sem 3 Flashcards
Types of Access Control
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
- Role- Based Access Control (RBAC)
What is Mandatory Access Control (MAC)
MAC is access based on security labels and security clearances. A user cannot grant clearance to another person. Only the administrator can grant access to users. MAC is strict and it can be applied in environments where tight control is necessary such as military.
Discretionary Access Control (DAC)
it is based on the subject and the access rules that states whether the subjects can perform certain actions on the object.
Subjects have controlled access to their own objects. it is flexible because subjects can grant access to other subjects, but can be too messy
Role-Based Access Control (RBAC)
access is based on the role subjects are assigned to and the rules that state which roles have access to which objects.
administrators assign access rights to roles, instead of individual users.
it is less flexible than DAC, but easily manageable because it is centrally-controlled.
Draw a general model for File Access
slide 22
- has the subject
- object
- and access right
what are the 3 groups that can be granted permission in Linux?
- User (owner)
- groups
- others
ls -l /etc/passwd
sees which user has what type of access to the file.
output: rw-r–r– (other stuff.._)
id
id command shows us what groups we are assigned to.
groups root
helps us to see the members of the group named “root”.
touch suss1
creates a file named “suss1”
ls -l suss1
shows us the permissions for only filed name “suss1”
output: -rw-rw-r–
chmod 765 suss1
ls -l suss1
changes permission for the file that was created by the user or owned by the user.
output: -rwxrw-r-x
values of read, write and execute command.
what is the value of
rw-r-xr?
read: 4
write: 2
execute:1
rw-r-xr–:
rw:4 + 2 = 6
r-x: 4 + 1 = 5
r–: 4
Therfore, it should be chmod 654 suss1
ls -l suss1
chmod u+x suss1
chmod ug-x suss1
chmod +x suss1
outputs:
-rw-r-xr-
-rwxr-xr–
-rw-r–r–
-rwxr-x-rx–
what command do you put if you want to remove write access for user and gain write access for group?
chmod u-w,g+w suss1
ls -l
what are the 3 types of security threats for operating systems
- intruders
- malicious software
- Buffer overflow
what are the 3 types of intruders?
Masquerader: usually outsider, breaks system access control and pretends to be another user.
Misfeasor: usually insider, user misuses his or her access privileges or access resources he or she does not have access to.
Clandestine: usually insider or outsider, gets root control system and bypasses access control
what are the 2 groups of malicious software?
independent: known as a self-contained program, and can be run by the OS (worm)
needs a host program: known as a parasitic, needs to be attached to a host program (virus)
it can destroy files and bypass access control.
Explain Buffer Overflow
– can occur because of programming error when a process
attempts to overwrite adjacent memory location
– can result in the attacker able to gain control in the
program
– attacker can use Metasploit against unpatched system
(that is vulnerable to buffer overflow) and get a shell
remotely
What are the 3 countermeasures for the 3 security threats mentioned?
- Authentication
- Access Control
- Buffer Overflow Countermeasures
Authentication
To identify and verify users or whom they claim to be.
OS can use these information to authenticate:
1. Something you know: username and passwords
2. Something you are: fingerprints
3. Something you have: ATM card
Two or more factors can be implemented to enhance security.
Access Control
works hand in hand with authentication
provides the correct access rights after authentication
sudo su -
adduser david
cat /etc/passwd
a more user friendly way to add a new user in the Linux OS
last command helps to check if the new user has been successfully added.
deluser david
delete the user david
see activity 3 in studyguide
Buffer Overflow Countermeasures
compile time defence: resist attacks by hardening program
runtime defence: aims to detect and stop attacks in executing programs
What is Operating Systems Hardening?
default configuration of the OS can open up many ports and unnecessary services, making it easy for hackers to compromise the system. Therefore, system hardening is necessary.
5 Steps for OS hardening
- installing the OS and patching
- remove unnecessary ports and applications
- configure the user, groups and permissions
- install and configure additional security measures
- Test system security.
why is the first step of hardening OS important: installing the OS
– Proper planning in installing an OS is important
– Minimise the software package included
– Booting process also has to be taken care of (e.g. password
for changes to the BIOS)
– Use of cryptographic file systems
why is the second step of hardening OS important: remove unnecessary ports and services
– System planning needs to be done to perform this task to
resolve the conflict of usability and security
– Unnecessary services should not be installed by default
why is the third step of hardening OS important: configure user, groups and permissions
– Access control needs to be planned properly so that the
users will not have more privileges than they are required
– Categorisation of users should be done with care
– Additional group that the users are in should be justifiable
why is the fourth step of hardening OS important: install and configure additional security controls
-Additional security controls should be implemented (e.g.
antivirus software, host-based firewall, host-based
intrusion detection system, etc.)
– These additional controls are often necessary
– Antivirus software needs to be updated on the definition
files (or signatures)
why is the fifth step of hardening OS important: test security measures
– To make sure that what you have implemented works
– Use a checklist (specific to the different OS being used)
