Domain 1 Questions Flashcards

1
Q

WHAT IS acess subject object

A

Access is the flow of information between a subject and an object. A subject is an active entity that requests access to an object or the data within an object. A subject can be a user, program, or process that accesses an object to accomplish a task. When a program accesses a file, the program is the subject and the file is the object. An object is a passive entity that contains information. An object can be a computer, database, file, computer program, directory, or field contained in a table within a database. When you look up information in a database, you are the active subject and the database is the passive object. Figure 4-1 illustrates subjects and objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is first step in security

A

So, the first step in protecting data’s confidentiality is to identify which information is sensitive and to what degree, and then implement security mechanisms to protect it properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is identification

A

Identification describes a method of ensuring that a subject (user, program, or process) is the entity it claims to be. Identifica-tion can be provided with the use of a username or account number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

how are you authorized

A

To be properly authenticated, the subject is usually required to provide a second piece to the credential set. This piece could be a password, passphrase, cryptographic key, personal identifica-tion number (PIN), anatomical attribute, or token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is a race condition

A

exploit. A race condition occurs when two or more processes use the same resource and the se-quences of steps within the software can be carried out in an improper order, something which can drastically affect the output. So, an attacker can force the authorization step to take place before the authentication step and gain unau-thorized access to a resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are the 4 steps for an object to acces an object

A

identification,authent,authorize,account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what are logical access controls

A

Logical access controls are tools used for identification, authentication, authorization, and accountability. They are software components that enforce access control measures for systems, programs, processes, and information. The logical access controls can be embedded within operating systems, applications, add-on security packages, or data-base and telecommunication management systems. It can be challenging to synchro-nize all access controls and ensure all vulnerabilities are covered without producing overlaps of functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Name the 2 steps of authentication

A

An individual’s identity must be verified during the authentication process. Authen-tication usually involves a two-step process: entering public information (a username, employee number, account number, or department ID), and then entering private in-formation (a static password, smart token, cognitive password, one-time password, PIN, or digital signature)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a cognitive password

A

NOTE A cognitive password is based on a user’s opinion or life experience. The password could be a mother’s maiden name, a favorite color, or a dog’s name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is verification 1:1

A

measurement of an identity against a single claimed id

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Give example of verification 1:n

A

fingerprints - you find one and comapre it to a database of many

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is the least expensive authentication

A

something you know is least expensive to implement - but another person may acquire what you know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what si calssified as strong authentication?

A

using 2 out of the 3 methods - something you have, something you know, something you is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what type of system provides what a person is?

A

biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what is two factor authentication

A

it is the same as strong authentication using 2 our of the 3 methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

when creating secure identities what 3 key aspects should be included

A

uniqueness, non descriptive, issuance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what is uniqueness and why is it important

A

identifiers that are specific to an individual and it is important for accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

what is non descriptive

A

accounts should be non descriptive - they should not include the purpose of the account - no CEO, Backup Operator, etc. The naming scheme chould also be standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

what is issueance

A

elements provided by another authority as a means to prove identitiy - id cards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

what is identity management

A

broad term emcompasses different products to identify automate and

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

name some IDM technologies

A

directories - web access management - password management - legacy single sign on -

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

directories that pertain to a networks resources and users are usually built on

A

x.5 standard and a protocol like lightweight directory access protocol LDAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

objects in a directory are managed by a

A

directory service - allows the admin to configure and manage how ident, authorize,access take place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Walk through the log in process on a windows box

A

log into a domain controller, which has a database called active directory which organizes the network and carries out user access control functionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

what is the difference between SSO and password sync

A

SSO software intercepts login prompts from network systems and fills in the necessary info (username and passowrd) Password Sync - lets the user have one password between multiple systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is provisioning?

A

User provisioning is the creation, maint, and deactiv of user objects and attributes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

what is the system of HR reffered to when provisioning?

A

authoritative source

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

what are the 3 factors for authentication

A

shomething you have, something you know, something you are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

what are subjects

A

users, programs and process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

what is identification

A

a method to ensure that a subject is the entity that it claims to be - identification is the username and account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

if identification is the subjects username and or account what is authentication

A

the password, token , key, pin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

what is a federated identity

A

portable identitiy and its entitlements to be used across business bounderies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

what is spml

A

service provisioning markup language - allows company interfaces to pass service requests and allow access to the services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

the company that send the authorization of data is

A

producer of assertations the receiver is the consumer of assertations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

name a behavioral biometric

A

signing a signature - physiological is what you are - behavioral is what you do.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

what is sesame

A

ticket based system built by european computer mfg assoc - weaknessbasis authentication on small part of msg, key is not very random

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

what is kyrpto knight

A

created by ibm it is ticket service - it is compact and flexible unlike kerbos it does not require clock sync

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

kerbos krypto knight and sesame are all

A

ticket based technologies based on sso

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

namme the two general cats of access control

A

centralized and decentralized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

nname 4 centralized access contl protocooals

A

LDAP,RAS, PAP,CHAP, EAP,RADIUS,TACACS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

what doees LDAP sttannd for

A

lightweight directory access protocol -

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is RAS

A

Remote Access Serverices Protocol utilize POINT to POINT protocol to encapsulate packets and establish dialin connections over seriel links

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

RAS uses PPP ther are 3 flaovors of PPP what are they?

