Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
70 Cards in this Set
- Front
- Back
|
Define Identification |
.A key part of any access control system, because if we can't identify individuals, everyone is anonymous, which means there is now way to control access to resources. .Differentiating between users to grant access to some users while denying others. Identification occurs when a user professes, or claims an identity by presenting it to a system. .Can be defined as simply a user's name, which then is validated by providing additional authentication such as a password. |
|
|
What three steps are neccessary for a user to access a resource? |
1. Users claims an identity by presenting a user name, (Identification) 2. Which is authenticated by validating a password. (Authentication) 3. Access Controls such as permissions authorize the user to access the resources. (Authorization) Identification>Authentication>Authorization |
|
|
is the process of proving an identity that he or she has claimed |
Authentication-proves that the person who is attempting to logon is who the person claims to be .Ex: Having a user provide a logon name (identification) to profess an identity and then using a password for authentication. |
|
|
What are the two primary controls used by most access control systems? |
Identification and Authentication. |
|
|
What are the three factors of Authentication? |
1. Something you know- This includes knowledge, such as passwords, personal identification numbers (PINs), your mother's maiden name, or even personal information such as the name of a pet. 2. Something you have- This includes items such as proximity cards, smart cards, hardware tokens, and identification badges. 3. Something you are- This includes the use of biometrics to authenticate an individual based on fingerprints, retina scans, and other facial characteristics, keystroke dynamics, and handwriting. |
|
|
Something you know is the simplest type of authentication. Passwords are the least secure method of authentication. How can we increase password security? |
. Use Strong Passwords- uses a combination of different character types, upper & lower case letters, numbers, and symbols. Don't include usernames, logon names, PII, or any easily found words in dictionary. . Don't Write Passwords down . Change Password often- passwords should be changed at least every 90 days. . Never give your password out . Audit Passwords- ensures that passwords are strong, have a minimum length, meet complexity requirements, and have a min and max age. |
|
|
Something you have includes? |
Proximity cards, smart cards, hardware tokens, and identification badges...etc. All these increase the security of authentication. |
|
|
Includes data electronically emebedded within the device. It doesn't have power, but has an inductor that can be electrically excited when it passes through a magnetic field, which provides the device with enough power to transmit data to the nearest receiver |
Proximity Card- when passes over the proximity card reader, the card's electronics are activated and it transmits your data to the card reader. .A proximity card reader is very tamper-resistant when properly installed. .Ex: Some ID badges include proximity cards to activate electronic door locks, which can provide access to a secure area and record entries and exits. |
|
|
Is a small card about the size of a credit card that has an embedded certificate used to identify the user. |
Smart Cards .Users insert the card into smart card readers that read the data on the card. .Since smart cards are easily lost or stolen, most smart authentication systems also require a PIN or password.
|
|
|
What is a two-factor or multifactor authentication? |
Requiring something you have (smart card, tokens..etc) with something you know ( password, pin...etc), which is more secure than just one or the other. |
|
|
Something you are includes? |
Biometrics- are used to provide authentication by using characteristics of a person using things such as: .Fingerprints .Face Recognition .Voice Recognition .Retinal and Iris scans .Keystroke Dynamics .Handwriting Analysis
|
|
|
Biometrics has the potential for erros, and when considering a biometric authentication system, it is important to understand that there are different error types and accuracy of the sytem. This error refers to the percentage of times a biometric falsely rejects a know user and instead indicates that the user is unknown? |
FRR(False Reject Rate) |
|
|
Biometrics has the potential for erros, and when considering a biometric authentication system, it is important to understand that there are different error types and accuracy of the sytem. This error refers to the percentage of times a biometric systems falsely identifies an unknown user as a known user? |
FAR(False Accept Rate) |
|
|
Biometrics has the potential for erros, and when considering a biometric authentication system, it is important to understand that there are different error types and accuracy of the sytem. This identifies the point where the FAR and FRR of a biometric system are equal or cross over each other on the chart. |
CER(Crossover Error Rate) .A lower CER indicates a better performing biometric system. |
|
|
What are the three primary performance measuremeants used in biometrics? |
1. FAR 2. FRR 3. CER. . Systems with low CERs are more accuracte than systems with high CERs . Organizations weigh what's more important to it and adjusts the system to accept more of one type of error than another. FARs must be as close to zero as possible, and it is acceptable to have a higher FRR where known users are occassionally rejected as unknown |
|
|
Is a combination of two of the three factors or a combination of all three factors. |
Multifactor Authentication . Smart Card, Proximity Card, ...etc (something you have) and a PIN (something you know) . Fingerprint, Retina, Iris (something you are) and a Password or PIN (something you know) . Hardware token (something you have) and a Fingerprint, Retina, Iris (something you are) etc...etc... |
|
|
A user authenticates once and then the system uses the same credentials when the users accesses any resource in the organization. |
SSO . Increase security, because users only have to remember a single password . Ex: Kerberos and Federated Access Systems |
|
|
A vendor-neutral authentication protocol, that uses a complex process of issuing tickets to authenticated accounts and then uses the tickets to access resources. |
Kerberos . Uses symmetric encryption to protect the confidentiality of the Kerberos transmissions. |
|
How does the Kerberos process work? |
1. The client sends an authentication request to the Kerberos server (Authentication Server) 2. After authenticating the client with a database (Active Directory), Kerberos creates symmetric key that will only be known to the client and the Kerberos Server (Authentication Server). It encrypts the symmetric key and a time stamped TGT to the client. 3. When the client wants to access resources on a target server on the network (file server...etc), it sends the TGT to the ticket granting server (TGS) with the name of the target server and service attached. 4. The TGS replies with a ticket (session ticket) that can be used to communicate with the target server. The TGS also provides a symmetric key used to encrypt communication between the client and the target server. 5. The client presents the time-stamped session ticket to the target server as authentication. 6. The target server verifies the ticket, and can also provide authentication back to the client. . The tickets are encrypted with symmetric encryption and include time stamps when transferred over the network, thus meaning they can't be easily read. The time stamp limits the lifetime of the ticket and prevents an attacker from intercepting a ticket on the network to use in a replay attack |
|
|
Allows users in different networks to log on only once even if they are accessing multiple systems. The systems can be different OS managed and owned by differnet organizations. |
Federated Access . A federated database provides central SSO authentication, including the identity information of users, but not passwords. |
|
|
What are two other SSO technologies besides Federated Access and Kerberos? |
. Secure European System for Application in a Multivendor Environment(SESAME)- used in Eurpoean countries and is an alternative to Kerberos . KryptoKnight- alternative to Kerberos, doesn't have as much network overhead as Kerberos |
|
|
What is decentralized authentication? |
. Every computer has a separate database that stores credentials. . If a user needed to logon to multiple computers in this network, he/she would need to have multiple sets of credentials-one for each system. |
|
|
What is centralized authentication? |
. Credentials for users are stored on a central server . Any user is able to log on to the network once and then access any computers in the network as long as the user has permissions.
|
|
|
What is offline authentication? |
. Allows users who have logged into the system at one time to still log in even when they are disconnected from a network. . In a Windows environment, the system caches domain credentials, which are stored as a hash and later compared to the hashed credentials he enters in when offline. . Users can't access network resources while using cached credentials, only locally stored resources. |
|
|
What are OTPs and why are they useful? |
. One-Time Passwords are created to be used only once, and because it it is used only once, there is little risk of the password being reused, even if an attacker captures it, while it is transmitted. . These are useful when passwords are transmitted across untrusted networks such as the Internet. Prevents attackers from using sniffers successfully. |
|
|
What is an example of an OTP? |
. Token-based authentication. Hardware tokens are small devices, held by a user, that displays a number that changes every 60 seconds and is synchronized with an authentication server that knows what the number is on the token at any given time. . Since the token is synchronized with a server based on time, It is a synchronous OTP. . Examples: 1. Synchronous Hardware Tokens 2. One Time Passwords in Everything (OPIE) 3. S/KEY. S/KEY and OPIE use MD4 and MD5 hashing algorithms.
