Lecture 9 Flashcards
What is MAC?
Mandatory Access Control - access based on classification levels.
MAC is a security model that restricts the ability to access or manipulate resources based on predefined policies.
What does ‘least privilege’ mean?
Users should have the minimum access needed to do their job.
This principle helps to minimize the potential damage from accidents or malicious actions.
What is need-to-know?
Access only to information necessary for one’s role.
This principle ensures that users only access the data essential for their functions.
What is separation of duties?
Dividing responsibilities to reduce risk of abuse.
This practice helps prevent fraud and errors by ensuring that no single individual has control over all aspects of a process.
What is authentication?
Verifying identity.
This is a critical step in access control to ensure that users are who they claim to be.
What is authorization?
Determining what an authenticated user is allowed to do.
Authorization follows authentication and dictates user permissions.
What is accountability?
Being able to trace actions back to a user.
Accountability is crucial for security and compliance, allowing organizations to track user activities.
Why do we log access?
To monitor user actions and detect misuse.
Logging is an essential practice for auditing and enhancing security measures.
What access permission is given to the group for the resource BurpSuiteCommunity?
“drwxr-xr-x 5 kali kali 4096 Jul 30 2023 BurpSuiteCommunity”
Read and Execute
What is the name of the owner of the resource afile-example.txt?
“-rwxr-xr-x 5 kali root 4096 Feb 17 2023 afile-example.txt”
kali
What is the UNIX command to change the name of the owner of the resource afile-example.txt to
“da222e”
sudo chown da222e afile-example.txt
