Chapter 1 - Access Control Flashcards

Question

Nondiscretionary Access Control

Answer 1

Based on assignment of permissions as defined by the administrator of a system

Answer 2

An access control list in the form of a table - showing what permissions a user has for various system objects.

Answer 3

Specifies the privileges granted to user s(e.g read, write) when the specific condition of a rule is met - e.g. the time a certain file can be accessed.

Answer 4

Based on job function - objects associated with a role will inherit privileges assigned to that role

Answer 5

Non-RBAC - user granted access Limited RBAC - users mapped to roles within a single application Hybrid RBAC-role applied to multiple applications or systems, but instances wheresubjects assigned to roles defined within an application FUll RBAS - roles defined by organizational policy

Answer 6

Based on content of data not roles

Answer 7

Restricting users to specific functions based on their role in the system - e.g. limiting menus, data views, encryption, etc

Answer 8

Used to match subjects and their capabilities - read, write

Answer 9

Activities may be restricted on when they can be performed

Answer 10

Assertion of a unique identity for a person or system and is the starting point of access control. - Uniqueness

Answer 11

The process of verifying the identity of the user - Validity

Answer 12

Process of defining the specific resources a user needs and determining the type of assess to those resources the user may have. - Control

Answer 13

Media Access Control - 48-bit number - machine address - now can be set in software so no longer can be considered a strong identifier

Answer 14

Logical location of a device on the IP network - assigned in software

Answer 15

Radio Frequency Identification - small label that can be embedded in almost any object - they can be read from a distance

Answer 16

globally unique - enforced by convention

Answer 17

User identification must be unique; user identification should be non-descriptive and disclose as little as possible about the user; user identification must be secure; and the final process must be logged and documented so that it can be verified and audited.

Answer 18

refers to a set of technologies intented to offer greater efficiency in the management of a diverse user and technical environment

Answer 19

Consistency; usability; reliability; and scalability

Answer 20

RADIOS and TACACS+(Terminal Access Controller Access-Control System Plus)

Answer 21

By knowledge (knows); by possession (has); by characteristic (is); and geolocation (where)

Answer 22

user id and password

Answer 23

user id, password, and fob

Answer 24

user id, password, fob, and biometric

Answer 25

typically hashed; a hash function takes an arbitrary amount of data as input and, through the use of a mathematical algorithm, will produce a unique, fixed-length representation of the data as output. Hash is a one-way function.

Answer 26

Asynchronous token - challenge response technology; sychronous is based on an event, location, or time based sychronization between the requestor and the authenticator

Answer 27

Holds information but cannot process information. e.g users swipes card and enters a PIN. Data stored on the card is not protected.

Answer 28

Embedded semiconductor chip that accepts, stores and sends information.ICC (integrated circuit card). Based on ISO 7816-2 there are 8 electrical contacts - six are currently used. Can be used in Proximity of a reader.

Answer 29

Physical (finger print) and behavioral (voice pattern). Most common -finger prints. tend to provide higher security than other methods - higher strength

Answer 30

tension in the tendons, temperature, finger length, bone length, and hand width.

Answer 31

combination of hand geometry and fingerprint analysis

Answer 32

Iris, Retina (blood vessels back of the eye), entire face (facial geometry and heat signatures

Answer 33

veins in hands or face - relatively new

Answer 34

stroke speed, acceleration, deceleration and pen pressure

Answer 35

when authorized users are falsely rejected

Answer 36

when unautorized users are falsely accepted

Answer 37

Crossover Error Rate - amount to adjust sensitivity and maximul acceptable level of change - organization will need to determine based on its overall risk tolerance

Answer 38

single instance of identification and authentication are applied to resources

Answer 39

A form of "man in the middle" attack

Answer 40

ability to determine who or what is responsible for an action and can be held responsible

Answer 41

is the ability to deny an action, event, impact or result

Answer 42

Require users to change passwords, lockout mechanisim, self-registration process aids

Answer 43

Central facility, workflow, automatic replication, facility for loading batch changes, automatic creation, change, or removal of access to system resources

Answer 44

collection of information associated witha particular identity or group.