|
|
|
How can we use a OTP in multifactor authentication? |
. When a user logs into a website or domain, they will enter the number in the token (as a OTP), along with their username and password. . The user has the hardware token (something you have) and uses his/her password (something you know) |
|
|
What is One Time Password in Everything? (OPIE) |
. is a mature, Unix-like login and password package installed on the server and the client . OPIE uses an MD4 or MD5 hash function to generate passwords. OPIE can restrict its logins based on IP address. It uses its own passwd and login modules . OPIE implements a one-time password (OTP) scheme based onS/KEY, which will require a secret passphrase (not echoed) to generate a password for the current session, or a list of passwords you can print and carry on your person.
|
|
|
What is S/KEY |
. based on S/KEY, which is designed to counter eavesdropping and replay attacks. Only a single use password crosses the network, the user's secret phrase/password never crosses the network, including during login or executing other commands requiring authentication . Added security is provided by the property that no secret information need be stored on any system, including the host being protected. Protects against external passive attacks against the authentication subsystem, but does not prevent a network eavesdropper from gaining access to private information. . Does not provide protection against "inside jobs" or against active attacks where the potential intruder as able to intercept and modify the packet stream. |
|
|
Why is it neccessary to implement Access Controls? |
. To control or restrict access to resources which can be logical such as, files and folders or physical such as facilities. . Access Control stars with Identification and Authentication, and once individuals have been reliability authenticate, we can control their access. |
|
What is the difference between subjects and objects? |
. Subject- Accesses a resource. . Object - is the resource being accessed. . Example: If a user accesses a project file stored on a server, the user is the SUBJECT and the project file is the OBJECT. . 1. First we ensure that subjects are authenticated to validate their identity. . 2. Then use access controls (permissions) on the objects to control and restrict their access to the objects. |
|
|
How can an entity be both a subject and object? |
. A user requesting a web page from a server is clearly the subject. . Similarly the web pages served by a server are objects. . However the "web server", or more specifically the " web server application", on the server, is retrieving data from the backend database protected behind a firewall to build the page, thus making the web server or web server application also a subject/object for the user and the database the object for the web server/application. |
|
|
What are examples of subjects? |
Users Computers/Systems Applications Processes Networks Authorized/Unauthorized users . We can create accounts to represent most subjects such a user and computer accounts in most networks. . An access control subject is an entity that request permission to cause data to flow to the access control subject or between access control objects . Many applications use service accounts to access resources. . We then create ACLs, to assign permissions to these accounts for any object they need to access. |
|
|
What attributes can be applied to subject to control further access to objects in an Access Control System? |
Time- can restrict users to logon on to a system during working hours, temporal Remote Access Attribute- control remote access through NPS or bypassing it. Location- can allow users to work from home using a VPN connection, but can also restrict users from connecting from other locations. The Callback option can be configured to call back to a user's phone number, and if the user isn't at that number, the connection fails. Inside or outside a network Account usage |
|
|
What are examples of objects? |
. Data (stored in files, folders, and shares) . Hardware (PCs, servers, and printers) . Applications (ex: web server application) . Networks (Internet connection or Internal connection) . Facilities. .Most objects allow various levels of access, such as allowing a user to view resource, but not modify it, or allowing employees to access a physical resource like a building, but restricting access to secure server rooms. .It is best practice to store objects that require the same level of access requirements together to simplify administration . An access control object is a passive entity that typically receives or contrains some form a of data, such as in the form of a file, program, or resident within system memory. |
|
|
What are logical access controls? |
. Implemented with technologies that usually use a ACL, such as routers when identifying specific traffic that is allowed in or out a network or in relation to files and folders and how they use ACLs to identify who can access the resource and what level of access each user has. |
