Windows security features, Password policy guidelines, File system permissions, User account types, Security principles

WK03 C229 Cloud Computing Essentials

Access Control Models

Frameworks and methods used to determine and enforce who can access what resources and perform which actions.

Active Directory (AD)

A directory service developed by Microsoft for Windows domain networks. It is used to manage user accounts, computers, and other network resources, and to enforce security policies.

Password Policy

A set of rules that defines the requirements for creating and using passwords on a computer system or network, often including minimum length, complexity requirements, and expiration rules.

Password Complexity

Requirements for a password to include a combination of character types (uppercase letters, lowercase letters, numbers, special characters) and to not contain easily guessed information like parts of the username.

Default User Accounts

Predefined user accounts created automatically during the installation of an operating system, often with specific levels of privilege.

Guest Account

A default user account often created by operating systems to allow temporary or limited access to the system for users without a standard account.

Windows File Permissions (NTFS Permissions)

Permissions applied to files and folders on partitions formatted with the NTFS file system, controlling access for local and network users and groups.

Network Share Permissions (Share Permissions)

Permissions applied to folders shared over a network, controlling access for users connecting to the shared resource.

Effective Permissions

The actual permissions a user has on a resource, calculated by combining permissions granted through their user account and any groups they belong to, considering permission precedence rules.

Principle of Least Privilege (POLP)

A security principle that dictates that users, accounts, and processes should be granted only the minimum level of access or permissions necessary to perform their intended functions.

Separation of Duties (SOD)

A security principle and internal control mechanism that involves dividing tasks or responsibilities among multiple individuals to prevent a single person from having complete control over a critical process, reducing the risk of fraud, error, or abuse. Also known as segregation of duties.

Privilege Escalation

The act of gaining unauthorized elevated access or permissions on a computer system or network, typically moving from a standard user account to an administrator or system-level account.

NTFS (New Technology File System)

The primary file system used by recent versions of Microsoft Windows, offering features like security permissions, encryption, and compression.

DAC (Discretionary Access Control)

An access control model where the owner of a resource can determine who has access to it and what permissions they have.

Inheritance (Permissions)

The process by which permissions assigned to a parent folder are automatically applied to its child folders and files.

Explicit Permissions

Permissions that are directly assigned to a user or group on a specific object (file or folder), not inherited from a parent.

Inherited Permissions (Implicit Permissions)

Permissions that an object receives from its parent folder.

Precedence (Permissions)

The order in which conflicting permissions are evaluated to determine a user's effective access to a resource.

Cumulative Permissions (Additive Property)

The rule that if a user is a member of multiple groups with different permissions on the same object, their effective permissions are the sum of all the allowed permissions from those groups (unless a Deny permission is present).

UNC (Universal Naming Convention)

A standard format used to specify the location of network resources, such as shared folders, using a path that includes the server name and share name

(e.g., \\servername\sharename).