2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	547/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 543 544 545 546 547 548 549 550 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Authentication Factors The three basic methods of authentication are also known as types or factors. They are as follows: Type 1

587
Accountability
Auditing, logging, and monitoring provide accountability by ensuring that subjects can be
held accountable for their actions. Auditing is the process of tracking and recording subject
activities within logs. Logs typically record who took an action, when and where the action
was taken, and what the action was. One or more logs create an
audit trail
that research-
ers can use to reconstruct events and identify security incidents. When investigators review
the contents of audit trails, they can provide evidence to hold people accountable for their
actions.
There’s a subtle but important point to stress about accountability. Accountability relies
on effective identifi cation and authentication, but it does not require effective authoriza-
tion. In other words, after identifying and authenticating users, accountability mechanisms
such as audit logs can track their activity, even when they try to access resources that they
aren’t authorized to access.
Authentication Factors
The three basic methods of authentication are also known as types or factors. They are as
follows:
Type 1
A
Type 1 authentication factor
is something you know. Examples include a pass-
word, personal identifi cation number (PIN), or passphrase.
Type 2
A
Type 2 authentication factor
is something you have. Physical devices that a user
possesses can help them provide authentication. Examples include a smartcard, hardware
token,
memory card
, or Universal Serial Bus (USB) drive.
The main difference between a smartcard and a memory card is that a
smartcard can process data, whereas a memory card only stores informa-
tion. For example, a smartcard includes a microprocessor in addition to a
certificate that can be used for authentication, to encrypt data, to digitally
sign email, and more. A memory card only holds authentication informa-
tion for a user.
Type 3
A
Type 3 authentication factor
is something you are or something you do. It is a
physical characteristic of a person identifi ed with different types of biometrics. Examples in
the something-you-are category include fi ngerprints, voice prints, retina patterns, iris pat-
terns, face shapes, palm topology, and hand geometry. Examples in the something-you-do
category include signature and keystroke dynamics, also known as behavioral biometrics.
These types are progressively stronger when implemented correctly, with Type 1 being
the weakest and Type 3 being the strongest. In other words, passwords (Type 1) are the
weakest, and a fi ngerprint (Type 3) is stronger than a password. However, attackers can
still bypass some Type 3 authentication factors. For example, an attacker may be able to
create a duplicate fi ngerprint on a gummi bear candy and fool a fi ngerprint reader.

588
Chapter 13
■
Managing Identity and Authentication
In addition to the three primary authentication factors, there are some others.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 543 544 545 546 547 548 549 550 ... 881