A

PAP - Password Authentication Protocol–(a 2 way handshake to authenticate a peeer on a server TRANSMITS PASSWORDS in CLEAR ttext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

RAS - PPP - # flavors of PPP - 1 is PAP what are other 2

A

CHAP Challenge Handshake Authentication Protocol a 3 way handshake - peer and server have shared secret key in plain text preconfig and storred

45
Q

What dos MS chap allow you to do

A

allows the shared secret to be stored in encrypted form

46
Q

EAP

A

Extensible Authentication Protocol - flexibility to PPP authentication by implementing variouss authentication mechanisms (Wireless Networks use EAP)

47
Q

RADIUS - what is it

A

centralize access control protocol remote authentication dail in user service- open source client server

48
Q

Why is RADIUS faster protocol ?

A

It uses UDP packets for transport - it is fast but not as reliable

49
Q

Where s radius usually deployed

A

ISPs and corporate remote access services and VPNs

50
Q

What one was originally buit for militry

A

TACACAS

51
Q

Whhat type of access control systems are used by large distributed corps

A

decentralized access cntrol systems

52
Q

giive some examples of decenntralizeed accceess control systtems

A

multiple domains and trauststypically a large company

53
Q

what is a domain?

A

collection of users computers and resources that have a common security policy and administration

54
Q

Name the 2 general categories of access control

A

system access and data access`

55
Q

what is the difference between synchronos and asynchronos tokens

A

synchronous - continuously generated

57
Q

name 2 centralized access control models that support tokens

A

RADIUS and Terminal ACCESS Controller ACCESS Control SYSTEMS

58
Q

What is discretionary access control

A

access policy is determined by the owner of the policy

59
Q

what are the 3 basic types of permissions

A

read, write, execute

60
Q

under discretionary access control what is an acl

A

access control list - rights and persmissions are set to a given subject

61
Q

is role based a discretionary access control?

A

yes

62
Q

name some of the drawbacks of discretionary access controls using ACL or role based

A

lack of centralization, depend on security concious owners

63
Q

what determines the access policy in madatory access control

A

the system - all subjects and objects have labels

64
Q

in order to access an object under the MAC with lables you must have a sensitivity rating — or — than the requested object

A

higher or equal to

65
Q

Rule based access control is a type of

A

MAC

66
Q

what is a lattice based access control

A

math model structure that defines greates lower and least upp values for a pair of elements

67
Q

Name the 2 baic categories of access control models

A

data access and system access

68
Q

what is the bell la padula

A

only addresses confidentiality

69
Q

what are the 2 basic features of bel la padula No __ __ and NO __ __

A

No Read UP and No Write Down

70
Q

What is BIBA

A

Biba is integrity mnodel it is bell la padula upside down

71
Q

so what are the rules with Biba

A

it is a lattice security model - no read down and no write up

72
Q

what is clark wilson

A

data cannot be directly accessed by the user - instead it is accessed by the application

73
Q

list ways passwords get compromised

A

_ Access the password file Usually done on the authentication server. The password file contains many users’ passwords and, if compromised, can be the source of a lot of damage. This file should be protected with access control mechanisms and encryption

74
Q

Brute Force

A

._ Brute force attacks Performed with tools that cycle through many possible character, number, and symbol combinations to uncover a password.

75
Q

Dictionary Attack

A

_ Dictionary attacks Files of thousands of words are compared to the user’s password until a match is found

76
Q

Social Engineering

A

_ Social engineering An attacker falsely convinces an individual that she has the necessary authorization to access specific resources.

77
Q

Rainbow table

A

_ Rainbow table An attacker uses a table that contains all possible passwords already in a hash format.

78
Q

what is a salt

A

alts are random values added to the encryption process to add more complexity. The more randomness entered into the encryption process, the harder it is for the bad guy to decrypt and uncover your password. The use of a salt means that the same password can be encrypted into sev-eral thousand different formats. This makes it much more difficult for an attacker to uncover the right format for your system.

79
Q

What is a cognitive password

A

Cognitive passwords are fact- or opinion-based information used to verify an individ-ual’s identity. A user is enrolled by answering several questions based on her life experi-ences. Passwords can be hard for people to remember, but that same person will not likely forget her

80
Q

what is a otp

A

One-time password generating tokens come in two gen-eral types: synchronous and asynchronous. The token device is the most common implementation mechanism for OTP and generates the one-time password for the user to submit to an authentication server. The following sections explain these concepts.

81
Q

What is a synchronos token device?

A

Synchronous A synchronous token device synchronizes with the authentication ser-vice by using time or a counter as the core piece of the authentication process. If the synchronization is time-based, the token device and the authentication service must hold the same time within their internal clocks.

82
Q

What is asynchronos

A

In this situation, the authentication server sends the user a challenge, a random value also called a nonce. The user enters this random value into the token device, which encrypts it and returns a value the user uses as a one-time password. The user sends this value, along with a username, to the authentication server.

83
Q

what is a passphrase

A

A passphrase is a sequence of characters that is longer than a password (thus a “phrase”) and, in some cases, takes the place of a password during an authentication process. The user enters this phrase into an application and the application transforms the value into a virtual password, making the passphrase the length and format that is required by the application

84
Q

What is the difference between a smart card and memeory card

A

A smart card has the capability of processing information because it has a micro-processor and integrated circuits incorporated into the card itself. Memory cards do not have this type of hardware and lack this type of functionality. The only function they can perform is simple storage.

85
Q

What are t he attributes of a contactless smart card

A

The contactless smart card has an antenna wire that surrounds the perimeter of the card. When this card comes within an electromag-netic field of the reader, the antenna within the card generates enough energy to power the internal chip.

86
Q

Name the 2 types of contactless smartcards

A

wo types of contactless smart cards are available: hybrid and combi. The hybrid card has two chips, with the capability of utilizing both the contact and contactless formats. A combi card has one microprocessor chip that can communicate to contact or contactless readers.

87
Q

What is Kerberos

A

Kerberos is an example of a single sign-on system for distributed environments, and is a de facto standard for heterogeneous networks.

88
Q

What type of access control is Role Based

A

A role-based access control (RBAC) model, also called nondiscretionary access con-trol, uses a centrally administrated set of controls to determine how subjects and ob-jects interact. This type of model lets access to resources be based on the role the user

89
Q

What is an access control matrix

A

individual subjects can take upon individual objects. Matrices are data structures that programmers implement as table lookups that will be used and enforced by the operat-ing system.

90
Q

What is a capability table

A

A capability table specifies the access rights a certain subject possesses pertaining to specific objects. A capability table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL

91
Q

What is the differnece between ACl and ACM

A

ACLs map values from the access control matrix to the object. Whereas a capability corresponds to a row in the access control matrix, the ACL corresponds to a column of the matrix.

92
Q

What are the 2 administration methods of access control

A

centralized and decentralized

93
Q

Radius is a remote centralized access control system - what does it do

A

Remote Authentication Dial-In User Service (RADIUS) is a network protocol and provides client/server authentication and authorization, and audits remote users.

94
Q

How does RADIUS work

A

The access server requests the remote user’s logon credentials and passes them back to a RADIUS server, which houses the user-names and password values. The remote user is a client to the access server, and the access server is a client to the RADIUS server.

95
Q

Use ISP example to explain Radius (pg222)

A

The access server and customer’s software negotiate, through a handshake procedure, and agree upon an authentication protocol (PAP, CHAP, or EAP). The customer provides to the access server a username and password. This communica-tion takes place over a PPP connection. The access server and RADIUS server commu-nicate over the RADIUS protocol. Once the authentication is completed properly, the customer’s system is given an IP address and connection parameters, and is allowed access to the Internet. The access server notifies the RADIUS server when the session starts and stops, for billing purposes.

96
Q

Explain the differences between TACAS+ and RADIUS

A

TACAS+ uses TCP as its transport and Radius uses UDP

97
Q

Another difference

A

Radius only encrypts the password - the username and authority are clear text - TACAS + encrypts all

98
Q

What are easier to tamper with Smartcards or memory cards?

A

memory cards

99
Q

What ISO are smartcards standardized under

A

ISO 14443

100
Q

What does tempest deal with

A

how to develop countermeasures to control signals emitted by equipment - it surpresses signals

101
Q

what is a networked based IDS

A

uses sensors installed on host computers or appliances with a nic in promiscuous mode

102
Q

what is a host based IDS

A

installed on workstations or servers usually used to make sure users do not delet system files

103
Q

what is the big difference between HIDS and NIDS

A

NIDS - look at network traffic 0 HIDS looks at the computer itself

104
Q

name the 2 types of hids and nids

A

signature based and anomaly based

105
Q

what is more popular signature or anomoly

A

signature

106
Q

what is the problem with signature

A

you need updates so it is weak against new threats

107
Q

what is a state in ids

A

a snapshot of the systems values in a volatile semiperm and perm memory locations

108
Q

what type of an ids is a stat anomoly based system

A

behavior based - they learn a profile

109
Q

what is the benefit of a stat anomoly

A

it recognizes new attackes

110
Q

what is a draw back of a stat based

A

false positives