large AVP set.

Diameter provides the AAA functionality, as listed next.

Authentication:

  • PAP, CHAP, EAP

  • End-to-end protection of authentication information

  • Replay attack protection

Authorization:

  • Redirects, secure proxies, relays, and brokers

  • State reconciliation

  • Unsolicited disconnect

  • Reauthorization on demand

Accounting:

  • Reporting, roaming operations (ROAMOPS) accounting, event monitoring

 

剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:5.6 访问控制手段和技术

debugeeker
关注
专栏目录
CISSP学习指南:用于2018 CISSP考试的学习材料
02-05
CISSP学习指南:用于2018 CISSP考试的学习材料
CISSP学习详细笔记、错题,考点标黑标红
03-19
- **控制手段**:在数据的存储、处理和传输过程中实施控制措施,如加密技术、隐写术等。 **完整性(Integrity)**: - **目的**:确保数据的准确性,阻止或最小化未授权修改(包括恶意攻击和无意识的人为错误),同时...
hibernate constrained属性
huang9012的专栏
07-20 912
Hibernate文档上是这么写的: constrained(约束) (可选) 表明该类对应的表对应的数据库表,和被关联的对象所对应的数据库表之间,通过一个外键引用对主键进行约束。这个选项影响save() 和delete() 在级联执行时的先后顺序(也在schema export tool中被使用)。   constrained默认值为false const
CISSP考试指南笔记:5.9 访问控制实践
debugeeker的专栏
02-23 462
The following is a list of tasks that must be done on a regular basis to ensure security stays at a satisfactory level: Deny access to systems to undefined users or anonymous accounts. Limit and monitor the usage of administrator and other powerful
CISSP考试指南笔记:5.1 访问控制概述
debugeeker的专栏
02-09 143
Access controlsare security features that control how users and systems communicate and interact with other systems and resources. They protect the systems and resources from unauthorized access and can be components that participate in determining the le.
CISSP考试指南笔记:5.5 访问控制机制
debugeeker的专栏
02-14 245
Anaccess control mechanismdictates how subjects access objects. It uses access control technologies and security mechanisms to enforce the rules and objectives of anaccess control model. There are five main types of access control models: discretionary,...
CISSP考试指南笔记:5.10 访问控制监控
debugeeker的专栏
02-23 362
Intrusion Detection Systems Intrusion detection systems (IDSs)are different from traditional firewall products because they are designed to detect a security breach. Intrusion detection is the process of detecting an unauthorized use of, or attack upon,..
CISSP考试指南笔记:1.19 道德
debugeeker的专栏
12-18 218
(ISC)2 requires all certified system security professionals to commit to fully supporting its Code of Ethics. Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsi
CISSP考试指南笔记:5.11 针对访问控制的攻击
debugeeker的专栏
02-23 464
Dictionary Attack Crack program hashes the dictionary words and compares the resulting message digest with the system password file that also stores its passwords in a one-way hashed format. If the hashed values match, it means a password has just been un
CISSP考试指南笔记:8.5 变更控制
debugeeker的专栏
03-30 304
Change managementis a systematic approach to deliberately regulating the changing nature of projects, including software development projects. Change Control Change controlis the process of controlling the specific changes that take place during the li..
CISSP考试指南笔记:6.2 审计技术控制
debugeeker的专栏
03-06 233
Atechnical controlis a security control implemented through the use of an IT asset. Vulnerability Testing Vulnerability testing requires staff and/or consultants with a deep security background and the highest level of trustworthiness. The goals of th..
CISSP考试精华笔记:安全治理与核心原则
在机密性保护方面,笔记列举了几种关键措施,包括加密以确保数据在传输和存储时的安全,流量填充用于混淆通信模式,访问控制限制谁可以访问哪些资源,身份认证确保只有合法用户能访问系统,数据分类帮助确定信息的...
毕业设计论文SpringBoot+Vue毕业生信息招聘平台.docx
10-16
毕业设计论文
PHP-006教务选课学生选课成绩管理系统毕业课程源码设计+论文资料
10-16
编号:306 作为php高校院务学生选课成绩管理系统,在系统中有学生信息和教师信息以及课程信息需要管理员分类管理。 (1)学生管理:管理员登录系统后可以添加学生,查询学生,修改学生,删除学生信息。 (2)教师管理:管理员登录系统后可以添加教师,查询教师,修改教师,删除教师信息。 (3)课程管理:管理员登录系统后可以登记新的课程信息,查询修改课程信息,删除课程信息. (4)授课信息管理:管理员登录系统后可以分配课程由哪个老师教授。 (5)班级信息管理:管理员可以在系统其他功能运行前先把班级信息设置好。 (6)选课管理:学生登录系统后可以对课程进行选择。 (7)成绩管理:教师登录系统后,可以查询自己教授的课程并对学生的成绩打分。 (8)系统管理: 修改登录密码,关于系统说明
在线教育视频&JAVA&基于SpringBoot的在线视频教育平台的设计与实现(毕业论文+开题)
10-16
本系统采用的数据库是Mysql,使用SpringBoot框架开发, 使用在线视频教育平台分为管理员和用户、教师三个角色的权限模块。 管理员所能使用的功能主要有:首页、个人中心、用户管理、教师管理、课程信息管理、课程类型管理、我的收藏管理、系统管理、订单管理等。 用户可以实现首页、个人中心、课程信息管理、我的收藏管理、订单管理等。 教师可以实现首页、个人中心、课程信息管理、我的收藏管理等。
个性化影片推荐系统.zip
最新发布
10-16
随着科学技术的飞速发展,社会的方方面面、各行各业都在努力与现代的先进技术接轨,通过科技手段来提高自身的优势,个性化影片推荐系统当然也不能排除在外。 个性化影片推荐系统,在个性化影片推荐系统可以查看首页、热门电影、新闻资讯、我的、跳转到后台、客服等内容
Uniapp发现的Bug,用于重现project_Uniapp Bug.zip
10-16
Uniapp发现的Bug,用于重现project_Uniapp Bug
FRIIS公式计算距离Matlab实现.rar
10-16
1.版本:matlab2014/2019a/2024a 2.附赠案例数据可直接运行matlab程序。 3.代码特点:参数化编程、参数可方便更改、代码编程思路清晰、注释明细。 4.适用对象:计算机,电子信息工程、数学等专业的大学生课程设计、期末大作业和毕业设计。
毕业设计论文Django+Vue学习系统.docx
10-16
毕业设计论文
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值