Physical Control - work in the built environment to control access to sites. Examples include fences, doors, and locks., Procedural controls - are applied and enforced by people. Examples include incident response processes, management oversight, and security awareness training programs., Logical controls - are applied and enforced by digital or cyber systems and software. Examples include user authentication, antivirus software, and firewalls., Authentication - means that everything using the system is identified by an account and that an account can only be operated by someone who can supply the correct credentials., Authorization - means access to resources is allowed only to accounts with defined permissions. Each resource has an access control list specifying what users can do. Resources often have different access levels; for example, being able to read a file or being able to read and edit it., Accounting - means logging when and by whom a resource was accessed., Implicit deny - means that unless there is a rule specifying that access should be granted, any request for access is denied., Least Privilege - This means that a user should be granted the minimum possible rights necessary to perform the job., User account - the principal means of controlling access to computer and network resources and assigning rights or privileges., Local Account - User account that can be authenticated again and allocated permissions for the computer that hosts the account only; s stored in a database known as the Security Account Manager (SAM), which is part of the HKEY_LOCAL_MACHINE registry., Local Users and Groups - To create, disable, and delete accounts, change account properties, reset user passwords, create custom groups, and modify group membership., Authentication Principals - Knowledge (something you know, such as a password); Possession (something you have, such as a smart card or smartphone); Inherence (something you are, such as a fingerprint) , Net user Commands - You can also manage accounts at the command line; You need to execute these commands in an administrative command prompt. , UAC - Windows feature designed to mitigate abuse of administrative accounts by requiring explicit consent to use privileges; Uses the least privilege security control. , MFA - means that the user must submit at least two different types of credentials; Uses soft tokes or an authenticator app/ software. , Hard Token Authentication - USB storage key or smart card with a cryptographic module that can hold authenticating encryption keys securely., Microsoft account - managed via an online portal (account.microsoft.com) and identified by an email address., Kerberos - SSO- system that uses a time based configuration. The Windows network sign-in process uses this in conjunction with the LSA. , Remote Sign-in - If the user's device is not connected to the local network, authentication can take place over some type of virtual private network (VPN) or web portal., Windows Hello - subsystem that allows the user to configure an alternative means of authenticating; Used in conjunction with PINs, Fingerprint, Facial Recognition, and Security keys; Uses TPM to secure two-factor authentication. , Windows Local Sign-on - The LSA compares the submitted credential to the one stored in the Security Accounts Manager (SAM) database, which is part of the registry., Active Directory (AD) - service for Microsoft Windows domain networks that facilitates authentication and authorization of user and computer accounts., Domain - Group of hosts that is within the same namespace and administered by the same authority., Member Server - Any application server computer that has joined a domain but does not maintain a copy of the Active Directory database; Provides file, print, and application server services. , Security Groups - Access control feature that allows permissions to be allocated to multiple users more efficiently; , Organizational Unit (OU) - Structural feature of a network directory that can be used to group objects that should share a common configuration or organizing principle, such as accounts within the same business department., Domain group Policy - Configures computer settings and user profile settings. Some settings are exposed through standard objects and folders, such as Security Settings., Group Policy Objects (GPOs) - On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on., gpupdate - Command-line tools to apply and analyze group policies. Group policies are a means of configuring registry settings., Login Scripts - Code that performs a series of tasks automatically when a user account is authenticated.,
0%
Security Controls 1102
Bendrinti
prie
U35646206
Redaguoti turinį
Įterpti
Daugiau
Lyderių lentelė
Rodyti daugiau
Rodyti mažiau
Ši lyderių lentelė šiuo metu yra privati. Spustelėkite
Bendrinti
, kad ji būtų vieša.
Ši lyderių lentelė buvo išjungta išteklių savininko.
Ši lyderių lentelė yra išjungta, nes jūsų parinktys skiriasi nuo nustatytų išteklių savininko.
Grąžinti parinktis
Rask tinkamą
yra neterminuotas šablonas. Jis negeneruoja rezultatų lyedrių lentelei.
Reikia prisijungti
Vizualinis stilius
Šriftai
Būtina prenumerata
Parinktys
Pakeisti šabloną
Rodyti viską
Pradėjus veiklą bus rodoma daugiau formatų.
Atviri rezultatai
Kopijuoti nuorodą
QR kodas
Naikinti
Atkurti automatiškai įrašytą:
?