• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/216

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

216 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)
What is access Control
the ability to permit or deny the use of an object (passive such as file or system) by a subject (active such as individual or process).
Look at passive and active
What are different types of controls (not just access)
Access Control
Correct Control
Deterrent
Recovery
Compensating
What is Preventive Control
Controls reduce risks
Part of AC
What is Detective Control
Controls identify violations and incidents
Part of AC
What is corrective control
remedy violations and incidents and improve existing preventive and detective controls
What is deterrent?
discourages violations
What is recovery
Restore systems and information
What is compensating
Alternerative Controls
Access Controls can be?
Administrative
techincal
physical
What do Administrative Controls include
policies and procedures that an organization implements as part of its overall information secutiy strategy
Administrative Controls ensure that technical and physicall controls are?
understood and properly implemented in accordance with the organizations security policy
What is the purpose of administrative controls
preventive and detective
What is the purpose of administrative Controls
Policies and procedures
Security awareness training
Asset classification and control
Employment policies and practices (background checks, job rotations, and separation of duties and responsibilities)
Account administration
Account, log, and journal monitoring
Review of audit trails
How do technical controls (logical) work
By using hardware and software technology to implement access control
What do preventive technical controls include
Encryption: Data Encryption Standard (DES), Advanced Encryption Standard (AES), Merkle-Hellman Knapsack.

Access control mechanisms: Biometrics, smart cards, and tokens.

Access control lists

Remote access authentication protocols: Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP), Remote Authentication Dial-In User Service (RADIUS), Lightweight Directory Access Protocol (LDAP).
What do detective technical controls include?
Violation reports

Audit trails

Network monitoring and intrusion detection
What is physical controls?
ensure the safety and security of the physical environment
physical controls can be preventive or detective
What do preventive physical controls include
Environmental controls (for example: heating, ventilation, and air conditioning [HVAC])

Security perimeters (fences, locked doors, and restricted areas)

Guards and dogs
What do Detective physical controls include
Motion detectors

Video cameras

Environmental sensors and alarms (to detect heat, smoke, fire, and water hazards)
What is it called when a control failure results in no accesses permitted
fail closed
What is it called when a control failure results in all accesses permitted
fail open
What are the service that are provide by Access Control
Authentication
Authorization
Accountability
What is the two step process of Authentication (who can log in)?
Identification
Authentication

aka (I&A)
What is identifcation?
the means by which a user claims a specific identity to a system
What is authentication?
process of verifying the identity
What does authentication determine
Who can log in
What does Authentication determine?
Who can log in
What does authorization defines
Rights and permissions granted to a user account or process.
Also known as establishment
After a user is authenticated what does authorization determine?
What the user can do with a system or resource
What does accountability have the ability to do?
Associate users and processes with their actions
What are some of the components of accountability
Audit trails and system logs
What is an important secutiy concept that's closely related to accountability
Non-repudiation
What does non-repudiation mean?
A user can't deny an action because her identity is positively assocatied with her actions
What does accountability determine
What a subject did
What are two categories of access control
system access control and data acccess control
What does system access controls control?
protect the entire system and provide a first line of defense for the data contained on the system

(provide first line of defense in information security).
What does data access controls control?
implemented to protect the data contained on the system
System access controls can provide complete authentication, authorization and acccountability but it is renowed for which one
authentication
Authentication can be based on any of three factors
Something you know, such as a password or a personal identification number (PIN)

Something you have, such as a smart card or token

Something you are, such as fingerprint, voice, retina, or iris characteristics:
What is the concept of Something you know, such as a password or a personal identification number (PIN) base on
This concept is based on the assumption that only the owner of the account knows the secret password or PIN needed to access the account. Of course, passwords are often shared, stolen, guessed, or otherwise compromised.
What is the concept of something that you such as smart card or token based on?
This concept is based on the assumption that only the owner of the account has the necessary key to unlock the account. Of course, keys are often lost, stolen, borrowed, or duplicated.
What is the concept of Something you are, such as fingerprint, voice, retina, or iris characteristics based on?
This concept is based on the assumption that the finger or eyeball attached to your body is actually yours and uniquely identifies you. Of course, fingers and eyes can be lost or. . . . Actually, the major drawback
with this authentication mechanism is acceptance — people are uneasy about using these systems
What does two-factor authentication require
Required two of the three authentication factors
Three factor authentitcation requires
All three factors for authentication
What is a commonly cited example of an access control system that uses two-factor autehntication
ATM machine
What is an identifcation and authenticantion technique that is knowledged based
passwords/passphrases and PINS
What is an identifcation and authenticantion technique that is character based
biometrics and behavior
What is the main requirement for identification?
It must uniquely identify the user and shouldn't identfy the user's role or imprtance in the organization.
What types of accounts should be avoided
root, admin, or system
What is the act of claiming a specific identy refered to
identifcation
What is the act of verifying that identity
authentication
Hackers =
good
Crackers =
bad
What is hackeris
used to describe both hackers and crackers in general
What are common problems with passwords and passphrases
1. insecure
2. easily broken
3. inconvenient
4. refutable
Why are passwords and passphrases insecure
human nature - users choose passwords easy to remember easy to guess. Users may also be inclined to write down passwords. Sharing passwords

