Читаем CISSP Practice полностью

The hypervisor or virtual machine (VM) monitor is an additional layer of software between an operating system and hardware platform that is used to operate multitenant VMs in cloud services. Besides virtualized resources, the hypervisor normally supports other application programming interfaces (APIs) to conduct administrative operations, such as launching, migrating, and terminating VM instances. It is the virtualization component that manages the guest operating systems (OSs) on a host and controls the flow of instructions between the guest OSs and the physical hardware. Compared with a traditional non-virtualized implementation, the addition of a hypervisor causes an increase in the attack surface, which is risky.

I

Identification

(1) The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system. (2) The process of discovering the true identity (i.e., origin, initial history) of a person or item from the entire collection of similar persons or items. Identification comes before authentication.

Identifier

A unique data string used as a key in the biometric system to name a person’s identity and its associated attributes.

Identity

(1) A unique name of an individual person. Because the legal names of persons are not necessarily unique, the identity of a person must include sufficient additional information (for example, an address or some unique identifier such as an employee or account number) to make the complete name unique. (2) It is information that is unique within a security domain and which is recognized as denoting a particular entity within that domain. (3) The set of physical and behavioral characteristics by which an individual is uniquely recognizable.

Identity-based access control (IBAC)

An access control mechanism based only on the identity of the subject and object. An IBAC decision grants or denies a request based on the presence of an entity on an access control list. IBAC and discretionary access control are considered equivalent.

Identity-based security policy

A security policy based on the identities and/or attributes of the object (system resource) being accessed and of the subject (e.g., user, group of users, process, or device) requesting access.

Identity binding

Binding of the vetted claimed identity to the individual (through biometrics) according to the issuing authority.

Identity management

Identity management system comprised of one or more systems or applications that manages the identity verification, validation, and issuance process.

Identity proofing

(1) A process by which a credential service provider (CSP) and a registration authority (RA) validate sufficient information to uniquely identify a person. (2) The process of providing sufficient information (e.g., identity history, credentials, and documents) to a personal identity verification (PIV) registrar when attempting to establish an identity.

Identity registration

The process of making a person’s identity known to the personal identity verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.

Identity token

A smart card, a metal key, or some other physical token carried by a system user that allows user identity validation.

Identity verification

The process of confirming or denying that a claimed identity is correct by comparing the credentials (i.e., something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the personal identity verification (PIV) card or system and associated with the identity being claimed.

Impact

The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, loss of information, or loss of information system availability.

Impersonating

An attempt to gain access to a computer system by posing as an authorized user. Synonymous with masquerading, spoofing, and mimicking.

Implementation attacks

Implementation attacks can occur when hardware or software is not implemented properly or is not used correctly. For example, if a secure socket layer (SSL) protocol or transport layer security (TLS) protocol is implemented improperly or used incorrectly, it is subjected to a man-in-the-middle (MitM) attack. This attack occurs when a malicious entity intercepts all communication between the Web client and the Web server with which the client is attempting to establish an SSL/TLS connection.

Inappropriate usage

A person who violates acceptable use of any network or computer policies.