Access Control controlling access to resources on a computer or network system. MAC Mandatory Access Control (MAC) models, the administrator manages access controls. The administrator defines a policy, which users cannot modify. For highest confidentiality. DAC Discretionary Access Control (DAC). A subject has complete control over the objects that it owns and the programs that it executes. Programs executed by a user will have the same permissions as the user who is executing it. RBAC In Role Based Access Control models, an administrator defines a series of roles and assigns them to subjects. Different roles can exist for system processes and ordinary users. Objects are set to be a certain type, to which subjects with a certain role have access. RB-RBAC Rule-Based Access Control. Dynamically assigns roles to subjects based on their attributes and a set of rules defined by a security policy. Identification Telling the system who you are Authentication Process of proving to a system that you are who you say you are. Something you know (i.e. a username and password). Something you have (i.e. a smartcard) Something you are (i.e. your finger print, hand writing, voice pattern) Multi-factor authentication = two or more authentication methods used in conjunction Password guessing/Brute-force attacks Password checker tries the password until it succeeds. Password aging As a password gets older there's an increased chance of it getting disclosed. Cognitive passwords Your mother's last name, 'matrix' or 'qwerty'. When a person or password checker tries to guess the password, it will typically start with com