Section 20 - Access Control Flashcards
What is Access Control?
Methods used to secure data and information by verifying a user has permissions to read, write, delete or otherwise modify it
What are the four access control models?
DAC
MAC
RBAC
ABAC
What is DAC?
Discretionary Access Control
The access control policy is determined by the owner
What is MAC?
Mandatory Access Control
An access control policy where the computer system determines the access control for an object
*** It does this through data labels. Data labels create this trust level for all subjects. Every person gets a label of their trust level and each data object gets a label as well. It then compares these labels to each other to give access. For example, someone with a secret clearance (subject) would not get access to top security information (object.)
If you want to access something with a MAC system, you need to not just meet the minimum level but you also have to have what?
A need to know
*** This system is typically seen in military installations
MAC is implemented in one of two ways. These are what?
Rule Based
Lattice Based
What is RAC?
Rule Based Access Control
Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label
What is Lattice Based Access Control?
Utilizes complex mathematics to create sets of objects and subjects to define how they interact
MAC exists in a couple of OS but which of them does it not?
Windows
This is because Windows uses Discretionary Access Control instead
What is RBAC?
Role Based Access Control
An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single data label to define the permission level
*** The whole idea here is that we set permissions based on the job function. For example, you’d have a role for IT, HR and sales. Each have their own roles based on their job and their permissions are tailored to what access they need between each other. So HR wouldn’t need access to IT files but IT would need access to HR’s.
What is ABAC?
Attribute Based Access Control
An access model that is dynamic and context-aware using IF-THEN statements
*** This uses tagging things so you can give the right permissions using different software automation.
What are some of the best practices for access control?
Implicit Deny
Least Privilege
Separation of Duties
Job Rotation
What is Implicit Deny?
All access to a resource should be denied by default and only be allowed when explicitly stated
What is Least Privilege?
Users are only given the lowest level of access needed to perform their job functions
What is Separation of Duties?
Requires more than one person to conduct a sensitive task or operation
What is Job Rotation?
Occurs when users are cycled through various jobs to learn the overall operations better, reduce their boredom, enhance their skill level, and most importantly, increase our security
What is ADUC?
Active Directory Users and Computers
This is a program inside of Windows where you can explore all the users, the groups, and the computers. You can see all the lists of the users on this particular program.
What is chmod?
Change Mod
Program in Linux that is used to change the permissions or rights of a file or folder using a shorthand number system
*** This comes down to three numbers, if you have read access = 4. If you have write access = 2. If you have execute permissions, you’re a 1. You can combine these permissions so some users numbers can be higher than 4.
What is the number for chmod used for R (Read)?
4
What is the number for chmod used for W (Write)?
2
What is the number for chmod used for X (Execute)?
1
What does “# chmod 760 filename” mean?
7 = Owner can RWX
6 = Group can RW
0 = All users (no access)
What does “# chmod 777 filename” mean?
Everyone has access to Read, Write and Execute
What is a Privilege Creep?
Occurs when a user gets additional permission over time as they rotate through different positions or roles
What is User-Access Recertification?
Process where each user’s rights and permissions are re-validated to ensure they are correct
Permission inheritance is going to happen by ____. Whenever a new folder is created, it’s going to inherit whatever the permissions are of the folder above it, which is called the ___.
default
parent
What is propagation?
Occurs when permissions are passed to a subfolder (“child”) from the “parent” through inheritance
If you don’t want propagation to occur, you have to do what?
Breaking the inheritance
This can be done by hitting the disable inheritance button in the security tab of your folder properties
What is the minimum character length for a strong password?
at least 8 characters
What is UAC?
User Account Control
A security component in Windows that keeps every user in standard user mode instead of acting like an administrative user
*** The only exception to this is the administrator account