Transmission and storage - passwords are transmited in clear text (file transfer (FTP) and PAP). Passwords may also be stored in plain text files or by using a weak hashing algorithm
Why are passwords and passphrases easily broken?
Passwords are susceptible to brute force and dictionary attacks (which we discuss later in this chapter in the section “Methods of attack”) by readily available programs such as Crack, John the Ripper, and l0phtcrack (pronounced loft-crack).
Why are passwords and passphrases inconvenient?
Entering passwords can be tiresome for users who are easily agitated. In an attempt to bypass these controls, users may select an easily typed, weak password; they may automate logons (for instance, selecting Remember my password in a browser) or neglect to lock their workstations or to log out when they leave their desks.
Why are passwords and passphrases refutable?
Transactions authenticated with only a password don’t necessarily provide absolute proof of a user’s identity. Authentication mechanisms must guarantee non-repudiation, which is a critical component of accountability
Passwords have the following login controls and management features that should be configured in accordance with an organization’s security policy and security best practices:
Length:
Complexity:
Aging:
History:
Limited attempts:
Lockout duration:
Limited time periods
System messages: (logon banner, last username, last sucessful logon
Why is the length of the the password important?
The longer the better. A password is, in effect, an encryption key. Just as larger encryption keys (such as 128-bit or 256-bit) are better, so too are longer passwords. Systems should be configured to require a minimum password length of 6–8 characters.
Why is the complexity of the password important
Strong passwords contain a mix of upper-and lowercase letters, numbers, and special characters such as # and $. Be aware that certain special characters may not be accepted by some systems or may perform special functions (that is to say, in terminal emulation software).
What is password aging important?
Maximum password aging should be set to require passwords at regular intervals: 30, 60, or 90 days is usually recommended. Minimum password aging — one day is usually recommended — should also be set to prevent users from easily circumventing password history controls.
Why is important to use password history?
Password history settings (five is usually recommended) allow a system to remember previously used passwords. This security setting prevents users from circumventing maximum password aging by alternating between two or three familiar passwords when required to change their passwords.
Why is limited attempts of passwords important?
This control limits the number of unsuccessful log-on attempts and consists of two components: counter threshold (3 is usually recommended) and counter reset (30 minutes is usually recommended).
What is lockout duration?
When the counter threshold that we describe in the preceding bullet has been exceeded, the account is locked out. Lockout duration is commonly set to 30 minutes but can be set for any duration. If the duration is set to forever, an administrator must unlock the account. Some systems don’t notify the user when an account has been locked out but instead quietly alert the system administrator to a possible break-in attempt.
What is limited time periods
This control restricts the time of day that a user can log in. For example, limiting users to access during business hours only is very effective. However, this type of control is becoming less common in the modern age of the workaholic with erratic work hours and in the global economy.
What is important to know about a logon banner
Welcome messages invite criminals to access your systems. Disable any welcome message and replace it with a legal warning that requires the user to click OK to acknowledge
What is important to know about last username
Many popular operating systems display the user-name of the last successful logon. This feature is a convenience for users (who only need to type in their password) and hackers (who only need to crack the password without worrying about matching it to a valid user account). Disable this feature.
What is important to know about last successful logon
After successfully logging onto the system, this message tells the user the last time that he logged on. If the system shows that the last successful logon for a user was Saturday morning at 2 a.m. and the user knows that he couldn’t possibly have logged in at that time because he has a life, he’ll know that his account has been compromised and can report the incident accordingly.
What are some of the widely available and well-known guidelines for creating more secure passwords?
Mix upper-and lowercase characters.

