Podcast
Questions and Answers
What is the principle of least privilege?
What is the principle of least privilege?
Vertical privilege escalation involves accessing similar functions but different data.
Vertical privilege escalation involves accessing similar functions but different data.
False
What are two types of privilege escalation attacks?
What are two types of privilege escalation attacks?
Vertical escalation and horizontal escalation.
Biometric data collection raises concerns about _____ regarding the storing of sensitive data.
Biometric data collection raises concerns about _____ regarding the storing of sensitive data.
Signup and view all the answers
Match the following access control concepts with their definitions:
Match the following access control concepts with their definitions:
Signup and view all the answers
What is the first stage of access control?
What is the first stage of access control?
Signup and view all the answers
Multifactor Authentication (MFA) can only use one authentication factor.
Multifactor Authentication (MFA) can only use one authentication factor.
Signup and view all the answers
What is the purpose of a salt in password storage?
What is the purpose of a salt in password storage?
Signup and view all the answers
An example of something you _____ in authentication is a password.
An example of something you _____ in authentication is a password.
Signup and view all the answers
Match the following types of biometrics to their examples:
Match the following types of biometrics to their examples:
Signup and view all the answers
Which of the following is NOT a type of attack on password security?
Which of the following is NOT a type of attack on password security?
Signup and view all the answers
The 'liveliness detection' technology aims to ensure that biometric data comes from a live person.
The 'liveliness detection' technology aims to ensure that biometric data comes from a live person.
Signup and view all the answers
What does Shannon's entropy help estimate in relation to passwords?
What does Shannon's entropy help estimate in relation to passwords?
Signup and view all the answers
What is the primary purpose of authorization in a system?
What is the primary purpose of authorization in a system?
Signup and view all the answers
Biometric data collection poses no privacy concerns regarding sensitive data storage.
Biometric data collection poses no privacy concerns regarding sensitive data storage.
Signup and view all the answers
Study Notes
Access Control Overview
- Involves three stages: identification, authentication, and authorization.
- Identification: Claiming an identity
- Authentication: Proving identity
- Authorization: Checking permissions for specific actions or data
Authentication Factors
- Something you know (e.g., passwords)
- Something you have (e.g., access cards)
- Something you are (e.g., biometrics)
Multifactor Authentication (MFA)
- Uses two or more factors for enhanced security.
- May impact usability.
- Choice depends on prioritizing security or ease of use.
Password Security
- Balancing strength and memorability is a challenge.
- Password strength often measured by entropy.
- Common passwords reduce entropy, making them easier to guess.
- Shannon's entropy model estimates password difficulty.
- Predictable passwords should be avoided.
Password Storage
- Uses hashing and salts to protect passwords.
- Hashing prevents storing plain text passwords.
- Salt is a long pseudo-random string prepended or appended before hashing
- Different passwords with the same salt will hash differently
Password Attacks
- Brute force, dictionary attacks, and use of pre-computed hash tables.
- Random salts mitigate these risks.
- Use three random words for memorable and strong passwords.
Biometrics
- Physical biometrics: Facial identification, fingerprint recognition.
- Behavioral biometrics: How a user types.
- Identification mode: Using biometrics to find a user in a database.
Verification Mode
- User matches with a stored template of biometric recognition
Fingerprint Biometric Limitations
- Fingerprints can change due to damage.
- Wet fingerprints or sensor issues may occur.
- Fingerprints can be faked using materials.
- Liveliness detection is used to verify if the fingerprint is from a live person.
Biometric Concerns
- Privacy concerns over storing biometric data.
- Capturing failure during enrolment or verification impacts usability.
- Balancing false accept and false reject rates with usability and cost.
- Concerns about diversity in machine learning training sets in biometrics.
Authorization
- Determines if a user is permitted to complete a specific task after gaining access.
- Authorization differentiates from identification and authentication.
- Traditional access control model by Lampson.
Four Entities for Access Control
- Subject (user/process), access request, object (resource), and reference monitor
- Reference monitor checks user authorization
- Authorization can be determined at the subject or object level.
Principle of Least Privilege
- Users should be given only the minimum access needed for their job.
- Reduces risks of information disclosure and privilege escalation attacks.
Privilege Escalation Attacks
- Vertical escalation: Gaining access to a higher privilege account.
- Horizontal escalation: Accessing similar functions but different data.
- Real-world attacks use password guessing or SQL injection (for example).
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
This quiz covers key concepts in access control, including identification, authentication, and authorization. It delves into factors of authentication, multifactor authentication (MFA), and strategies for password security and storage. Test your knowledge on securing identities and managing permissions effectively.