Answer 45

centralized collection of user data

Answer 46

X.500, LightWeight Directory Access Protocol (LDAP), Active Directory and X.400

Answer 47

developed by the Interantional Telecommunications Union (ITU-IT) - initially worked with OSI to operates over TCP/IP as well. 4 protocols: Directory Access Protocol, Directory system protocol, directory information sharing protocol, and the directory operational binding management protocol. Hierarchial database with a key field of distinguished name (DN)

Answer 48

Provides simpler implementation - hierarchial, operates in client/server architecture, typically runs over unsecured network using TCP port 389. Version 3 of LDAP - suports TLS to encrypt or use of TCP port 636 over an SSL connection

Answer 49

LDAP for Micorsoft-based environments, provides central authentication and authorization capabilities - organized in forest and trees - forest is a collection of all the objects and their associated attributes and trees are logical groupings of one or more AD security domains within a forest. Domains are identified by their DNS name. Objects are grouped by Organizational units.

Answer 50

ITU-T guidelines for exchange of e-mail - known as messaging handling system. Supports message transfer and message storage - supplanted in recent years by SMTP

Answer 51

SSO reduced sign-on or federated ID management - script based single sign-on - aids with leagacy technology

Answer 52

three-headed dog: authentication, authorization, and auditing. Security system using secret key cyrptography - users must have a unique ID for each application on the network. 4 requirements for access control - security, reliability, transparency, scalability. Based on symmetrical encryption and a secret key shared amongst the participants. Primary goal is to ensure private communiocations between systems over a network,

Answer 53

interaction between three systems: requesting system, the endpoint destination server, and the Kerberos or Key distribution center (KDC). Time-sensitive

Answer 54

serves two functions during the authentication transaction: as an authentication sever and as a ticket-granting server. Maintains database of the secret keys of all the participants

Answer 55

a common key used for intitial trusted communication - then unique key is created to support future communications - common to use a hash of the user's password as the unique user key

Answer 56

Ticket granting ticket - user will receive once authenticated with AS along with session encryption key

Answer 57

offers single sign-on services and uses both symmettic and asymmetric cryptographic techniques Key attributes: single sign-on,role based access control, use of privileged attribute certificate (PAC), use of Kerberos Version5 protocol to access SESAME components, use of public key cryptography for distribution of secret keys

Answer 58

WAM - replace sign-on process in affiliated WEB applications, typically by using a plug-on service on the Web server hosting the portal to the member applications.

Answer 59

Each organization subscribes to a common set of policies, standards, and procedures for the provisioning and managment of user identification, authentication, and suthorization information, as well as a common process for access control for systems these users must access. Uses cross-certification model for trust but once it goes beyond a small number it becomes very complex. Use of a third party bridge model is an alternative to the cross-sertification model.The third party is considered trust worthy - good for a large number of organizations.

Answer 60

once in unlimited access

Answer 61

Network events, System events, Application events, User Actions, and Keystrole Activity

Answer 62

logging files are found in the user's $HOME directory with names like ".history", "sh\_history"

Answer 63

Intrusion detection system - part of a network device or dedicated device - does not take any action on the problem. Considered network monitoring

Answer 64

Intrusion prevention system - will take proactive prevention action - responds in real time to an event at the system or network layer. Considered an access control.

Answer 65

Security Information and Event Management - aggregates information about access controls and selected system activity to store for analysis and correlation.