|
|
What is the Security kernel? |
Within IT systems, this is the part that does much of access control work, and is the central part of the operating system that controls access to the system's resources. |
|
|
What is are example of Physical Access Control? |
. Locked Doors . Alarm Systems . Cipher Locks . Cameras and closed circuit TVs (CCTVs) . Guards |
|
|
This access control model provides the most granular level of access control, by allowing us to assign permissions to subjects at the most basic level. |
Discretionary Access Control (DAC) . NTFS (Microsoft) and NFS (Unix) use this model, which shows the permissions assigned to different subjects for specific objects (folders, files, applications, networks...etc) . Uses DACLs composed of several ACEs which show the specific access the subject has to the object. The creator of the object has full control over it (CREATOR OWNER), which allows him to also assign permissions to other users or groups. . Subjects are identified by their actual SID, which is used to control access, not their user name, which is rarely shown. |
|
|
With this access control model, security administrators control the access granted to users. |
Non-DAC . In the DAC model, users have ownersip of their resources and they also have full control of those resources. . Some OS implement the Non-DAC models for system file access, to prevent malware from taking ownership of any critical or sensitive system files or modifying permissions on any of these files. . Users still have the ability to create, manage, and own their own files using DAC, but the non-DAC model method protects the more pertinent system files. |
|
|
This access control model uses labels to identify both subjects and objects. Provides the highest level of security among the three models and is commonly used to ensure that data is proected in mission critical systems. |
MAC (Mandatory Access Control) . Is a Non-DAC model that uses labels to identify both the subject and object. . Example: The US government use these classfications for data, from highest to lowest. Top Secret Secret Confidential Unclassified |
|
How does the MAC process work? |
.Within these classifications are additional labels. .For example three Top Secret projects (object) could have additional labels of "Passed, SSCP, and Success" .There are 3 seperate users and three seperate documents, each with the appropiate labels for these Top Secret projects. .User 1 (subject) is assigned a Passed label classification which is an additional label of the Top Secret project document (object), thus allwoing User 1 to access the resource, but not the documents labeled SSCP or Success. . This model is most the most secure model when compared to RBAC and DAC. Ex: Bell-LaPudula, Clark-Wilson, Biba and Chinses Wall |
|
|
This MAC-based model used the no read up and no write down rules to enforce confidentiality, ensuring that unauthorized personnel can't access data. |
Bell-LaPudula . Simple Security property rule (no read-up) Subjects granted access to any security level may not read an object at a higher security level. Ex: Blake is granted Secret Access, therefore he can't read Top Secret Access . The * property (read as "star-property") rule (no write down) Subjects granted access to any security level may not write to any object at a lower security level. Ex: Blake is granted Top Secret Access, therefore Blake can't create or modify Secret documents. |
|
|
What are the goals and rules of the MAC-based archictecture models? |
Model Goal Rules Bell-LaPdula Confidentiality No read up, no write down Biba Integrity No write down, no read up Clark-Wilson Integrity Certification rules (C) and enforcement (E) rules. Chinese Wall Confienditality Access governened by membersh p in groups to prevent conflicts of interest.
|
|
|
This MAC-based model, enforces Integrity to ensure that data isn't modified, unlike the Bell LaPudula model (which enforces Confidentiality) and includes two rules that are reversed from the Bell-LaPudula model. Uses the no read down and no write up rules. |
Biba .Simple Integrity Axiom (no read down) Subjects granted access to any security level may not read an object a lower security level, at least not as the authoritative source. Ex: A captain of a ship can read orders from an admiral and consider them authoritative and actionable. However if a seaman recruit tries to issue orders to the captain, the captain won't read them as authoritative. . The * Integrity Axiom (read as "star Integrity Axiom" (no write up) Subjects granted access to any security level may not write to any object at a higher security level. Ex: The seaman recruit can't write orders for the captain of the ship, whereas the captain can't write orders for the admiral. |
|
|
This MAC-based model's primary goal is information integrity, and uses certification rules (identified as C1 through C5) and enforcement rules identified as (E1 through E4) to enforce the principle of separation of duties. |
Clark-Wilson . Ensures that different people perform the separate tasks independently. . The certification rules are the integrity-monitoring rules, and the enforcement rules are integrity-preserving rules
|
|
|
This MAC-based model is primarily used in financial service organizations and helps prevent a conflict of interest. |
Chinese Wall . Both the Clark-Wilson and the Chinese Wall model can be used to enforce the principle of separation of duties . provides a barrier between two groups of employees by classifying data. If a subject has access to one to data in one class, he/she can't access data in a conflicting class. Ex: Simple as classifying data as trader data and advisor data. . Because there is a potential conflict of interest, any trader who access to the trader data is block from accessing the advisor data |
|
|
this model uses roles to determine access. |
RBAC (Role-based Access Control) . Subjects are placed into specific roles and object permissions re granted to those roles . Doesn't provide the granularity offered by DAC, but it is easier to implement for larage groups of people. . Organizations can add various security principals to different roles and assign permissions are granted to the certain roles. If a new user is added to the role, the permissions are automatically configured. |
|
|
RBAC is sometimess referred to as Rule-Based Access Control. Why? |
The term refers to ACLs on a router or firewall implemented as security rules. |
|
|
Refers to managing accounts and access to resources by these accounts. |
Identity Management . Accounts should be disabled, and once determined that it's no longer needed, deleted. . Adding and removing privileges as user's job tasks change and as needed. . Privileges include both rights and permissions. Rights are the actions that an account can take on a system (backing up files, changing the time...etc) Permissions identify what a user can do with resources such as reading, writing...etc |
|
|
Identity Management includes provisioning accounts, which is ? |
. Creating accounts for users and granting the account appropriate privileges. . Using groups to grant privileges like RBAC |
|
|
Ensure that users create strong passwords and change them regularly. |
Password Policies
. Password Complexity- using different types of characters in a password . Password History- remembers a certain amount of passwords used by a user to prevent them from reusing passwords. . Minimum password age- how long the user has to keep the password before changing it. Prevents users from changing their password multiple times to return to a previously used password. |
|
|
Locks out an account after too many failed lognon attempts. The goal is to prevent attackers from guessing passwords. |
Account Lockout Policies . Threshold- how many incorrect passwords are allowed. . Duration- identifiies how long the account is locked out. |
|
|
Includes disabling and deleteing inactive accounts, which is a part of account maintenance, and removing privileges when they are no longer needed. |
De-provisioning . Security Groups and RBAC provide significant benfits related to deprovisioning simply removing security principals from roles if they are no longer a part of the organization or they have been transferred to a different department. . Removing a user from a group, immediately removes all the privileges assigned to the group for that user. . Account de-provisioning is an important part of identity management, because when not managed, users get more and more permissions, violating the principle of least privilege. |
|
|
Refers to the privileges granted to users, and following the principle of least privilege is an important part of this. |
Entitlement
. It's important to consider accounts that have elevated permissions, therefore many organizations require administrators to maintain two accounts. . One account for day-to-day use and have limited privileges, similar to any regular user, and one for performing administrative work. . If a user is logged on with administrative privileges, malware can elevate its privileges to the same level and take actions as an administrator. |
|
|
Referes to any type of computing services provided over the Internet. |
Cloud Computing . SaaS, Paas, and IaaS. |
|
|
Provides users with access to software or applications over the Internet. Users access the applications using a web browser providing support for different operating systems. |
Software-as-a-Service (SaaS) . Ex: Gmail, Google Docs, and other type of files, such as presentations, and word processing documents
|
|
|
This cloud computing method allows users to rent access to hardware such as servers and networking infrastructure, which are maintained by the cloud provider. |
Infrastructure-as-a-Service (IaaS) . The user can manipulate this hardware in any way desired, but maintenance of the hardware is completely on the cloud provider.