Replace letters with numbers (for example, replace e with 3).

Combine two words by using a special character.

Use the first letter from each word of a nonsense phrase from a nonsense song (for example, “Oops! ...I Did It Again” becomes O!Idia).
What is the only absolute method for positvely identifying an individual?
Base authentication on some unique physiological or behavioral characteristic of that individual.
What are some of the physiological characteristics?
fingerprints, hand geometry, and facial features such as retina and iris patterns
What are some of the biometrics indentification characteristics?
voice, signature, and keystroke patterns
How is the concept of I&A applied differently in biometric access control system?
Physical access controls Physical access controls: The individual presents the required biometric characteristic, and the system attempts to identify the individual by matching the input characteristic to its database of authorized personnel. This is also known as a one-to-many search.

Logical access controls: The user enters a username or PIN (or inserts a smart card) and then presents the required biometric characteristic for verification. The system attempts to authenticate the user by matching the claimed identity and the stored biometric image file for that account. This is also known as a one-to-one search.
What are the necessary factors for an effective biometrics access control system?
Accuracy
Speed and throughput
data storage requirements
reliablility
acceptability
What is the most important characteristic of any biometric system
accuracy
The characteristic or body organ measured to guarantee positive indiection is an important element of accuracy what needs to be measured
uniqueness
What are the two organs that satisfy the requirement of uniqueness in common biometric systems
Fingers/hands
eyes
In addition to uniqueness what is another important element of accuracy
systems ability to detect and reject forged ro counterfeit imput data
The accuracy of a biometric system is normally stated how
as a percentage
What is False Reject Rate abbreviateion
FRR
What type error is FRR
falee reject rate - Type I error
What is the False Reject Rate (FRR) or Type I error percentage of?
authorized users who are incorrectly denied access
What does the abbreviation FAR stand for?
False Accept Rate
What type of error is FAR
Type II error
What is the False Accept Rate or Type II error the percentage of
unauthorized users who are incorrectly granted access
What does the abbreviation CER stand for
Crossover Error Rate
What is the Crossover Error Rate
The point at which the FRR equals the FAR stated as a percentage.
What is considered the most important measure of biometric system accuracy
CER
because FAR and FRR can be adjusted by changing a system's sensitivity
What describes the length of time required to complete the entire authentication process
speed and throughput
includes stepping up to access door.
What is acceptable standard for speed and throughput for biometric system
Less than 5 seconds / 6 to 10 per minute
What is acceptable stand for speed and throughput of an initial enrollment
less than 2 minutes
What is the biggest hurdle to widespread implementation of biometric systems
acceptability
What is the CER accuracy percentage that is generally accepted standard for biometric systems
<10%
What are common types of physiological biometric access control systems
Finger scan systems
hand geometry systems
Retina pattern
iris pattern
What is the most common physiological biometric system in use today.
Finger Scan systems
How do finger scan systems work?
by analyzing the ridges, whorls, and minuiae of a fingerprint to create a digitized image that uniquely identifies the owner of the figerprint.
How do finger scan systems differ from fingerprint recognition systesm
finger scan systems do not store an image of the entire fingerprint only a digitized file describing its unique characteristics
What type of physiologic biometric system are more accurate than finger scan systems and have some of the smallest file sizes compared with other biometric system types?
hand geometry systems
How do retina pattern systems work
record unique elements in the vascular pattern of the retina with only a camera with a focused low-intensity light.
What are some of the disadvantages of retina pattern systems
Perceived intrusiveness
Sanitation
privacy concerns
What type of biometric system is the most accurate
iris pattern
Why is the iris pattern such an accurate biometric system
Because the iris is formed before birth and remains the same throughout life
How does the iris pattern biometric system work
A camera is directed at an aperture mirror scans the iris pattern. The subject must glance at the mirror from a distance fo about 3 to 10 inches
What are common types of behavioral biometric systems?
Voice Recgnition
Signature dynamics
How do voice recognization systems work?
These systems capture unique characteristics of a subject's voice and also analyze phonetic or linguistic patterns

