Access Control Flashcards
What is DAC?
Discretionary Access Control - the owner sets the permissions on who can access data
What is MAC?
Mandatory Access Control - the computer system determines access control. Relies on labels such as high trust, medium trust, low trust etc.
What is considered to be the most secure access control model?
MAC - Access cannot be altered by any user but only a centralized system administration, resulting in defined, confidential, and well-protected data.
What is RBAC?
Role Based Access Control - similar to MAC where it is controlled by a system but utilizes a set of permissions instead of a single data label such as “high trust”
What is ABAC?
Attribute Based Access Control - dynamic model of access control that is context aware using conditional statements
What is the concept of implicit deny?
All access controls should deny by default and only allow access when explicitly stated
What is the concept of separation of duties?
When more than one person is required to conduct a sensitive task or operation. Ex: launching a nuke requires more than one person
Why would an organization implement job rotation?
Increases security and accountability. For example: if bob is rotated out of his job and alice comes in to fill his role, she can discover if bob has been doing anything that would be considered fraudulent, compromise security, harm the organization etc.
What program would you use to change permissions in linux?
chmod
In chmod, what do the numbers 4, 2 and 1 represent?
4 = R - read
2 = W - write
1 = X - execute
Can you combine numbers in chmod?
Yes
In chmod, if you have the number 760 what does it mean?
7 - owner can R,W,X
6 - group can RW
0 - all users have no access
What are the permissions categories in linux?
Owner - U
Groups - G
All Users - O or A
What is privilege creep?
When a user gets additional permissions over time as he rotates through different roles
Permissions are inherited by default from the parent when a new folder is created - True or False?
True
