Section 20 - Access Control

Question 1

What is Access Control?

Answer 1

Methods used to secure data and information by verifying a user has permissions to read, write, delete or otherwise modify it

Question 2

What are the four access control models?

Answer 2

DAC
MAC
RBAC
ABAC

Question 3

What is DAC?

Answer 3

Discretionary Access Control

The access control policy is determined by the owner

Question 4

What is MAC?

Answer 4

Mandatory Access Control

An access control policy where the computer system determines the access control for an object

*** It does this through data labels. Data labels create this trust level for all subjects. Every person gets a label of their trust level and each data object gets a label as well. It then compares these labels to each other to give access. For example, someone with a secret clearance (subject) would not get access to top security information (object.)

Question 5

If you want to access something with a MAC system, you need to not just meet the minimum level but you also have to have what?

Answer 5

A need to know

*** This system is typically seen in military installations

Question 6

MAC is implemented in one of two ways. These are what?

Answer 6

Rule Based
Lattice Based

Question 7

What is RAC?

Answer 7

Rule Based Access Control

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

Question 8

What is Lattice Based Access Control?

Answer 8

Utilizes complex mathematics to create sets of objects and subjects to define how they interact

Question 9

MAC exists in a couple of OS but which of them does it not?

Answer 9

Windows

This is because Windows uses Discretionary Access Control instead

Question 10

What is RBAC?

Answer 10

Role Based Access Control

An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single data label to define the permission level

*** The whole idea here is that we set permissions based on the job function. For example, you’d have a role for IT, HR and sales. Each have their own roles based on their job and their permissions are tailored to what access they need between each other. So HR wouldn’t need access to IT files but IT would need access to HR’s.

Question 11

What is ABAC?

Answer 11

Attribute Based Access Control

An access model that is dynamic and context-aware using IF-THEN statements

*** This uses tagging things so you can give the right permissions using different software automation.

Question 12

What are some of the best practices for access control?

Answer 12

Implicit Deny
Least Privilege
Separation of Duties
Job Rotation

Question 13

What is Implicit Deny?

Answer 13

All access to a resource should be denied by default and only be allowed when explicitly stated

Question 14

What is Least Privilege?

Answer 14

Users are only given the lowest level of access needed to perform their job functions

Question 15

What is Separation of Duties?

Answer 15

Requires more than one person to conduct a sensitive task or operation

Question 16

What is Job Rotation?

Answer 16

Occurs when users are cycled through various jobs to learn the overall operations better, reduce their boredom, enhance their skill level, and most importantly, increase our security

Question 17

What is ADUC?

Answer 17

Active Directory Users and Computers

This is a program inside of Windows where you can explore all the users, the groups, and the computers. You can see all the lists of the users on this particular program.

Question 18

What is chmod?

Answer 18

Change Mod

Program in Linux that is used to change the permissions or rights of a file or folder using a shorthand number system

*** This comes down to three numbers, if you have read access = 4. If you have write access = 2. If you have execute permissions, you’re a 1. You can combine these permissions so some users numbers can be higher than 4.

Question 19

What is the number for chmod used for R (Read)?

Answer 19

4

Question 20

What is the number for chmod used for W (Write)?

Answer 20

2

Question 21

What is the number for chmod used for X (Execute)?

Answer 21

1

Question 22

What does “# chmod 760 filename” mean?

Answer 22

7 = Owner can RWX
6 = Group can RW
0 = All users (no access)

Question 23

What does “# chmod 777 filename” mean?

Answer 23

Everyone has access to Read, Write and Execute

Question 24

What is a Privilege Creep?

Answer 24

Occurs when a user gets additional permission over time as they rotate through different positions or roles

Question 25

What is User-Access Recertification?

Answer 25

Process where each user’s rights and permissions are re-validated to ensure they are correct

Question 26

Permission inheritance is going to happen by ____. Whenever a new folder is created, it’s going to inherit whatever the permissions are of the folder above it, which is called the ___.

Answer 26

default
parent

Question 27

What is propagation?

Answer 27

Occurs when permissions are passed to a subfolder (“child”) from the “parent” through inheritance

Question 28

If you don’t want propagation to occur, you have to do what?

Answer 28

Breaking the inheritance

This can be done by hitting the disable inheritance button in the security tab of your folder properties

Question 29

What is the minimum character length for a strong password?

Answer 29

at least 8 characters

Question 30

What is UAC?

Answer 30

User Account Control

A security component in Windows that keeps every user in standard user mode instead of acting like an administrative user

*** The only exception to this is the administrator account