IT Security/Access Control/Authentication and Authorization
This lesson covers authentication and authorization.
Objectives and Skills
[edit | edit source]Objectives and skills for the authentication and authorization of Security+ certification include:[1]
- Given a scenario, select the appropriate authentication, authorization or access control.
- Identification vs. authentication vs. authorization
- Authorization
- Least privilege
- Separation of duties
- ACLs
- Mandatory access
- Discretionary access
- Rule-based access control
- Role-based access control
- Time of day restrictions
- Authentication
- Tokens
- Common access card
- Smart card
- Multifactor authentication
- TOTP
- HOTP
- CHAP
- PAP
- Single sign-on
- Access control
- Implicit deny
- Trusted OS
- Authentication factors
- Something you are
- Something you have
- Something you know
- Somewhere you are
- Something you do
- Identification
- Biometrics
- Personal identification verification card
- Username
- Federation
- Transitive trust/authentication
Readings
[edit | edit source]Multimedia
[edit | edit source]- YouTube: Identification, Authentication, and Authorization - CompTIA Security+ SY0-401: 5.2
- YouTube: Authorization and Access Control - CompTIA Security+ SY0-401: 5.2
- YouTube: Single-factor Authentication - CompTIA Security+ SY0-401: 5.2
- YouTube: Multi-factor Authentication - CompTIA Security+ SY0-401: 5.2
- YouTube: One-time Password Algorithms - CompTIA Security+ SY0-401: 5.2
- YouTube: CHAP and PAP - CompTIA Security+ SY0-401: 5.2
- YouTube: Single Sign-on - CompTIA Security+ SY0-401: 5.2
- YouTube: Federation and Transitive Trust - CompTIA Security+ SY0-401: 5.2