Most are text dependent
What type of of factor authentication does voice recognition provide
Two factor - something you know (phrase) Something you are (your voice)
How do signature dynamics work?
These systems typically require the subject to sign his name on a signature tablet.
What is a one-time password
a password that is valid of one logon session only
what is a dynamic passwork?
It changes at some rgular interval or event
A one time password is a dynamic password
What is a static password
A password that is the same for each logon
What are two examples of one-time passwords
Tokens and S/Key protocol
What is S/Key protocol
is client/server based and uses md4 and md5 to generate one time passwords
What are tokens?
Access control devices such as key fobs, dongles, smart cards, magnetic cards and keypard or calculator-type cards that store static passwords or digitial certificatione or generate dynamic passwords
What are three general types of tokens?
Static password tokens
Synchronous dynamic password tokens
Asynchronous dynamic passwords
What do Synchronous dynamic password tokens do?
Continuously generate a new passowrds or passcords at a fixed time interval or event. Typeically the passcode is valid only during a fixed time window and only for a single logon.
What do asynchronous (or challege-response) dynamic passwords tokens do?
generate a new password or passcode asynchronously by calculating the correct response to a system-generated random challege string that's manually entered into the token by its owner
Tokens can be used to generate?
one-time password / provide two factor authentication
What does the concept of Single sign on (SSO) address?
For both users and security adminitsrators
From the security administrator’s perspective, multiple accounts mean multiple vulnerabilities. Every account that exists in a system, network, or application is a potential point of unauthorized access. Multiple accounts belonging to a single user represent an even greater vulnerability:

Users that require access to multiple systems or applications must often maintain numerous different passwords. This inevitably leads to shortcuts in creating and recalling passwords; weak passwords with only slight variations are used and more likely to be written down.

Multiple accounts also affect user productivity (and sanity!). Someone has to create and maintain accounts; supporting, removing, resetting, and disabling passwords, as well as unlocking accounts.

How does SSO work
allows a user to present a single set of logon credentials which then transparently logs the user on to all other systems which that user is authorized
What are two disadvantages of SSO
1. You have unrestricted access to all authroized systems once your logged on.
2. Labor intensive to implement
What are three examples of ticket-based authentication protocols that provide SSO services
Kerberos
SESAME
KryptoKnight
What is Kerberos
Most popular ticket-based authentication protoocol.
What are the step-by step description of Kerberos
1.The Kerberos client prompts the subject (such as a user) for identification and authentication (username and password). Using the authentication information (password), the client temporarily generates and stores the subject’s secret key by using a one-way hash function and then sends the subject’s identification (username) to the Key Distribution Center (KDC).
2. The KDC Authentication Service (AS) verifies that the subject (known as a principal) exists in the KDC database. The KDC Ticket Granting Service (TGS) then generates a Client/TGS Session Key encrypted with the subject’s secret key, which is known only to the TGS and the client (temporarily). The TGS also generates a Ticket Granting Ticket (TGT), comprising the subject’s identification, the client network address, the valid period of the ticket, and the Client/TGS Session Key. The TGT is encrypted by using the secret key of the TGS server, which is known only to the TGS server. The Client/TGS Session Key and TGT are then sent back to the client.
3. The client decrypts the Client/TGS Session Key with the secret key that was generated by using the subject’s password, authenticates the subject (user), and then erases the stored secret key to avoid possible compromise. The TGT, which was encrypted with the secret key of the TGS server, cannot be decrypted by the client.
4. When the subject requests access to a specific object (such as a server, also known as a principal), it sends the TGT, the object identifier (such as a server name), and an authenticator to the TGS server. The authenticator is a separate message that contains the client ID and a timestamp, and using the Client/TGS Session Key encrypts it.
5. The TGS server generates both a Client/Server Session Key, which is encrypted by using the Client/TGS Session Key, and a Service Ticket, which comprises the subject’s identification, the client network address, the valid period of the ticket, and the Client/Server Session Key. The Service Ticket is encrypted by using the secret key of the requested object (server), which is known only to the TGS server and the object. The Client/Server Session Key and Service Ticket are then sent back to the client.
6.The client decrypts the Client/Server Session Key by using the Client/Server TGS Key. The Service Ticket, which was encrypted with the secret key of the requested object, cannot be decrypted by the client.
7.The client can then communicate directly with the requested object (server). The client sends the Service Ticket and an authenticator to the requested object (server). The authenticator, comprising the subject’s identification and a timestamp, is encrypted by using the Client/Server Session Key that was generated by the TGS. The object (server) decrypts the Service Ticket by using its secret key. The Service Ticket contains the Client/Server Session Key, which allows the object (server) to then decrypt the authenticator. If the subject identification and timestamp are valid (according to the subject identification, client network address, and valid period specified in the Service Ticket), then communication between the client and server is established. The Client/Server Session Key is then used for secure communications between the subject and object.
What is SESAME?
The Secure European System and application in a multi-vendor environment project a ticket based system like Kerveos with some additional security enchancements.
What does SESAME provide?
It uses public key cryptography to distribute secret keys, incorporates a trusted authentication server at each host, employs MD5 and CRC-32 one-way hash functions, and uses two separate certificates (or tickets) to provide authentication and define access privileges
What is KryptoKnight?
is another example of a ticket-based SSO authentication system that establishes peer-to-peer relationships between the Key Distribution Center (KDC) and its principals.
What are access control methodologies classified?
centralized or decentralized
What are the centralized access control methods?
LDAP
RAS (PAP and Chap)
RADIUS
Diameter
TACACS
What does LDAP stand for?
Lightweight Directory Access Protocol
What is LDAP?
is both an IP protocol and a data model. LDAP is used to support authentication and directory functions for both persons and resources.
What are some of the vendors that have implemented LDAP
Active Directory from Microsoft

