Access Control Flashcards

1
Q

DAC

A

Discretionary Access Control:
The access control policy is determined by the owner
DAC is used commonly

  1. Every object in a system must have an owner
  2. Each owner determines access rights and permissions for each object
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

MAC

A

Mandatory Access Control:
An access control policy where the computer system determines the access control for an object

MAC relies on security labels being assigned to every user (called a subject) and every file/folder/device or network connection (called an object)

Data labels create trust levels for all subjects and objects

MAC is implemented through the Rule-based and the Latticebased access control methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Rule-Based Access Control

A

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Lattice-Based Access Control

A

Utilizes complex mathematics to create sets of objects and subjects to define how they interact

Mandatory Access Control is a feature in FreeBSD & SELinux

Only in high security systems due to its complex configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

RBAC

A

Role-Based Access Control:
An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single data label to define the permission level

Power Users is a role-based permission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ABAC

A

Attribute-Based Access Control:
An access model that is dynamic and context-aware using IF-THEN statements

Most specific/detailed access control

If Jason is in HR, then give him access to \fileserver\HR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

chmod

A

chmod 760 filename

Bash command used to change file permissions

R (Read) = 4
W (Write) = 2
X (Execute) = 1

7 = Owner can RWX
6 = Group can RW
0 = All Users (no access)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Privilege Creep

A

Occurs when a user gets additional permission over time as they rotate through different positions or roles

Privilege creep violates the principles of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Permissions

A

Permissions are inherited by default from the parent when a new folder is created

Any permissions added/removed from the parent folder will pass to the child by default too!

Use Groups for roles and do not assign users directly to a folder’s permissions

If you copy a folder, then permissions are inherited from the parent folder it is copied into
If you move a folder, then permissions are retained from its original permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly