Lesson 8 Identity and Access Control Management Flashcards

1
Q

Access Control Schemes

A

DAC - Discretionary Access Control

RBAC - Role Based Access Control

MAC - Mandatory Access Control

ABAC - Attribute Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DAC

A

Discretionary Access Control

  • Owner of a file has all the power
  • No centralized point of management
  • Owner centric, User defined
  • Not rule based
  • Used on local file storage on NTFS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

MAC

A

Mandatory Access Control

  • Objects are given sensitivity labels
  • Subjects are given clearance labels
  • Centralized point of management
  • System defined, very rigid
  • Rule based
  • Used by Trusted OS like SE Linux
  • ex app armor to assign profiles
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

RBAC

A

Role-Based Access Control

  • Permissions are given to roles
  • Users inherit permissions from the role they are given
  • Centralized point of management
  • Eases permission management for organizations
  • Rule Based
  • Similar to group based permission management
  • used where content is king, like a blogging site, web site etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ABAC

A

Attribute-Based Access Control

  • Limits access based off of any attribute of an object/file
  • File extension, time, size, content, location, etc
  • Centralized point of management
  • Verify flexible but can become overly complex
  • May slow down system
  • Weighs a particular situation using attributes and is session aware
  • ex. Inability to use sudo or WSL for certain privileged users
  • ex User Account Control (UAC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

GPO

A

Group Policy Objects
Windows Active Directory network configuration of access policies
- configures access rights for user/group/role accounts
- can be linked to administrative boundaries in Active Directory such as domains, and Ogr Units (OUs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Federation and Attestation

A

Federation means that the company trusts accounts created and managed by a different network
- like using google account -Identity Provider (IdP)- as login credentials to a third party site, like Twitter -Service Provider (SP)-

  • Attestation is vouching for another
  1. user contacts SP, SP redirects user to IdP to authenticate
  2. user authenticates with IdP and gets an Attestation of identity, like a token or IdP signed document
  3. User presents attestation document to SP. SP can use this due to trust relationship with IdP
  4. SP can now connect with user
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SAML

A

Security Assertions Markup Language

  • provides a means for federated networks and cloud providers to provide user identity assertions and transmit attestations between the user and IdP
  • uses xml for the assertions
  • signed by the XML signature specification
  • utilizes Simple Object Access Protocol (SOAP) and HTTP (tcp over 80)/HTTPS(tcp over 443) to communicate the attestations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

OAuth and OpenId Connect

A

A better solution than SAML and SOAP for mobile devices
- Uses RESTful APIs

OAuth - Open Authentication Standard
- used for federated identity management, allowing resource servers or consumer sites work with user accounts created and managed on a separate identity provider

OpenID Connect (OIDC)
-an authentication protocol that can be implemented as special types of OAuth flows with precisely defined token fields
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Service Accounts (Windows)

A

System - has most privileges

Local Service Account - same privileges as the standard user account, can only access the network as an anonymous user

Network Service Account - same privileges as the standard user account but can present the computers account credentials to access the network resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly