Security Flashcards
What is the Zero-Day problem in computer security?
Vulnrabilityies known to attackers but not yet identified by software vendors (Zero day refers to the amount of time the vulnrability was known for).
Why is absolute security unattainable?
unattainablue due to the Complexity of modern computing systems.
- software and hardware flaws
- humman error
What is the Principle of Least Privilege (PoLP?)
PoLP states that a user should be given the minimum level of access necessary to complete their job.
- this helps reduce damage if an account is compromised by limiting acess the attacher would have.
What is the difference between Discretionary Access Control (DAC) and Mandatory Access Control (MAC)?
DAC allows users to control the access rights of their files, while MAC policies are enforced by the system administrator and users have limited control over access rights.
What is SELinux?
SELinux (Security Enhanced Linux) is a security framework that implements mandatory access control in the Linux Kernal.
What is SELinux’s modes of operation?
Tree Modes:
- Enforcing - policies are enforced and access violations are logged
- Permissive - policies not enforced but violations are logged
- Disabled - SELinux is turned off and no violations are logged
How does patch cycle contribute to computer security?
It involves discovering vulnerabilities, preparing and publishing patches and users installing them, which helpprotect against known vulnerabilities
What are the benefits of the chmod command in Linux?
It changes the premissions of a file or directory. This helps control who has read, write ore execute the file.
What is Multi-Catagory Security MCS in SELinux?
MCS adds an additional layer of labeling to enforce more granular security policies, preventing processes from accessing resources not explicitly premitted.
How does Multi-Level Security (MLS) work in SELinux?
MLS controls process access based on data levels, allowing processes to access data only within their clearance level