|
|
|
Provides users with an Operating System available over the Internet, without the need for users to purchase the hardware and software. |
Platform-as-a-Service (PaaS) . Users can use this to develop their own applications and make them available over the Internet. . Ex: Amazon with Cloud Computing Services and Google with its Google App Engine. |
|
|
This is a known attack against virtual systems. If successful, an attacker can access the host system and all virtual systems within the host. |
VM Escape |
|
|
What is the best way to provide confidentiality when trying to protect your data in the cloud. |
Data should be encrypted on the client end and not in the cloud. In other words we want to store encrypted sensitive data, before posting it to the cloud. |
|
|
The attributes of a subject are refererred to as ______ and ______, and when these attributes are matched against the control attributes of an object, privilege is either granted or denied. In a typical access control system, what additional subject-specific requirement may be included? |
Privilege attributes and sensitivies 1. A secure default policy should be applied to any newly created objects. 2. The attributes of the subject, should not be expressed in terms that can easily be forged such as an IP address. 3. The system should provide for a default deny on all permissions for the subject, thereby requiring that access to any object explictly created by an Administrator. 4. In the absence of the policy for a given subject, the default policy should be interpreted as default deny. 5. A user ID should remain permanetly assigned to a subject. |
|
|
What is access control? |
. Systems that provide for the ability to control who can do specifically what with respect to data, applications, systems, networks, and physical spaces. . Access control systems grants system users only those rights neccessary for them to perform their respective jobs. . For any access control subject to obtain access to any access control object, it must first accomplish three steps. Identification>Authentication>Authorization. |
|
|
What are typical access control object considerations? |
1. It should restrict access to OS configuration files and their respective directories to authorized administration. 2. Disable write/modify permissions for all executable files. 3. Ensure that newly created files inherit the permissions of the directory in which they were created. 4. Ensure that these subdirectories can't override the permissions of parent directories unless specifically required by policy. 5. Log Files should be configured to only permit appending data to mitigate the risk of a log files's contents being purposely deleted or overwritten by a maliciuos user or process. 6. Encryption of data at rest can afford additional security and should be a consideration in the determination of the policies for access control objects. |
|
|
Discretionary controls whereby the owner has the discretion to determine the rules to facilitate the access. |
Rule-Set-Based Access Controls Works at the kernel level and affords flexible access control based on several modules. 1. Mandatory Access Control module. 2. Privacy module (PM) 3. Function control module (FC) 4. File Flag module (FF) 5. Malware scan module 6. Role Compatibility module (RC) 7. Function Control module (FC) 8. Security Information Modifiication module (SIM) 9. Authentication module (Auth) 10. Access Control List module (ACL) |
|
|
Is a methodology that restricts the user's actions to specific functions by not allowing them to request funcitons that are outside of their respective level of privilege or role. |
Constrained User Inteface (CUI) |
|
|
Restricts or limits an access control subject's to view or act on components of an access control object based on the access control subject's assigned level of authority |
View Based Access Control (VBAC) . Views are dynamically created by the system for each user-authorized access. . Separates a given access control object into subcomponents and then permits or denies access for the access control subject to view or interact with specific subcomponents of the underlying access control object. |
|
|
Used to protect databases containing sensitive information. Works by permitting or denying access to objects based on the explicit content within the access control object. |
Content-Dependent Access Control (CDAC) . High levels of privacy protection are attainable, but it comes with the cost of a great deal of labor in defining the respective permissions. . Comes with a great deal of overhead in processing power as a arbitrary program must scan the complete record to determine if access can be granted to a given access control subject. |
|
|
Primarily used for firewall applications to extend the firewall's decision-making process beyond basic ACL decisions to decisions based on state as well as application-layer protocol session information. |
Context-Based Access Control . Static packet firewalls are good examples of firewalls that don't use CBAC. They look at each packet and compare the packet to an ACL rule base to determine if it is allowed or not. . Stateful inspection firewalls are good examples of firewalls that "do" use CBAC. The firewall considers the state of the connection. If a packet arrives that is part of a continuining session, and it was previously permitted access through the firewall; then subsequent packets that are also part of the session are allowed to pass through without the additional overhead associated with comparing the packet to the ACL rules . CBAC affords a significant performance enhancement to a firewall and isn't concerned with the content but moreso the context or the sequence of events leading to access. . Could be used to limit the number of request for access, doesn't require permissions to be configured for individual access control objects, but does require that rules be created in relation to the sequence of events that precede an access attempt. |
|
|
Used to enhance or extend the capabilities of RBAC implementations. |
Temporal Isolation (Time-Based) Access Control. . The combined methodology is referred to as Tempororal Role Based Access Control (TRBAC) . TRBAC applies a time limitation to when a given role can be activated for a given access control subject |
