Chapter 2: Access Control Attacks and Monitoring Flashcards
What is a risk?
A risk is the possiblity or likelihood that a threat will exploit a vulnerability resulting in a loss such as harm to an asset.
What is a threat?
A threat is a potential occurrence that can be caused by anything or anyone and can result in an undesirable outcome.
What is a vulnerability?
Any type of weakness.
What is threat modeling?
The process of identifying, understanding, and categorizing potential threats. Threat modeling should begin early in the design process of a system and continue through its life cycle.
What is SD3+C, and what are its goals?
A motto which states: “Secure by Design, Secure by Default, Secure in Deployment and Communication”.
Its goals are:
- To reduce the number of security-related design and coding defects.
- To reduce the severity of any remaining defects.
What are the approaches to threat modeling?
- Focused on assets
- Focused on attackers
- Focused on software
What is vulnerability analysis?
Attempting to discover weaknesses in systems against potential threats. It’s an ongoing process including both technical and administrative steps.
What is a dictionary attack?
A dictionary attack is an attempt to discover passwords by using every possible word in a predefined databas.
What is a one-upped constructed password?
A password in which a single character differs from its original form. password -> password1, for example.
What is a brute force attack? A hybrid attack?
A brute force attack attempts to discover passwords by trying all possible combinations. A hybrid attack attempts a dictionary attack first, then moves on to brute forcing.
What is a rainbow table?
A large database of precomputed hashes for guessed passwords.
How do you combat rainbow tables?
Use salt.
What is salt?
Additional random bits added to a password before hashing it. This can dramatically increase the size needed for rainbow tables.
What are the methods to prevent access control attacks?
- Control physical access to systems
- Control electronic access to password files
- Encrypt password files
- Create a strong password policy.
- Use password masking
- Deploy multifactor authentication
- Use account lockout controls
- Use last logon notification
- Educate users about security
- Audit access controls
- Actively manage accounts
- Use vulnerability scanners
What are access review audits for?
Checking that users do not have excessive privilieges and that accounts are managed appropriately.
What are user entitlement audits?
Discovering when users have been granted excessive privileges or otherwise violate security policies related to user entitlement.
What are dual administrator accounts?
Requiring administrators to have two accounts, one privileged and one not. The non-priv account is used for day to day activities, basically anything that doesn’t require privilege. This can mitigate the harm from attacks.
