Access Control and Authentication Principles

Questions and Answers

What is the primary purpose of identification in access control?

The primary purpose of identification is to validate and verify an unauthenticated entity's purported identity.

List the three main factors of authentication.

The three main factors of authentication are something you know, something you have, and something you are.

How does authorization differ from authentication?

Authorization determines access levels for an authenticated entity, while authentication verifies the identity of a user.

What are authorization credentials, and what is their purpose?

Authorization credentials, or authorization tickets, are issued to authenticated users to grant them access to specific information assets.

Explain what a composite identifier is.

A composite identifier is a unique identifier made by combining elements like department codes, random numbers, or special characters.

What are the three methods of handling authorization mentioned?

Authorization can be handled for each authenticated user, for members of a group, or across multiple systems.

What role does the authenticator play in the authorization process?

The authenticator issues authorization credentials to users after verifying their identity.

Which source address allows outbound traffic according to Rule #1?

10.10.10.12

What action is taken for any traffic from the source address 10.10.10.1 based on the rules?

Deny

Identify the rule that allows traffic from the source address 10.10.10.0.

Rule #6

What is the default action for outbound traffic not explicitly stated in the rules?

Deny

Explain the purpose of Rule #2 in the outbound interface rule set.

Rule #2 denies all traffic to the destination address 10.10.10.1.

Which biometric method has the highest universality?

Face recognition.

Identify a biometric method with low uniqueness.

Face recognition.

Which biometric method is ranked highest in permanence?

Fingerprint.

What is the performance ranking of hand geometry?

Moderate (M).

Which biometric method has medium acceptability?

Hand vein.

How does the circumvention ranking compare between eye retina and iris recognition?

Iris recognition is more difficult to circumvent (H) compared to eye retina (H).

Which biometric method is noted for having high collectability?

Face recognition.

Rank the uniqueness of hand geometry.

Medium (M).

Which biometric has the lowest performance rating?

Face recognition (L).

What is the performance of eye iris recognition?

High (H).

What is accountability in the context of information security?

Accountability refers to the access control mechanism that ensures all actions on a system can be attributed to an authenticated identity.

How do system logs contribute to accountability?

System logs record specific information about actions taken on a system, aiding in the identification of authorized and unauthorized activities.

What are the main characteristics evaluated in biometric systems?

The main characteristics evaluated are false reject rate, false accept rate, and crossover error rate.

Why are only certain traits considered truly unique in biometrics?

Only traits like fingerprints, retina, iris, and DNA are considered truly unique because they distinctly identify individuals without ambiguity.

What is a common criticism of highly reliable biometric systems?

Highly reliable biometric systems are often considered intrusive by users.

What does auditability ensure in information security?

Auditability ensures that all actions, whether authorized or unauthorized, can be traced back to an authenticated identity.

In what ways are system logs utilized apart from accountability?

System logs can be used for troubleshooting, performance monitoring, and security analysis.

What is the importance of the crossover error rate in biometric systems?

The crossover error rate indicates the point where the false reject rate and the false accept rate are equal, reflecting system performance.

How are actions tracked in a secure system?

Actions are tracked using system logs that maintain records of user activities, contributing to both accountability and security monitoring.

What is the primary focus of the Clark-Wilson Integrity Model?

To ensure no unauthorized changes are made by both unauthorized and authorized subjects.

Describe the composition of the Graham-Denning Access Control Model.

It consists of a set of objects, a set of subjects, and a set of rights.

What is the main purpose of the Harrison-Ruzzo-Ullman Model?

To define methods for changing access rights and managing subjects or objects.

Explain the Brewer-Nash Model and its relevance.

It is designed to prevent conflicts of interest between two parties.

What constitutes a firewall in information security?

A combination of hardware and software that filters information between trusted and untrusted networks.

List and describe the key processing modes of firewalls.

Packet filtering, application-layer proxy, MAC layer firewalls, and hybrid models.

What kind of information do packet-filtering firewalls examine?

They examine header information of data packets, including IP addresses and TCP/UDP port requests.

How do packet-filtering firewalls differentiate between inbound and outbound traffic?

They assess the direction of the data packets based on their header information.

What role do MAC layer firewalls play in network security?

They filter traffic based on the MAC addresses of devices.

What are some examples of device configurations for firewalls?

They can be separate computer systems, software services on routers or servers, or separate networks.

Study Notes

Module 6: Security Technology: Access Controls, Firewalls, and VPNs

• Access control is a selective method for systems to specify who can use a resource and how.
• Technical controls are essential in enforcing policy for IT functions not directly managed by humans.
• Well-implemented technical controls improve balance between accessibility and confidentiality/integrity.
• Access controls focus on permissions/privileges for subjects (users/systems) on objects (resources).
• Access control includes consideration of when, how, and from where a subject can access an object, and the ways a subject uses it.
• Mandatory Access Controls (MACs) require structured data classification schemes that prioritize each information collection and user.
• Discretionary Access Controls (DACs) are implemented at the discretion of the data user.
• Nondiscretionary controls are implemented by a central authority.

Access Control Approaches

• Access control relies on four mechanisms:
  • Identification: user claiming an identity
  • Authentication: proving user identity
  • Authorization: defining allowable actions with the system
  • Accountability: tracking and monitoring user actions

Identification

• Identification validates and verifies an unauthenticated entity.
• Identifiers can be composite, combining elements like department codes, random numbers, or special characters, for uniqueness.
• Most organizations use a single, unique identifier like a full name or initials and surname.

Authentication

• Authentication validates and verifies claimed identity.
• Authentication factors include:
  • Something you know (DOB, place of birth, SSN, password)
  • Something you have (token, physical key)
  • Something you are (biometrics)

Authorization

• Authorization matches an authenticated entity to a list of assets and their access levels
• Authorization can be handled by:
  • Individual user
  • User group
  • Multiple systems

Accountability

• Accountability (auditability) ensures actions are assigned to a verified identity.
• This is usually accomplished through system logs and database journals.
• Logs record, and log entries have multi-purposes.
• Logs, system/database journals can and are commonly used as audit trails.

Biometrics

• Biometrics authenticate identity using measurable human traits.
• Accurate biometrics include fingerprints, retina, iris, and DNA.
• Biometric systems are often evaluated by false rejection rate, false acceptance rate, and crossover error rate.
• Some users find highly reliable biometric systems intrusive.

Firewall Technologies

• A firewall is a combination of hardware and software that controls information flow between trusted and untrusted networks.
• A firewall might:
  • Separate computer system
  • Utilize software on existing router/server
  • Utilize separate network with supporting devices

Firewalls Processing Modes

• Firewalls use various processing modes:
  • Packet filtering through data packet headers
  • Application-layer proxy through higher layer protocols (and cache services)
  • MAC layer firewalls using MAC addresses
  • Hybrid models using several criteria

Packet-Filtering Firewalls

• Packet-filtering firewalls examine packet header information based on several criteria, such as:
  • IP source and destination addresses
  • Direction (inbound or outbound)
  • TCP/UDP port numbers
• Simple models enforce rules blocking packets based on their addresses.

Access Control Architecture Models

• Models like TCSEC's Trusted Computing Base (TCB), used in pre-2005 DoD Rainbow Series security policy enforcement, help quickly implement or adapt access control strategies.
• Challenges of covert channels, storage channels, and timing channels must be considered.
• Other models, like ITSEC (International Standards for evaluating computer security), the Common Criteria (considered successor to TCSEC and ITSEC), Bell-LaPadula, Biba Integrity Model, Clark-Wilson, Graham-Denning, and Harrison-Ruzzo-Ullman are security models, or access control schemes having unique purposes.

Firewall Architectures

• Firewalls can be configured in several arrangements, including single bastion hosts, screened hosts, and screened subnets(with DMZs).
• Architectural decisions should consider network objectives, organizational capabilities, and available budget.

VPNs

• Virtual Private Networks (VPNs) create a private communication pathway between networked systems.
• Securely accessing internal network resources from remote locations via VPNs.
• VPN implementations exist via Trusted, Secure, and/or Hybrid VPNs.

VPN Functionality

• VPNs use encryption, encapsulation, and authentication functions to create secure connections.
• VPNs use mechanisms such as encapsulation, encryption, authentication to turn public network into private networks
• Common types of VPNs include transport mode VPNs and tunnel mode VPNs.

Content Filters

• Content filters are software programs or appliances that restrict content entering or leaving a network.
• Content filters focus on scripts or programs that limit access to specific protocols/internet locations.
• Content Filters mainly used for internal access restriction to external materials and preventing/filtering incoming spam.

Additional Information regarding Specific Topics

• Knowledge check activity questions for firewalls/access control
• Various Firewall Rule Sets are included (Rule Set 1 - Rule Set 8).
• Well-known Port Numbers are listed
• External/Internal Filtering Firewall Rule Sets
• Access Control Considerations with COVID-19

Description

This quiz covers essential concepts related to access control, authentication, and authorization. It includes questions on the factors of authentication, types of authorization credentials, and various biometric methods used in security. Test your knowledge of these foundational topics in security management.