eTrust Directory from CA

Apache Directory Server

Novell eDirectory

IBM SecureWay and Tivoli Directory Server

Sun Directory Server

Several open source versions of LDAP are also available, including OpenLDAP and tinyldap.
What does RAS stand for?
Remote Access Service
How does RAS work?
servers utilize the Point-to-Point Protocol (PPP) to encapsulate IP packets and establish dial-in connections over serial and ISDN links
What are the Remote Access Service PPP incorporates?
PAP, CHAP, EAP
What does PAP stand for?
Password Authenitciate Protocol
How does PAP work?
uses a two-way handshake to authenticate a peer to a server when a link is initially established. PAP transmits passwords in clear text and provides no protection from replay or brute force attacks
What does CHAP stand for?
Challenge Handshake Authentication Protocol
How does CHAP work?
uses a three-way handshake to authenticate both a peer and server when a link is initially established and, optionally, at regular intervals throughout the session. CHAP requires both the peer and server to be preconfigured with a shared secret that must be stored in plain text. The peer uses the secret to calculate the response to a server challenge by using an MD5 one-way hash function. MS-CHAP, a Microsoft enhancement to CHAP, allows the shared secret to be stored in an encrypted form.
What does EAP stand for?
Extensible Authenication Protocol
How does EAP work?
adds flexibility to PPP authentication by implementing various authentication mechanisms including MD5-challenge, S/Key, generic token card, digital certificates, and so on. EAP is implemented in many wireless networks.
What does Radius stand for?
Remote Authentication Dial-in User Service
How does RADIUS work
Protocol is an open-source, User Datagram Protocol-(UDP) based client-server protocol. RADIUS provides authentication and accountability. A user provides username/password information to a RADIUS client by using PAP or CHAP. The RADIUS client encrypts the password and sends the username and encrypted password to the RADIUS server for authentication
When are Radius passwords encrypted?
Passwords exchanged between the RADIUS client and RADIUS server are encrypted
When are RADIUS passwords not necessarily encrypted?
passwords exchanged between the PC client and the RADIUS client are not necessarily encrypted — if using PAP authentication
PC client happens to also be the RADIUS client, all password exchanges will be encrypted regardless of the authentication protocol being used.
How does Diameter work
This next-generation RADIUS protocol overcomes RADIUS’ deficiencies. Diameter is backward compatible with RADIUS and provides an upgrade path for RADIUS-based environments.
Diameter is not an acronym, but a pun on the term RADIUS (in geometry, the diameter of a circle is twice its radius
What does TACACS stand for?
Terminal Access Controller Access Control System
How does TACACS work
is a UDP-based access control protocol, originally developed for the MILNET (U.S. Military Network), which provides authentication, authorization, and accountability (AAA). The original TACACS protocol has been significantly enhanced, primarily by Cisco, as XTACACS (no longer used) and TACACS+ (which is the most common implementation of TACACS). TACACS+ is TCP-based (port 49) and supports practically any authentication mechanism (PAP, CHAP, MS-CHAP, EAP, token cards, Kerberos, and so on). The basic operation of TACACS+ is similar to RADIUS, including the caveat about encrypted passwords between client and server. The major advantages of TACACS+ are its wide support of various authentication mechanisms and granular control of authorization parameters. RADIUS and TACACS+ use dynamic passwords and TACACS uses static passwords.
What is a decentralized access control system
maintain user account information in separate locations by different administrators throughout an organization or enterprise
What are examples of decnetralized access controls
Domain / Databases
What is a domain?
is a collection of users, computers, and resources (such as printers) with a common security policy and single administration
What does a database view do?
is a logical operation that can be used to restrict access to specific information in a database, hide attributes, and restrict queries available to a user. Views are a type of constrained user interface that restricts access to specific functions by not allowing a user to request it.
What is an example of a constrained user interface
A database view
What are the methods of attacks against access control systems?
Brute force or dictionary attack
Buffer or stack overflow
Man-in-the-middle attacks
Packet (password) sniffing
Session hijacking
Social engineering
What is a brute force or dictionary attack
the attacker attempts every possible combination of letters, numbers, and characters to crack a password, passphrase, or PIN. A dictionary attack is essentially a more focused type of brute force attack in which a predefined word list is used. Such word lists or dictionaries, including foreign language and special-interest dictionaries, are widely available on the Internet for use in password-cracking utilities such as l0phtcrack and John the Ripper.
What is buffer or stack overflow attack
constitute the most common and successful type of computer attacks today. Although often used in denial-of-service attacks, buffer overflows in certain systems or applications may enable an attacker to gain unauthorized access to a system or directory. A teardrop attack is a type of stack overflow attack that exploits vulnerabilities in the IP protocol.
What is man-in-the-middle attack?
This method involves an attacker intercepting messages between two parties and forwarding a modified version of the original message. For example, an attacker may substitute his own public key during a public key exchange between two parties. The two parties believe that they’re still communicating with each other and unknowingly encrypt messages by using the attacker’s public key rather than the intended recipient’s public key. The attacker can then decrypt secret messages between the two parties, modify their contents as desired, and send them on to the unwary recipient.
What is packet (password) sniffing?
an attacker uses a sniffer to capture network packets and analyze their contents, such as usernames/passwords and shared keys
What is social engineering attack
This low-tech method is one of the most effective and easily perpetrated forms of attack. Common techniques involve dumpster diving, shoulder surfing, raiding cubicles (passwords on monitors and under mouse pads), and plain ol’ asking. This latter brazen technique can simply be the attacker calling a user, pretending to be a system administrator and asking for the user’s password, or calling a help desk pretending to be a user and asking to have the password changed.
What do data access control techniques do?
Protect systems and information by restricting access to system files and user data based on object identiy.

