Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSF Finals > Access Control > Flashcards

Access Control Flashcards

1
Q

What is access control?

A

Access control authenticates and authorize individuals to access information that they are allowed to see & use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 3 authentication categories?

A
  • Knowledge (password)
  • Token (cards)
  • Biometrics (fingerprints)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some problems with knowledge-based passwords?

A
  • Reused passwords
  • Modified passwords for reuse
  • Using easily guessed passwords
  • Shared passwords
  • Written passwords
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the problem with password managers?

A
  • Single point of failure

- Runs in memory, can be leaked via memory forensic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are three forms of password attacks?

A
  • Bruteforce
  • Dictionary
  • Social Engineering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the issue with Single Sign-On systems?

A

Single point of failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some threats with 2FA?

A
  • Phishing website that steals session cookies

- Zeus/MITM attack that steals 2FA data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the issue with graphical passwords?

A
  • Low password space
  • Shoulder surfing
  • Smudge attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are tokens?

A
  • Physical device to aid authentication
  • Stores credential on device, successful authentication gives access to said credentials.
  • Ledgers, bank tokens, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are smart cards?

A
  • Cards embedded with microprocessor with computational & storage capabilities
  • Store info (PIN)
  • Securely communicate with endpoint such as card reader
  • Tamper resistance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are RFID tags?

A
  • Radio Frequency Identification Tags
  • Integrated circuits with antenna that can respond to RF signal with identity information
  • Susceptible to MITM or side-channel attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are biometrics?

A
  • Physical or Behavioural traits of a person used as authentication and identification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 4 requirements of characteristics as a biometric?

A
  • Universality: everyone should have that characteristic
  • Distinctiveness: any two person should be sufficiently different
  • Permanence: characteristic should be invariant
  • Collectability: can be measured quantitatively
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How is accuracy measured in biometrics?

A

False acceptance rate should be 0 and true acceptance rate should be 1.

Receiver Operating Characteristic shows trade off between FAR and TAR.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some iris scanning characteristics?

A
  • 256 unique characteristics, patterns are sufficiently different even with genetically identical twins.
  • FAR is 1 in 10 million.
  • Not very invasive like retinal but costlier than fingerprint
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are some retinal scanning characteristics?

A
  • 400 unique characteristics
  • 70 times more accurate than iris, 20,000 times more accurate than fingerprint.
  • Very invasive and takes long time, glaucoma might affect, less permanence.
  • Very expensive
17
Q

What are some fingerprinting characteristics?

A
  • Super unique, 1 in 64 billion chance of match.
  • Permanence is high.
  • FAR is 1 in 100,000 for smart phones.
  • Cheap
18
Q

What are some facial recognition characteristics?

A
  • Non-intrusive
  • Less permanence
  • FAR is 1 in 1 million
  • More expensive than fingerprint, cheaper than rest.
19
Q

What are the pros and cons of multi-factor authentication using biometric?

A

Pros:

  • Unique data harder to crack as biometric has super high variation
  • Fast & convenient as biometric requires a few seconds at most.
  • Scalable: biometric mFA solutions easily and flexibly accept new user data

Cons:

  • Unrecoverable if compromised as once stolen, we cannot change the factors of our biometric (how to change face?)
  • New & expensive: recent & requires new software + hardware
  • Privacy: how is biometrics stored and what if it is exposed?
20
Q

What are the 3 types of access control systems?

A
  • Discretionary Access Control
  • Role Based Access Control
  • Mandatory Access Control
21
Q

What is discretionary access control?

A
  • Assign rights based on rules specified for different users (Read, Write, Execute - RWX).

Owner Group World
RWX RWX RWX

22
Q

What is role-based access control?

A

Assign rights based on organization roles allows the organization to address the principle of least privilege.

Individual only needs the access they need since access connected to their job role / scope.

23
Q

What is mandatory access control?

A

Access to resource objects controlled by the OS based on sysadmin configured settings.

24
Q

What is the principle of least privilege?

A

PLOP requires limiting privileges to the minimum necessary to perform the job or task.

Reduces the risk of unauthorized access.

CSF Finals (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions