FC0-U61 Objective 6.4: Compare and Contrast Authentication, Authorization, Accounting and Non-Repudiation Concepts

The Four Security Pillars:

• Authentication: Verifying who you are
• Authorization: Determining what you can do
• Accounting: Tracking what you did
• Non-repudiation: Proving what you did

Single Factor Characteristics:

• One verification method: Uses only one type of credential
• Lower security: Less secure than multifactor authentication
• Easier to compromise: Single point of failure
• Common examples: Username and password only
• Cost effective: Lower implementation cost
• User friendly: Easier for users to remember
• Widely supported: Supported by most systems
• Basic protection: Provides basic identity verification

Multifactor Characteristics:

• Multiple verification methods: Uses two or more factors
• Higher security: More secure than single factor
• Defense in depth: Multiple layers of protection
• Reduced risk: Lower risk of compromise
• Compliance requirements: Often required by regulations
• Higher cost: More expensive to implement
• User complexity: More complex for users
• Industry standard: Becoming the security standard

Password Characteristics:

• Secret knowledge: Known only to the user
• Alphanumeric: Can include letters, numbers, symbols
• Length requirements: Minimum length requirements
• Complexity rules: Mix of character types
• Regular changes: Should be changed periodically
• Unique passwords: Different for each account
• Storage security: Must be stored securely
• Transmission security: Must be transmitted securely

PIN Characteristics:

• Numeric only: Typically 4-8 digits
• Short length: Shorter than passwords
• Quick entry: Fast to enter
• Common uses: ATMs, mobile devices, keypads
• Limited complexity: Less complex than passwords
• Physical security: Often used with physical devices
• Attempt limits: Limited number of attempts
• Lockout protection: Account lockout after failed attempts

OTP Characteristics:

• Temporary validity: Valid for limited time
• Single use: Can only be used once
• Time-based: Generated based on time
• Event-based: Generated based on events
• Random generation: Cryptographically random
• Short lifespan: Expires quickly
• Multiple formats: Numeric, alphanumeric, QR codes
• Delivery methods: SMS, email, app, hardware token

Software Token Characteristics:

• Application-based: Software application on device
• OTP generation: Generates one-time passwords
• Time synchronization: Synchronized with server time
• Offline capability: Works without internet connection
• Multiple devices: Can be installed on multiple devices
• Backup codes: Provides backup recovery codes
• User friendly: Easy to use interface
• Cost effective: Lower cost than hardware tokens

Hardware Token Characteristics:

• Physical device: Dedicated hardware device
• Tamper resistant: Difficult to tamper with
• Battery powered: Self-contained power source
• Display screen: Shows generated codes
• Button activation: User activates to generate code
• High security: Very secure authentication method
• Single purpose: Dedicated to authentication
• Higher cost: More expensive than software tokens

Biometric Characteristics:

• Unique characteristics: Based on unique physical traits
• Difficult to forge: Hard to duplicate or fake
• Convenient: No need to remember passwords
• Fast authentication: Quick verification process
• Contactless options: Some methods don't require contact
• Privacy concerns: Raises privacy considerations
• Accuracy requirements: Must be highly accurate
• Fallback options: Need backup authentication methods

Location-Based Authentication:

• Geographic verification: Verifies user's location
• GPS coordinates: Uses GPS for location
• IP address: Uses IP address for location
• Wi-Fi networks: Uses connected Wi-Fi networks
• Cell towers: Uses mobile network towers
• Geofencing: Creates virtual boundaries
• Risk assessment: Used for risk-based authentication
• Privacy implications: Raises privacy concerns

Security Question Characteristics:

• Personal information: Based on personal knowledge
• Memorable answers: Easy for user to remember
• Multiple questions: Usually several questions
• Backup authentication: Used for account recovery
• Social engineering risk: Vulnerable to social engineering
• Public information: Answers may be publicly available
• Consistency required: Answers must be consistent
• Alternative to passwords: Can replace password authentication

SSO Characteristics:

• One login: Single authentication for multiple systems
• Centralized authentication: Central authentication server
• Token-based: Uses tokens for authentication
• Session management: Manages user sessions
• Reduced passwords: Reduces number of passwords
• Improved user experience: Better user experience
• Centralized management: Easier to manage
• Single point of failure: Risk of single point of failure

Permission Types:

• Read: View or access information
• Write: Create or modify information
• Execute: Run programs or scripts
• Delete: Remove information
• Modify: Change existing information
• Create: Generate new information
• Admin: Administrative privileges
• Special: Special or custom permissions

Common User Account Types:

• Administrator: Full system access and control
• Power User: Elevated privileges for specific tasks
• Standard User: Normal user privileges
• Guest User: Limited access for temporary users
• Service Account: Account for system services
• System Account: Built-in system accounts
• Local Account: Account for local machine only
• Domain Account: Account for network domain

Log Types:

• System logs: System events and errors
• Security logs: Security-related events
• Application logs: Application-specific events
• Access logs: User access and authentication
• Audit logs: Comprehensive audit trails
• Error logs: System and application errors
• Performance logs: System performance metrics
• Transaction logs: Database and transaction records

Tracking Capabilities:

• User activity: Tracks user actions and behaviors
• Resource usage: Monitors resource consumption
• Network traffic: Tracks network communications
• File access: Monitors file and data access
• Application usage: Tracks application usage
• Login sessions: Monitors login and logout events
• Permission changes: Tracks permission modifications
• System changes: Monitors system configuration changes

Video Evidence Characteristics:

• Visual proof: Provides visual evidence of events
• Timestamp verification: Includes date and time stamps
• Tamper detection: Can detect video tampering
• Chain of custody: Maintains evidence integrity
• Legal admissibility: Can be used in legal proceedings
• Surveillance systems: Used in security surveillance
• Meeting recordings: Records of meetings and conferences
• Transaction verification: Verifies transaction completion

Biometric Non-Repudiation:

• Unique identification: Unique to each individual
• Difficult to forge: Hard to duplicate or fake
• Permanent record: Creates permanent identification record
• Legal acceptance: Legally accepted as evidence
• Access control: Used for access control systems
• Transaction verification: Verifies transaction participants
• Time stamping: Includes time of biometric capture
• Encrypted storage: Biometric data stored securely

Signature Types:

• Digital signature: Cryptographic signature for digital documents
• Electronic signature: Electronic representation of signature
• Physical signature: Handwritten signature on documents
• Biometric signature: Signature based on biometric data
• Certificate-based: Signature with digital certificate
• Timestamped signature: Signature with timestamp
• Multi-party signature: Signature from multiple parties
• Legal binding: Legally binding signature

Receipt Characteristics:

• Transaction proof: Proof that transaction occurred
• Payment verification: Verifies payment was made
• Date and time: Includes transaction date and time
• Amount details: Shows transaction amount
• Participant information: Identifies transaction participants
• Transaction ID: Unique transaction identifier
• Digital receipts: Electronic receipt records
• Legal validity: Legally valid proof of transaction

Concept Comparison Table:

Sample Exam Questions:

1. What is the primary purpose of authentication?
2. What type of authentication factor is a fingerprint?
3. What is the main principle of the least privilege model?
4. What is the primary purpose of accounting in security?
5. What type of access control allows object owners to control access?
6. What is the main purpose of non-repudiation?
7. What authentication method uses multiple verification factors?
8. What type of access control is enforced by the system?
9. What provides proof that a transaction occurred?
10. What tracks user activities and system events?