Also provide authorization and accountability relying on system access controls to provide identification and authentication.
How are data access control techniques categorized
discretionary / mandatory
What is discretionary access control (DAC)?
the owner determines the access policy
What are two important concepts in DAC
File and data ownership
Access rights and permissions
What is the concept of file and data ownership?
every object in a system must have an owner. Theoretically, an object without an owner is left unprotected. Normally, the owner of a resource is the person who created the resource (such as a file or directory), but in certain cases, the owner may need to be explicitly identified as an administrative function.
What is the concept of access rights and permissions?
These are the controls that an owner can assign to individual users or groups for specific resources. Various systems (Windows-based, UNIX-based, and Novell-based) define different sets of permissions that are essentially variations or extensions of three basic types of access:

Read (R): The subject can read contents of a file or list contents of a directory.

Write (W): The subject can change the contents of a file or directory (including add, rename, create, and delete).

Execute (X): If the file is a program, the subject can run the program.
What is two ways to provide a flexible method for applying discretionary access controls
Access Control Lists (ACLs)
Role based access controls.
What are ACLs
lists the specific rights and permissions that are assigned to a subject for a given object.
ACLs are implemented different on different OS's

ACLs within DAC have nothing to do with ACLs used on routers
What is role-based access control?
group membership based on organizational or functional roles.
Individuals may belong to one or many groups (acquiring cumulative permissions or limited to the most restrictive set of permissions for all assigned groups), and a group may contain only a single individual (corresponding to a specific organizational role assigned to one person). Access rights and permissions for objects are assigned to groups rather than (or in addition to) individuals. This strategy greatly simplifies the management of access rights and permissions
What are the major disadvantages of discretionary access control techniques?
Lack of centralized administration