Answer 66

DoS - consumption of resources preventing useful processesing and interrurption of network resources to preventing communication rendering a system unusable - SYN floods - attackers makes an overwhelming number of session initiation requests - TCP/IP protocol

Answer 67

exploits how operating systems managed fragmented IP packets - overlap fragmented packets causing a flaw in the system - shutting it down

Answer 68

Distributed denial of service - attacks a server from thousands of locations

Answer 69

buffer temporarily stores information for processing - an attack manipulates the system's ability to manage its buffers. - Can also be used to inject malicious code - used to gain unauthorized access or to escalate privileges.

Answer 70

transmitted across network from remote source - ActiveX controls, Java applets, Java Script code from a Web page and HTML based email

Answer 71

Virus - parasitic code which attaches itself to another program; worm - self-propogating code; trojan horse - appear desireable but contain something harmful; spyware - used to deploy malware, collect private data, send advertising;

Answer 72

if attacker has obtained hashed password file using brute force attacks to compare combinations

Answer 73

developed public key cryptography with Whitfield Diffie

Answer 74

faster method of organizing hased chain - rainbow chain

Answer 75

With IP protocol alter source to a trusted IP - remove the assurance that a person is dealing with a trusted entity.

Answer 76

popularized tecnique of IP spoofing

Answer 77

collection information from a communication medium like a network

Answer 78

proliferation of electromagnetic signals given off by electronic devices

Answer 79

late 1960s - Government program studies compromising emanations - equipment should be located in center of building possibly protected by a Faraday cage (wrapped in wire mesh) - restricts signal leakage

Answer 80

direct observation - seeing a password typed in

Answer 81

residual data should be cleared - print only one user's output at a time

Answer 82

remains of partial data or even the entire set of digital information

Answer 83

File allocation table maintains physical location and often when files are deleted the information is removed form the FAT but the actual data is still residing on the drive.

Answer 84

space at the end of a file - it can be used by hacker's to store information

Answer 85

act of collecting and analyzing large quantities of information to determine patterns of use of behavior and use those patterns to form conclusions

Answer 86

taking what peopl assume is trash - cross cut shredders are more effective

Answer 87

special access capabilities put in by developer

Answer 88

results of attacks can be delayed for a long period of time - logical progression of events before they unleash theri aggression.

Answer 89

physical theft - anything o f value can be removed, digital theft - copies of data

Answer 90

practice of misdirection to obtain information through social contact

Answer 91

using scenario analysis with knowledge of threats and vulnerabilities to help determine what risks ares present in a system or application and where to apply resources to ensure the best mitigation for the value

Answer 92

impact vs. likelihood

Answer 93

Hardware, Software, Integration, Opportunity COst, Regulatory exposure (Civil/Criminal), Information replacement, reputational exposure

Answer 94

Single loss expectancy = asset value x exposure factor (estimate how much an asset will decline %wise)

Answer 95

Annualized loss exposure = single loss expectancy x Annualized rate of occurrence

Answer 96

reconnaissance, enumeration, vulnerability analysis,execution, document findings

Answer 97

Provisioning, Review, Revocation

Answer 98

B. Defining who can access a given system or information

Answer 99

B. Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities an providing access to information and systems to only those who have been approved

Answer 100

C. Least Privilege

Answer 101

B. Directive, deterrent, preventative, detective, corrective, compensating and recovery

Answer 102

A. Adminstrative, Physical and technical

Answer 103

B. Rainbow table Attack

Answer 104

D. A pin and a hard token

Answer 105

A. Single Point of Failure

Answer 106

B. Need to know

Answer 107

B. Technology type

Answer 108

A. Revoking credentials

Answer 109

C. Is based on user job function

Answer 110

B. Technologies and processes intended to offer greater efficiency in the management of a diverse user and technical environment

Answer 111

B. A compromised password exposes all authorized resources

Answer 112

D. Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function

Answer 113

C. A risk assessment approach in whihc decisions are based on risk and value

Answer 114

B. Business or organizational processess and access aggregation

Answer 115

A. ALE = SLE \* ARO

Answer 116

D. Security Information and Event Management

Answer 117

D. Physical