Page 1005 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1005

simple as a username for a user. Subjects prove their identity by
               providing authentication credentials such as the matching password

               for a username.

               Understand the difference between authorization and
               accountability. After authenticating subjects, systems authorize
               access to objects based on their proven identity. Auditing logs and
               audit trails record events including the identity of the subject that
               performed an action. The combination of effective identification,

               authentication, and auditing provides accountability.
               Understand the details of the primary authentication

               factors. The three primary factors of authentication are something
               you know (such as a password or PIN), something you have (such as a
               smartcard or token), and something you are (based on biometrics).
               Multifactor authentication includes two or more authentication
               factors, and using it is more secure than using a single authentication

               factor. Passwords are the weakest form of authentication, but
               password policies help increase their security by enforcing complexity
               and history requirements. Smartcards include microprocessors and
               cryptographic certificates, and tokens create onetime passwords.
               Biometric methods identify users based on characteristics such as
               fingerprints. The crossover error rate identifies the accuracy of a
               biometric method. It shows where the false rejection rate is equal to

               the false acceptance rate.

               Understand single sign-on. Single sign-on (SSO) is a mechanism
               that allows subjects to authenticate once and access multiple objects
               without authenticating again. Kerberos is the most common SSO
               method used within organizations, and it uses symmetric
               cryptography and tickets to prove identification and provide
               authentication. When multiple organizations want to use a common

               SSO system, they often use a federated identity management system,
               where the federation, or group of organizations, agrees on a common
               method of authentication. Security Assertion Markup Language
               (SAML) is commonly used to share federated identity information.
               Other SSO methods are scripted access, SESAME, and KryptoKnight.
               OAuth and OpenID are two newer SSO technologies used on the

               internet. OAuth 2.0 is recommended over OAuth 1.0 by many large
   1000   1001   1002   1003   1004   1005   1006   1007   1008   1009   1010