Dependence on security-conscious resource owners

Many popular operating systems defaulting to full access for everyone if the owner doesn’t explicitly set permissions

Difficult, if not impossible, auditing
What is a mandatory access control (MAC)
is an access policy determined by the system rather than the owner,
in contrast to DAC
How is MAC used
multilevel systems that process highly sensitive data, such as classified government and military information.
the system determines the access policy.
What is a multilevel system
a single computer system that handles multiple classification levels between subjects and objects.
What are two important concepts in MAC
1. Sensitivity lables
2. Data import and export
What are sensitivity lables?
all subjects and objects must have labels assigned that specifies its level of trust
An object’s sensitivity label specifies the level of trust required for access. In order to access a given object, the subject must have a sensitivity level equal to or higher than the requested object. For example, a user (subject) with a Top Secret clearance (sensitivity label) is permitted access to a file (object) with a Secret classification level (sensitivity label) because her clearance level exceeds the minimum required for access.
What is data import and export critical functions of MAC-based system.
Controlling the import of information from other systems and export to other systems (including printers) is a critical function of MAC-based systems, which must ensure that sensitivity labels are properly maintained and implemented so that sensitive information is appropriately protected at all times.
What is rule-based access control?
define specific conditions for access to a requested object.
all MAC-based systems implement a simple form of rule-based access control by matching an object’s sensitivity label and a subject’s sensitivity label to determine whether access should be granted or denied.
What is a lattice based access control?
A lattice model is a mathematical structure that defines greatest lower-bound and least upper-bound values for a pair of elements, such as a subject and an object. This model can be used for complex access control decisions involving multiple objects and/or subjects. For example, given a set of files with multiple classification levels, the lattice model determines the minimum clearance level that a user requires to access all the files.
What are the major disadvantages of MAC techniques
Lack of flexibility

Difficulty in implementing and programming

User frustration
What are access control models?
Models are used to express access control requirements in a theoretical or mathematical framework that precisely describes or quantifies its function
What are common access control models?
Bell-LaPadula, Biba, Clark-Wilson, noninterference, access matrix, and information flow
What is the Bell-LaPadula model?
was the first formal confidentiality model of a mandatory access control system. Bell-LaPadula is a state machine model that addresses only the confidentiality of information.
What is the basic premise of Bell-LaPadula model?
information cannot flow downward
What are the two properties that the Bell-LaPadula defines?
simple security property (ss property): A subject cannot read information from an object with a higher sensitivity label ( no read up, or NRU).

*-property (star property): A subject cannot write information to an object with a lower sensitivity label ( no write down, or NWD).
What is a secure state?
is defined and maintained during transitions between secure-states
What does Bell-LaPadula address
Confidentiality
What is the Biba model?
was the first formal integrity model. Biba is a lattice-based model that addresses the first goal of integrity — ensuring that modifications to data are not made by unauthorized users or processes.
What is the Biba model sometimes referred to as?
Bell-LaPadula upside down
Waht are the two properties that Biba defines
simple integrity property: A subject cannot read information from an object with a lower integrity level (no read down).

*-integrity property (star integrity property): A subject cannot write information to an object with a higher integrity level (no write up
What does Biba and Clark-Wilson both address
Integrity
What does the Clark-Wilson model establish?
security framework for use in commercial activities, such as the banking industry
How many of the integrity goals does Clark-Wilson address?
All three goals of integrity.
What special requirements are idntified by Clark-Wilson?
Unconstrained data item (UDI): Data outside the control area, such as input data.

Constrained data item (CDI): Data inside the control area (integrity must be preserved).

Integrity verification procedures (IVP): Checks validity of CDIs.

