Risk Management Lecture 4

Question 1

What are the key processes to Access Control?

Answer 1

Identification

Authentication

Authorization

Accountability

Question 2

In relation to access control, what is identification?

Answer 2

Identification can be boiled down to “Who are you?”

Like a username/drivers license id.

Question 3

In relation to access control, what is Authentication?

Answer 3

Authentication is the process of verifying if you truly are who you identify as.

For example, this could be a password along with your username.

Question 4

In relation to access control authentication, what are the 3 general factors that can be used?

Answer 4

a) something you know,
e. g., a security question only you have the answer, a password created by yourself, etc.

b) something you have,
e. g., a smartcard such as ATM banking card, a key your room, etc.

c) something you are,
e. g., your fingerprint, your face, your voice, etc. It is also known as “biometrics”

Question 5

In relation to access control, what is Authorization?

Answer 5

This is a process of mapping what an individual has access to after identification and authorization.

For instance if you were an HR employee, having access to HR’s printer is normal, but access to the backend database for production wouldn’t.

Question 6

In relation to access control, what is two-factor authentication?

Answer 6

“Two-factor authentication” means that two different methods mentioned above are used in combination for authentication.
A typical example would be a VPN application which requires both user ID/password and a physical token showing one-time passwords.
If a business manager tells you that his/her application needs to have strong authentication, you can interpret it as two-factor authentication required at a minimum.

Question 7

In relation to access control, what is Accountability?

Answer 7

Another important security feature for identity & access management is to maintain audit logs and make sure non-repudiation can be established.
For example, during a incident investigation, you may need to prove that a person logged into a particular application and performed a specific action (e.g., deleted an important file) at a certain point in time.
If non-repudiation has been well established, then the identified person would not be able to deny that action!

Question 8

In biometric systems, what kinds of physical attributes can we use for authorization?

Answer 8

a) palm scan – captures fingerprints of each finger
b) hand geometry – captures the shape of a person’s hand (e.g., shape, length, width of hand and fingers)
c) retina scan – captures the patter of the retina on the backside of the eyeball
d) iris scan – captures the colored portion of the eye that surrounds the pupil (most accurate biometric method as of today)!

Question 9

In biometric systems, what kinds of behavioural characteristics can we use for authorization?

Answer 9

Handwriting
Signatures
Patterns of typing on a keyboard

Question 10

In biometric systems, what is a Type I Error?

Answer 10

A system that rejects an authorized user.

Also known as a “false rejection rate(FRR)”

Question 11

In biometric systems, what is a Type II Error?

Answer 11

A system that accepts unauthorized users that should have been rejected.

Also Called a “False acceptance Rate(FAR).

Question 12

In biometric systems, what is Crossover Error Rate (CER)?

Answer 12

Rating that measures the percentage of Type I Errors = Type II Errors

Smaller CER value means a more accurate system.

Question 13

What is IAM?

Answer 13

Identity and Access Management

Basically the means to assign a user with what they have access to.

Question 14

What is Single sign-on(SSO)?

Answer 14

SSO is a way of verifying identity once, and having that accessible across numerous applications.

Question 15

What is Role-based IAM?

Answer 15

Role-based IAM is a means of simplifying IAM to make it easier to give/take access away from users or groups of users.

Question 16

What is Kerberos?

Answer 16

Kerberos is a authentication protocol developed to provide SSO functionality to distributed environments.

It uses symmetric key cryptography eliminating the need to store passwords locally.

Question 17

What are the key steps in Kerberos authentication?

Answer 17

1. User authenticates to Authentication
   Service
2. AS issues initial ticket (TGT, Ticket Granting
   Ticket) to user
3. User sends a request to TGS asking for
   access to printer
4. TGS issues a new ticket (service ticket) with
   session keys
5. User extracts one session key and sends
   the service ticket to file printer

Question 18

What is SAML( Security Assertion Markup Language) ?

Answer 18

Widely used protocol used to establish identity federation over the internet

Question 19

How does SAML work?

Answer 19

1. User accesses some service
2. Service contacts Identity provider
3. Identity provider asks User to login
4. SAML Token is generated and sent to Service
5. Service confirms users login.

Question 20

What are the layers involved in protecting data?

Answer 20

1. Application layer – “who is able to access what”
   - user authentication,
   - role-based access management, etc.
2. Network layer –“which device is able to connect”
   - Firewalls,
   - NAC (Network access control),
   - VLAN network segmentation,
   - Network zoning, etc.
3. Host layer
   - Malware protection
   - Monitoring of file integrity
   - Configuration management
4. Database layer - “identify abnormal behaviors for database usage”
   - Role-based database access management
   - Databased monitoring, e.g., behavioral-based system to identity abnormal events

Question 21

What are the 2 ways you can detect security events/incidents?

Answer 21

1. Signature Based

2. Behavioural Based

Question 22

In relation to detecting security events, what is a signature based detection method?
And what is it good at?

Answer 22

You maintain a database of signatures for known issues.
eg. signature database for computer virus’

Good for capturing known issues, but possibly lets new threats through.

Question 23

In relation to detecting security events, what is a behavoural based detection method?

Answer 23

You create a baseline with normal patterns, then identify outliers.

For example an employee routinely logs in everyday at 9am and leaves at 5pm, someone logging in outside those hours is suspicious.

Question 24

What are 2 possible detection failures?

Answer 24

1. False Positive

2. False Negative

Question 25

In relation to detection failures, what is a false positive?

Answer 25

Something normal identified as a bad event.

Question 26

In relation to detection failures, what is a false negative?

Answer 26

Something malicious marked as good/normal.

eg. installing a malicous piece of software

Question 27

What, typically becomes an organizations weakest link in relation to security?

Answer 27

In many cases, end users, particular the ones lacking security awareness and training, become
the organization’s weakest link
- end users behaviors are usually very unpredictable
- very vulnerable to “social engineering” types of attacks
- users always prefer “usability” & “functionality” over “security”