Physical Control - work in the built environment to control access to sites. Examples include fences, doors, and locks., Procedural controls - are applied and enforced by people. Examples include incident response processes, management oversight, and security awareness training programs., Logical controls - are applied and enforced by digital or cyber systems and software. Examples include user authentication, antivirus software, and firewalls., Authentication - means that everything using the system is identified by an account and that an account can only be operated by someone who can supply the correct credentials., Authorization - means access to resources is allowed only to accounts with defined permissions. Each resource has an access control list specifying what users can do. Resources often have different access levels; for example, being able to read a file or being able to read and edit it., Accounting - means logging when and by whom a resource was accessed., Implicit deny - means that unless there is a rule specifying that access should be granted, any request for access is denied., Least Privilege - This means that a user should be granted the minimum possible rights necessary to perform the job., User account - the principal means of controlling access to computer and network resources and assigning rights or privileges., Local Account - User account that can be authenticated again and allocated permissions for the computer that hosts the account only; s stored in a database known as the Security Account Manager (SAM), which is part of the HKEY_LOCAL_MACHINE registry., Local Users and Groups - To create, disable, and delete accounts, change account properties, reset user passwords, create custom groups, and modify group membership., Authentication Principals - Knowledge (something you know, such as a password); Possession (something you have, such as a smart card or smartphone); Inherence (something you are, such as a fingerprint) , Net user Commands - You can also manage accounts at the command line; You need to execute these commands in an administrative command prompt. , UAC - Windows feature designed to mitigate abuse of administrative accounts by requiring explicit consent to use privileges; Uses the least privilege security control. , MFA - means that the user must submit at least two different types of credentials; Uses soft tokes or an authenticator app/ software. , Hard Token Authentication - USB storage key or smart card with a cryptographic module that can hold authenticating encryption keys securely., Microsoft account - managed via an online portal (account.microsoft.com) and identified by an email address., Kerberos - SSO- system that uses a time based configuration. The Windows network sign-in process uses this in conjunction with the LSA. , Remote Sign-in - If the user's device is not connected to the local network, authentication can take place over some type of virtual private network (VPN) or web portal., Windows Hello - subsystem that allows the user to configure an alternative means of authenticating; Used in conjunction with PINs, Fingerprint, Facial Recognition, and Security keys; Uses TPM to secure two-factor authentication. , Windows Local Sign-on - The LSA compares the submitted credential to the one stored in the Security Accounts Manager (SAM) database, which is part of the registry., Active Directory (AD) - service for Microsoft Windows domain networks that facilitates authentication and authorization of user and computer accounts., Domain - Group of hosts that is within the same namespace and administered by the same authority., Member Server - Any application server computer that has joined a domain but does not maintain a copy of the Active Directory database; Provides file, print, and application server services. , Security Groups - Access control feature that allows permissions to be allocated to multiple users more efficiently; , Organizational Unit (OU) - Structural feature of a network directory that can be used to group objects that should share a common configuration or organizing principle, such as accounts within the same business department., Domain group Policy - Configures computer settings and user profile settings. Some settings are exposed through standard objects and folders, such as Security Settings., Group Policy Objects (GPOs) - On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on., gpupdate - Command-line tools to apply and analyze group policies. Group policies are a means of configuring registry settings., Login Scripts - Code that performs a series of tasks automatically when a user account is authenticated.,
0%
Security Controls 1102
Kopīgot
autors:
U35646206
Rediģēt saturu
Iegult
Vairāk
Līderu saraksts
Rādīt vairāk
Rādīt mazāk
Šī līderu grupa pašlaik ir privāta. Noklikšķiniet uz
Kopīgot
, lai to publiskotu.
Mācību līdzekļa īpašnieks ir atspējojis šo līderu grupu.
Šī līderu grupa ir atspējota, jo jūsu izmantotās iespējas atšķiras no mācību līdzekļa īpašnieka iespējām.
Atjaunot sākotnējās iespējas
Saderību meklēšana
ir atvērta veidne. Tā neģenerē rezultātus līderu grupai.
Nepieciešams pieteikties
Vizuālais stils
Fonts
Nepieciešams abonements
Iespējas
Pārslēgt veidni
Rādīt visus
Atskaņojot aktivitāti, tiks parādīti vairāki formāti.
Atvērtie rezultāti
Kopēt saiti
QR kods
Dzēst
Atjaunot automātiski saglabāto:
?