AAA Flashcards

1
Q

Terminology - AAA

A
  • Authentication: Process of verifying someone’s identity
  • Authorization: Capability decision process – we know who you are, but can you do with your access
  • Accountability: Process of tracking activity, what did the authorized person do
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Authentication
- problems and rules for passwords
- ways passwords are discovered
- different forms of authentication
- MFA

A
  • Something that you know
    o Credentials are the #1 sought after data
    o The most common form of authentication is information that you know – the password rule, unfortunately, are really challenging to implement
    o Passwords are really expensive as long-form passwords result in user training, help desk time unlocking accounts, lost productivity due to locked accounts, which all adds up (think of web surfing costs)
    o Consequently, because password rules are challenging, 123456 is the most common password
    o The common training is that good passwords are upper and lower case, special characters, numbers, and above 8 characters – because of this, and you’re supposed to have a different password for each account, how are you supposed to remember all of that?
    o You can do true passphrases whereby you write something you know and add characters and numbers in between like – LebRon6James23!
    o Ways passwords are discovered:
     Interception over a network
     Brute force guessing until the correct one is found
     Keylogging to intercept a password when they are entered
     Data breaches
    o Security questions – most people will input the actual true answer, but other people that you don’t want into your account can also find your information – you can put a fake mother’s maiden name because if actors compromise one account and ger your security answers they will work for other accounts
  • Something that you have:
    o A device that you hold in your hand
    o Token-based authentication – one time password system defeats a replay attack
     The issue with all of this is that loss may disable use
    o Other examples are maybe another phone or smart device that’s trusted
  • Something that you are:
    o Biometric processes have the registration and usage phases
    o Examples include fingerprints, face recognition, voice recognition
  • MLA: Anytime that you use something you know, have, and are – when you combine two or more of these together you have multi-factor authentication. This will always make it harder to defeat and more secure.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Authorization
- subject and object
- discretionary access control
- group based access control

A
  • Subject and object: The subject is anything/anyone that is trying to access something else – whereas the object is the thing the subject is trying to access. When a user on the system tries to aces a file, the user is the subject and the file is the object.
  • Discretionary access control: Every object in the computer has a subject user account assigned as the owner of the file. They operate on implicit deny where the owner of the file can change the permission and grant access to other users. Discretionary because the change in permissions is at the discretion of the file’s owner.
  • Role-Based access control: The active directory domain controller creates a user group and you create an account and place an account in the group. For example, the accounting group affiliation grants all the stuff you need to do your work, when a new accountant is hired you place them in that group. This is a good and easy way for managing access and requires little thought – but on the other side it violates the principle of least privilege… if someone is placed in the accountant group but is in accounts receivable, they would still have access to accounts payable files even though they don’t need to do that to perform their duties.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Accountability
- logging and auditing

A
  • Logging and auditing: We went to the trouble of authentication then controlled access, now the logs tell us what really happened. You go into the logs to see what is abnormal, for that you need to be able to define what normal is. Security incident event management systems (SIEMs) tell you the logs and produce trend reports.
  • For example, by regularly monitoring logs you can create a baseline of how many password log-in attempts it takes to sign in, and then you can create an abnormality if someone attempts 40 passwords
How well did you know this?
1
Not at all
2
3
4
5
Perfectly