Chapter 14: Controlling and Monitoring Access Flashcards

1
Q
  1. What are Permissions?
A

Permissions refer to the access granted for an object and determine what you can do with it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. What are Rights?
A

Rights refers to the ability to take an action on an object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. What are Privileges?
A

Privileges are the combination of rights and permissions.

4.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is implicit deny?

A

Implicit deny principle ensures that access to an object is denied unless access has been explicitly granted to the subject.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. What is Access Control Matrix?
A

Access control matrix is a table that includes subjects, objects and assigned privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. What are capability tables?
A

capability tables are subject focused and identify objects that subjects can access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What is constrained interface?
A

constrained interface are used by applications to restrict what users can do or see based on their privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. What are Content -Dependent Control? Content
A

Content-Dependent access controls restrict access to data based on the content within an object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. What are Context-Dependent Control?
A

Context-dependent access control require a specific activity before granting access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. What is need to know?
A

Need to know principle ensures hat subjects are granted access only to what they need to know for their work tasks and job functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What is the difference between least privilege and need to know?
A

least privilege will include the right to take action on a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What is separation of duties?
A

separation of duties and responsibilities principle ensures that sensitive functions are split into tasks performed by 2 or more employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is a security policy?
A

A security Policy is a document that defines the security requirements of an organisation. It identifies assets that need protection and the extent to which security solutions should go to protect them. It provides an overview of the company’s security needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What is Discretionary Access Control?
A

Discretionary Access Control means that every object has an owner and the owner can grant or deny access to any other subjects. e.g. New Technology File System (NTFS)

• A DAC model is implemented using access control lists (ACLs) on objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. What is Role Based Access Control?
A

Role based Access Control (RBAC) means that user accounts are placed in roles and administrators assign permissions privileges to the roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. What is the key characteristic of Rule Based Access Control?
A

Rule Based Access Control model applies global rules that apply to all subjects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. What are rules in Rule based access control?
A

restrictions or filters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. What are Attribute Based Access Control?
A

Attribute Based Access Control (ABAC) model use rules that can include multiple attributes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. What is Mandatory Access Control?
A

Mandatory Access Control models applies the use of labels to both subjects and objects. The MAC model is prohibitive rather than permissive, and it uses an implicit deny philosophy. The MAC model is more secure than the DAC model, but it isn’t as flexible or scalable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. What are non-discretionary access controls? Administrators
A

Administrators centrally administer non discretionary access control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. What is Attribute Based Access Control?
A

Attribute Based Access Control (ABAC) is an advanced implementation of rule based access control. ABAC models use policies that include multiple attributes for rules. e.g. attributes may be group membership, department, devices etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. List and describe the 3 types of MAC Model environments:
A
  • Hierarchial Environment: relates to various classification labels in an ordered structure from low security to medium security to high security.
  • Compartmentalized environment: there is no relationship between one security domain and the other.
  • Hybrid Environment: Combines both hierarchical and compartmentalized concepts so that each hierarchical level may contain numerous subdivisions that are isolated from the rest of the security domain.
23
Q
  1. What is Advanced Persistent Threat?
A

Advanced Persistent Threat (APT) is a group of attackers who are working together and highly motivated, skilled and patient. They have advanced knowledge and a wide range of skills to detect and exploit vulnerabilities. Nation states (governments) typically fund APTs, they can also be funded by criminal gangs.

24
Q
  1. Discuss the threat model approaches:
A
  • Focused on Assets: This method uses asset valuation results and attempts to identify threats to the valuable assets.
  • Focused on Attackers: some organisations focus on the attackers and then identify the threats they represent based on the attacker’s goals.
  • Focused on Software: if an organisation develops software, it can consider potential threats against the software.
25
Q
  1. What is the weakest form of authentication?
A

Password

26
Q
  1. What is password attack?
A

an attack on passwords or attacker may try to have access to a password and then use the access to launch an attack.

27
Q
  1. List some password attacks:
A

Dictionary Attack, Brute Force Attack.

28
Q
  1. What is Dictionary Attack?
A

A dictionary attack is an attempt to discover passwords by using every possible password in a predefined database or list of common or expected passwords.

