IT Security/Access Control/Authentication and Authorization

From Wikiversity
Jump to navigation Jump to search

This lesson covers authentication and authorization.

Objectives and Skills[edit]

Objectives and skills for the authentication and authorization of Security+ certification include:[1]

Given a scenario, select the appropriate authentication, authorization or access control.
  • Identification vs. authentication vs. authorization
  • Authorization
    • Least privilege
    • Separation of duties
    • ACLs
    • Mandatory access
    • Discretionary access
    • Rule-based access control
    • Role-based access control
    • Time of day restrictions
  • Authentication
    • Tokens
    • Common access card
    • Smart card
    • Multifactor authentication
    • TOTP
    • HOTP
    • CHAP
    • PAP
    • Single sign-on
    • Access control
    • Implicit deny
    • Trusted OS
  • Authentication factors
    • Something you are
    • Something you have
    • Something you know
    • Somewhere you are
    • Something you do
  • Identification
    • Biometrics
    • Personal identification verification card
    • Username
  • Federation
  • Transitive trust/authentication

Readings[edit]

Multimedia[edit]

  1. YouTube: Identification, Authentication, and Authorization - CompTIA Security+ SY0-401: 5.2
  2. YouTube: Authorization and Access Control - CompTIA Security+ SY0-401: 5.2
  3. YouTube: Single-factor Authentication - CompTIA Security+ SY0-401: 5.2
  4. YouTube: Multi-factor Authentication - CompTIA Security+ SY0-401: 5.2
  5. YouTube: One-time Password Algorithms - CompTIA Security+ SY0-401: 5.2
  6. YouTube: CHAP and PAP - CompTIA Security+ SY0-401: 5.2
  7. YouTube: Single Sign-on - CompTIA Security+ SY0-401: 5.2
  8. YouTube: Federation and Transitive Trust - CompTIA Security+ SY0-401: 5.2

Activities[edit]

See Also[edit]

References[edit]