Transformation procedures (TP): Maintains integrity of CDIs.
What is a noninterference model?
that the actions of different objects and subjects are not seen by and don’t interfere with other objects and subjects on the same system
What is access matrix model
provides object access rights ( read/write/ execute, or R/W/X) to subjects in a DAC system. An access matrix consists of access control lists (ACLs) and capability lists
What is information flow model?
is a lattice-based model in which objects are assigned a security class and value and their direction of flow is controlled by a security policy.
Why perform testing of access control?
Penetration and vulnerability testing should be performed on systems to ensure that they don’t possess any of the vulnerabilities or weaknesses that could permit unauthorized persons to view or alter information. Penetration testing, or pen testing, can be carried out manually, but more often than not, automated tools can be used to quickly and easily identify most weaknesses in a system or its software applications.
What is port scanning?
The process of probing a system to determine which TCP/IP service ports are running on the system.
What is application scanning?
The process of assessing whether an online application has any specific weaknesses that could permit exploitation. Some types of application scanning examine the source code itself in order to more easily identify vulnerabilities
What is black box testing?
This type of testing is carried out with no prior knowledge of the system being tested. This is the kind of testing that hackers perform — they don’t know anything about the system(s) they are probing.
What is white box testing?
The person(s) doing the testing have complete knowledge about the system being tested. This testing provides maximum assurance that any vulnerabilities can be identified, even if the people doing the testing are given hints in advance
What is grey box testing?
the people doing the testing have some knowledge about the system being tested.
What is host scanning?
The process of scanning a network in order to discover any host computers on the network
What is OS detection?
Determining the version of a host operating system, or the version of an operating system or network device software version
When should a system be tested for vulnerabilities?
before they are placed into production use. This principle is especially true for systems that will be accessed through the Internet.
How should organizations test.
adopt a software development life cycle (SDLC) process to govern any software development or integration activities. Software vulnerability testing should be a formal part of the SDLC.
General purpose control types include all the following except:

A. Detective

B. Mandatory

C. Preventive

D.Compensating
B - MANDATORY
Control types identified by purpose include preventive, detective, corrective, deterrent, recovery, and compensating controls.
Violation reports and audit trails are examples of what type of control?

A. Detective technical

B. Preventive technical

C. Detective administrative

D. Preventive administrative
A - DETECTIVE TECHNICAL
Preventive technical controls include access control mechanisms and protocols. Review of audit trails is a detective administrative control, but the actual generating of audit trails is a technical function (control).
A user cannot deny an action” describes the concept of

A. Authentication

B. Accountability

C. Non-repudiation

D. Plausible deniability
C - NON-REPUDIATION
Authentication and accountability are related to but aren’t the same as non-repudiation. Plausible deniability is a bogus answer
Authentication can be based on any combination of the following factors except

A. Something you know

B. Something you have

C. Something you need

D. Something you are
C. Something you need
The three factors of authentication are something you know, something you have, and something you are.
Unauthorized users that are incorrectly granted access in biometric systems are described as the

A. False Reject Rate (Type II error)

B. False Accept Rate (Type II error)

C. False Reject Rate (Type I error)

D. False Accept Rate (Type I error)
B. False Accept Rate (Type II error)
You should know the biometric error types by both descriptions.The False Reject Rate is aType I error and describes the percentage of authorized users that are incorrectly denied access.
All the following devices and protocols can be used to implement one-time passwords except

A. Tokens

B. S/Key

C. Diameter

D. Kerberos
D. Kerberos
Kerberos is a ticket-based authentication protocol. Although the tickets that are generated are unique for every logon, Kerberos relies on shared secrets that are static.Therefore, Kerberos isn’t considered a one-time password protocol. Review these three sections: “One-time passwords,” “Tokens,” and “Single sign-on (SSO).”
Which of the following PPP authentication protocols transmits passwords in clear text?

A. PAP

B. CHAP

C. MS-CHAP

D. FTP
A. PAP
The Password Authentication Protocol (PAP) transmits passwords in clear text. CHAP and MS-CHAP authenticate using challenges and responses that are calculated, using a one-way hash function. FTP transmits passwords in clear text but isn’t a PPP authentication protocol
Which of the following is not considered a method of attack against access control systems?

A. Brute force

B.Dictionary

C.Denial of service

D.Buffer overflow
C. Denial of service
The purpose of an attack against access controls is to gain access to a system. Brute force and dictionary attacks are both password cracking methods. Although commonly used in denial of service attacks, a buffer overflow attack can exploit vulnerabilities or flaws in certain applications and protocols that will allow unauthorized access
Which of the following access control models addresses availability issues?

A. Bell-LaPadula

B. Biba

C. Clark-Wilson

D. None of the above
D. None of the above
Bell-LaPadula addresses confidentiality issues. Biba and Clark-Wilson address integrity issues
Sensitivity labels are a fundamental component in which type of access control systems?

A.Mandatory access control

B.Discretionary access control

C.Access control lists

D. Role-based access control
A. Mandatory access control
The fundamental components in discretionary access controls are file (and data) ownership and access rights and permissions. Access control lists and role-based access control are types of discretionary access control systems