Authorization and Access Control

Question 1

Authorization

Answer 1

Process of determining exactly what an authenticated party can do

Question 2

Access controls

Answer 2

Tools and systems you use to deny and allow access

Question 3

What are the four basic tasks of access controls?

Answer 3

Allowing access
Denying access
Limiting access
Revoking access

Question 4

Sandbox

Answer 4

Isolated environments containing a set of resources for a given purpose

Question 5

What are the two main uses of sandboxes?

Answer 5

Prevent contents of sandboxes from interacting with resources they shouldn’t
Contain things you don’t trust, eg, code from public websites

Question 6

What are the two main methods of implementing access controls?

Answer 6

Access Control Lists, ACLs or ackles
Capabilities

Question 7

Access control list

Answer 7

Contains information about what kind of access certain parties are allowed to have in a given system
Often part of application or OS software
Ex: Badge readers

Question 8

What are the two types of ACL?

Answer 8

File system ACL
Network ACL

Question 9

What are the three types of permissions in file system ACLs?

Answer 9

Read
Write
Execute

Question 10

Characteristics of Network ACLs

Answer 10

Filter access based on identifiers used for network transactions, such as Internet Protocol (IP) addresses
Permissions are binary, not RWX
Grant permissions to traffic rather than users

Question 11

What are three main identifiers network ACLs use to filter traffic?

Answer 11

Media access controls
IP addresses
Port

Question 12

Media access controls (context: network ACLs)

Answer 12

Unique identifiers hard coded into each network interface in a given system
Easily changed

Question 13

IP addresses (context: network ACLs)

Answer 13

Unique address for a computer
ACL can filter single address or range of addresses
Can be falsified

Question 14

Port (context: network ACLs)

Answer 14

Numerical designation for one side of a connection between two devices
Ports are used as a convention, not by rule, ie, can be changed

Question 15

Socket

Answer 15

When an ACL uses both an IP address and a port, it is called a socket

Question 16

Confused deputy problem

Answer 16

When software with access to a resource (the deputy) has greater level of permission to access the resource than the user who is controlling the software

Question 17

Cross-site request forgery (CSRF)

Answer 17

Example of confused deputy problem
If attacker knows of a website that had already authenticated user, he can embed a link in a web page or HTML email, such that when the target’s browser attempts to retrieve the image, it also executes additional malicious commands

Question 18

Clickjacking, AKA user interface redressing

Answer 18

Example of confused deputy problem
Attacker, who has control over some portion of a website, puts invisible layer over something the user would normally click. When user clicks, client executes command that is different from what user is expecting

Question 19

Blackholing

Answer 19

Filtering large swaths of IP addresses

Question 20

Capabilities

Answer 20

Can define permissions based on a user’s token or key, AKA capability
Relies purely on possession of token, not who possesses it
Not susceptible to confused deputy

Question 21

Access control model

Answer 21

Way of determining who should be allowed to access what resources

Question 22

Common access control models (6)

Answer 22

Discretionary access control
Mandatory access control
Rule-based access control
Role-based access control
Attributes-based access control
Multilevel access control

Question 23

Discretionary access control (DAC)

Answer 23

owner of the resource determines who gets access and the level of access they get

Question 24

Mandatory access control

Answer 24

Owner doesn’t decide–separate group or individual decides
Ex: government organizations label resource based on sensitivity level

Question 25

Rule-based access control

Answer 25

Allows access according to a set of rules defined by the system administrator

Question 26

Role-based access control (RBAC)

Answer 26

Allows access based on the role of the individual being granted access

Question 27

Attribute-based access control

Answer 27

Access based on specific attributes of a person, resource, or environment

Question 28

What are the three kinds of attributes in attribute-based access control?

Answer 28

Subject attributes Resource attributes Environmental attributes

Question 29

Subject attributes

Answer 29

Belongs to individuals Ex: Must be this tall to ride, CAPTCHAs

Question 30

Resource attributes

Answer 30

Belong to a resource, such as an application or operating system Ex: some software only works on certain OSes, some websites only work on certain browsers

Question 31

Environmental attributes

Answer 31

Can enable access controls based on environmental conditions Ex: time of day, time limits until required reconnection for authorization

Question 32

Multilevel access control

Answer 32

Access control model that combines several of the common access control models discussed

Question 33

Bell-LaPadula model

Answer 33

Multilevel access control Opposite of Biba model Combines discretionary and mandatory access control models Concerned with confidentiality of resource in question Involves two security properties: simple security property and * property AKA star property

Question 34

Simple security property

Answer 34

Individuals cannot read resources at a higher level but can access and read resources at a lower level No read up

Question 35

* Property, AKA star property

Answer 35

Anyone accessing a resource can only write (or copy) its contents to another resource classified at the same level or higher No write down

Question 36

The Biba Model

Answer 36

Multilevel access control Opposite of Bell-LaPadula model Concerned with protecting the integrity of data, even at the expense of confidentiality, ie, more important to keep people from altering data than accessing it Two security principles: simple integrity axiom and *integrity axiom (star integrity axiom)

Question 37

Simple integrity axiom

Answer 37

Access to one level does not grant access to lower levels No read down

Question 38

* integrity axiom

Answer 38

Can only write (or copy) contents to a resource classified at same level or lower No write up

Question 39

Brewer and Nash model

Answer 39

Multilevel access control Designed to prevent conflicts of interest Once a user accesses certain materials he would not be able to access materials that would create a conflict of interest 3 main resource classes: objects, company groups, conflict classes

Question 40

Objects (context: Brewer and Nash model)

Answer 40

resources, such as files or information, pertaining to a single organization

Question 41

Company groups (context: Brewer and Nash model)

Answer 41

All objects pertaining to an organization

Question 42

Conflict classes (context: Brewer and Nash model)

Answer 42

All groups of objects concerning competing parties

Question 43

Physical access controls

Answer 43

Concerned with controlling the movement of individuals and vehicles Common concern: tailgating

Question 44

What are the two types of user accounts in Windows?

Answer 44

Local user account Domain user account

Question 45

Local user account

Answer 45

Restricted to the operating system on which it was created Ex: home users or small network without Active Directory server

Question 46

Domain user account

Answer 46

Used to access resource on a domain Ex: file shares Centrally managed through a system known as Active Directory, which is installed on a server called a domain controller

Question 47

Domain controller

Answer 47

Used for authentication and authorization of the users on a network

Question 48

What are the two ways by which domain users can be managed?

Answer 48

Active Directory Users and Computers PowerShell

Question 49

Active Directory Users and Computers

Answer 49

Graphical tool by which domain users are managed