Access Control Flashcards

1
Q

Access Control

A

Methods used to secure data and information by verifying a user has permissions to read, write, delete, or otherwise modify it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Access Control Models

A

Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Rule-based Access Control
Lattice-based Access Control
Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Discretionary Access Control (DAC)

A

• The access control policy is determined by the owner
• DAC is used commonly
• 1. Every object in a system must have an owner
• 2. Each owner determines access rights and permissions for each object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Mandatory Access Control (MAC)

A

• An access control policy where the computer system determines the access control for an object
• The owner chooses the permissions in DAC but in MAC, the computer does
• MAC relies on security labels being assigned to every user (called a subject) and every file/folder/device or network connection (called an object)
• Data labels create trust levels for all subjects and objects
• To access something, you need to meet the minimum level and have a “need-to-know”
• MAC is implemented through the Rule-based and the Lattice based access control methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Rule-based Access Control

A

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Lattice-based Access Control

A

• Utilizes complex mathematics to create sets of objects and subjects to define how they interact
• Mandatory Access Control is a feature in FreeBSD & SELinux
• Only in high security systems due to its complex configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Role-Based Access Control (RBAC)

A

• An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single data label to define the permission level
• Power Users is a role-based permission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Attribute-Based Access Control (ABAC)

A

• An access model that is dynamic and context-aware using IF-THEN statements
• If Jason is in HR, then give him access to \fileserver\HR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Best Practices - Access Control

A

Implicit Deny
Least Privilege
Separation of Duties
Job Rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Least Privilege

A

Users are only given the lowest level of access needed to perform their job functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Separation of Duties

A

§ Requires more than one person to conduct a sensitive task or operation
§ Separation of duties can be implemented by a single user with a user and admin account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Permissions in Windows

A

• Full Control
• Modify
• Read & Execute
• List Folder Contents
• Read
• Write

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

chmod

A

§ Program in Linux that is used to change the permissions or rights of a file
or folder using a shorthand number system3

o R (Read) = 4
W (Write) = 2
X (Execute) = 1
o # chmod 760 filename
7 = Owner can RWX
6 = Group can RW
0 = All Users (no access)
o 777 allows everyone to Read, Write, and Execute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Privilege Creep

A

§ Occurs when a user gets additional permission over time as they rotate through different positions or roles
§ Privilege creep violates the principles of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

User Access Recertification

A

Process where each user’s rights and permissions are revalidated to ensure they are correct
• Hired
• Fired
• Promoted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Propagation

A

Occurs when permissions are passed to a subfolder from the parent through inheritance

17
Q

Permissions - Copy a folder

A

If you copy a folder, then permissions are inherited from the parent folder it is copied into

18
Q

Permission - Move Folder

A

If you move a folder, then permissions are retained from its original permissions

19
Q

User Account Control (UAC)

A

A security component in Windows that keeps every user in standard user
mode instead of acting like an administrative user
UAC can be disabled from the Control Panel