Identification and Authentication (Lesson 10)

Question 1

3 Methods to Authenticate + 2

Answer 1

3 general methods to authenticate
Something you know
Something you have
Something about you/that you are
location
dynamic biometrics

Question 2

Rules for passwords

Answer 2

Don’t pick an easy one to guess
mix upper and lower case, add special characters and numbers
at least 6 characters in length, 8 better, 10 even better
maybe use pass-phrases instead of dictionary words
Don’t write it down
Don’t reuse previous passwords (or just add a # to it)
Change it on a regular basis (but not too often), 45 days.
If you’re the sysadmin, run a password cracker periodically.
If one-time passwords are possible, consider using them (they have their own problems though)

Question 3

Password management issues

Answer 3

Default accounts
Easily guessed or cracked passwords
Unpassworded accounts
Shared accounts
Password aging
Password policy enforcement
Password auditing
Audit frequency
Control access to results

Question 4

One-Time Passwords

Answer 4

User given device that generates a password at certain time intervals (e.g. every minute)
The device is keyed with the server, so that both devices generate the same password at the same time.
If you want to log into the server, look at the display and type in the password you see.
Even if the password is sniffed, it was only good for the minute it was used.

Question 5

Something you have

Answer 5

Physical keys, magnet cards, smart cards, calculators.

Question 6

Something about you

Answer 6

Biometrics
Voice prints
Fingerprint
Retinal Scan
Hand Geometry
Signature analysis

Question 7

Dynamic Biometrics

Answer 7

captures a dynamic process rather than a static characteristic of a person.

Question 8

Access Modes Read

Answer 8

allows entity to read the file or view the file’s attributes

Question 9

List – Access Mode

Answer 9

the entity may view the file’s attributes.

Question 10

Delete – Access Mode

Answer 10

the entity may remove the file from the system.

Question 11

Execute – Access Mode

Answer 11

the entity may load the file and run it.

Question 12

Write – Access Mode

Answer 12

allows the entity to write to the file, which may include creating, modifying, or appending to the file.

Question 13

Protection Table

Answer 13

Illustrates what access controls are designed to do

Question 14

File Passwords

Answer 14

In order to gain access to a file the user must present the system with the file’s password.
In order to control the type of access granted to the file, multiple passwords for each file may be necessary.

Question 15

Capabilities Based Access Controls

Answer 15

Divides the protection table by rows (Object and Permissions columns). Each user has a table.
Associated with each entity is a list of the objects the user may access along with its permissions.

Question 16

ACL

Answer 16

Access Control List

• Divides protection table by columns.
• Instead of maintaining a separate list for each subject, ACLs are created for each object.
• each row is a user.
• Tables by filename.

Question 17

Modified ACL

Answer 17

Divide users into groups.

Requires less room.

Question 18

ACL with access restrictions

Answer 18

ACL with multiple individual user access restrictions based on time and location.

Question 19

NT Access Control Lists (ACL)

Answer 19

All securable objects are assigned a security descriptor when created.
Descriptor controls who has what access to the object
Consists of
-Owner SID: The owner’s security ID
-Group SID: The security ID fo the primary group.
—Discretionary Access Control List (DACL): specifies who has what access to the object.
—System Access Control List (SACL): Specifies which operations by which users should be logged in the security audit log.

Question 20

ACE

Answer 20

Access control entry.

The access control list is made up of an ACL header and 0 or more access control entry (ACE) structures. An ACL with 0 ACEs is called a nullACL and indicates that no user has access to the object.

Question 21

Protection Bits

Answer 21

A modification of ACLs.
Protection bits are attached to each file but instead of providing a complete list of all users they specify permissions for specific classes.
Sometimes referred to as “permission bits”.
Example classes: Owner, Group, World

Question 22

Discretionary Access Controls

Answer 22

are controls implemented at the discretion or option of the user/owner (e.g. protection bits)

Question 23

Nondiscretionary Access Controls

Answer 23

are controls that are determined by a central authority in the organization and can be based on the individual’s role or job.

• Role-based Access Controls: tied to the particular role the user performs
• Task-based Access Controls: tied to a particular assignment or responsibility