2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	544/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 540 541 542 543 544 545 546 547 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Physical Controls
Physical access controls
are items you can physically touch. They
include physical mechanisms deployed to prevent, monitor, or detect direct contact with
systems or areas within a facility. Examples of physical access controls include guards,
fences, motion detectors, locked doors, sealed windows, lights, cable protection, laptop
locks, badges, swipe cards, guard dogs, video cameras, mantraps, and alarms.
When preparing for the CISSP exam, you should be able to identify the
type of any control. For example, you should recognize that a firewall is
a preventive control because it can prevent attacks by blocking traffic,
whereas an intrusion detection system (IDS) is a detective control because
it can detect attacks in progress or after they’ve occurred. You should also
be able to identify both as logical/technical controls.
Comparing Identification and
Authentication
Identifi cation
is the process of a subject claiming, or professing, an identity. A subject must
provide an identity to a system to start the authentication, authorization, and accountabil-
ity processes. Providing an identity might entail typing a username; swiping a smartcard;
waving a token device; speaking a phrase; or positioning your face, hand, or fi nger in front
of a camera or in proximity to a scanning device. A core principle with authentication is
that all subjects must have unique identities.
Authentication
verifi es the identity of the subject by comparing one or more factors
against a database of valid identities, such as user accounts. Authentication information
used to verify identity is private information and needs to be protected. As an example,
passwords are rarely stored in clear text within a database. Instead, authentication systems
store hashes of passwords within the authentication database. The ability of the subject
and system to maintain the secrecy of the authentication information for identities directly
refl ects the level of security of that system.

Comparing Identification and Authentication
585
Identifi cation and authentication always occur together as a single two-step process.
Providing an identity is the fi rst step, and providing the authentication information is the
second step. Without both, a subject cannot gain access to a system.
Alternately, imagine a user claims an identity (such as with a username of
john.doe@sybex.com
) but doesn’t prove the identity (with a password). This username is
for the employee named John Doe. However, if a system accepts the username without the
password, it has no proof that the user is John Doe. Anyone who knows John’s username
can impersonate him.
Each authentication technique or factor has unique benefi ts and drawbacks. Thus, it is
important to evaluate each mechanism in the context of the environment where it will be
deployed. For example, a facility that processes Top Secret materials requires very strong
authentication mechanisms. In contrast, authentication requirements for students within a
classroom environment are signifi cantly less.
You can simplify identification and authentication by thinking about a
username and a password. Users identify themselves with usernames and
authenticate (or prove their identity) with passwords. Of course, there are
many more identification and authentication methods, but this simplifica-
tion helps keep the terms clear.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 540 541 542 543 544 545 546 547 ... 881