29
Q
  1. What is Brute Force Attack?
A

Brute Force Attack is an attempt to discover passwords for user accounts by systematically attempting all possible combinations of letters, numbers and symbols. Many attackers are using graphic processing units (GPUs) in brute-force attacks.

30
Q
  1. What is hybrid attack?
A

Hybrid attack attempts a dictionary attack and then performs a type of brute force attack with one upped construction password

31
Q
  1. What is a rainbow table?
A

Involves a large database of precomputed hashes. attackers guess a password with either dictionary attack or brute force attack, hash it and the put both the hashed password and the hash of the guessed password into the rainbow table

32
Q
  1. To reduce the effect of rainbow tables____ passwords:
A

salt

33
Q
  1. List 2 algorithms used to salt passwords:
A

bcrypt and Password Based Key Derivation Function 2 (PBKDF2)

34
Q
  1. What is pepper?
A

Pepper is a large constant number stored elsewhere. Adding pepper to salted passwords increase security

35
Q
  1. what are sniffer attacks?
A

Sniffing captures packets sent over a network with the intent of analysing the packets. A sniffer (also called a packet analyzer or protocol analyzer) is a software application that captures traffic traveling over the network.
• A sniffer attack (also called a snooping attack or eavesdropping attack) occurs when an attacker uses a sniffer to capture information transmitted over a network. They can capture and read any data sent over a network in clear text, including passwords.

36
Q
  1. What are ways to prevent sniffing attacks?
A

Encrypt all sensitive data (including passwords)
• use onetime passwords when encryption is not feasible
• protect network devices with physical security
• monitor the network for signatures from sniffers. e..g. Intrusion

37
Q
  1. What is Spoofing?
A

Spoofing (aka Masquerading) is pretending to be something or someone else.

38
Q
  1. What is email spoofing?
A

email spoofing occurs when spammers spoof the email address in the from field to make the email appear to come from another source. e.g phishing

39
Q
  1. What is phone number spoofing?
A

Caller ID services allow users to identify the phone number of the caller. Phone number spoofing allows a caller to replace this number with another one, which is a common technique on Voice over Internet Protocol (VoIP) systems.

40
Q
  1. What is social engineering?
A

Social Engineering occurs when an attacker attempts to gain the trust of someone using deceit such as false flattery or impersonation or by using conniving behaviour.

41
Q
  1. What is Shoulder Surfing?
A

Shoulder Surfing involves a social engineer that attempts to look over the shoulder of an individual to read the computer screen or watch the keyboard as the user types.

42
Q
  1. What is Phishing?
A

Phishing is a form of social engineering that attempts to trick users into giving up sensitive information, opening an attachment, or clicking a link. The goal of sending a phishing email may be to install malware on user systems or steals PII or cardholder details

43
Q
  1. What is drive by download?
A

Drive-by download installs itself on without the user’s knowledge when the user visits a website. Drive by downloads take advantage of vulnerabilities in browsers or plug-ins.

44
Q
  1. What is Ransomware?
A

Ransomware is a malware that takes control of a user’s system and data and blocks the user’s access until the user pays a fee or ransom.

45
Q
  1. What is Spear phishing?
A

Spear phishing is a form of phishing targeted to a specific group of users.

46
Q
  1. What is Zero day vulnerability?
A

Zero day vulnerability is one that application vendors either do not know about or have not released a patch to remove the vulnerability.

47
Q
  1. What is Whaling?
A

Whaling is a variant of phishing that targets senior or high level executives such as CEOs and presidents of a company

48
Q
  1. What is Vishing?
A

Vishing is the use fraudulent phone numbers, voice-altering software, text messages, VoIP, or social engineering to trick users into divulging sensitive information. Vishing attacks commonly spoof the caller ID number to impersonate a valid bank or financial institution.

49
Q
  1. Example of a smartcard attack?
A

Side-channel attack is a passive, non-invasive attack intended to observe the operation of a device.

50
Q

a

A

a

51
Q

a

A

a

52
Q

a

A

a

53
Q

a

A

a

54
Q

a

A

a