Access Control and Authentication Quiz - Week 4
13 Questions
2 Views

Access Control and Authentication Quiz - Week 4

Created by
@PatientSanAntonio

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is a primary concern when using biometrics in systems?

  • Privacy concerns over storing sensitive data (correct)
  • Cost of hardware
  • Speed of data processing
  • User interface design

    • Authorization is the same as identification in security systems.

    False

    What does the Principle of Least Privilege entail?

    Users should only be given the minimum access necessary to perform their job.

    Vertical escalation involves gaining access to a ________ privilege account.

    <p>higher</p> Signup and view all the answers

    Match the following access control terms with their definitions:

    <p>Authorization = Permission to perform a task Privilege Escalation = Gaining unauthorized access to higher-level account Reference Monitor = Checks user authorization for resources Basic Access Modes = Types of actions that can be performed on an object</p> Signup and view all the answers

    What are the three stages involved in access control?

    <p>Identification, Authentication, Authorization</p> Signup and view all the answers

    Multifactor Authentication (MFA) enhances security but does not affect usability.

    <p>False</p> Signup and view all the answers

    What is a method used to protect passwords during storage?

    <p>Hashing</p> Signup and view all the answers

    A long pseudo-random string added to a password before hashing is known as a ______.

    <p>salt</p> Signup and view all the answers

    Which of the following is NOT a challenge in password security?

    <p>Password hashing</p> Signup and view all the answers

    Match the following biometrics with their types:

    <p>Facial identification = Physical biometrics Typing patterns = Behavioural biometrics Fingerprint recognition = Physical biometrics Voice recognition = Behavioural biometrics</p> Signup and view all the answers

    Liveliness detection aims to confirm that a biometric sample comes from a live person.

    <p>True</p> Signup and view all the answers

    Name one type of attack aimed at compromising password security.

    <p>Brute force attack</p> Signup and view all the answers

    Study Notes

    Access Control

    • Involves three stages: identification, authentication, and authorization
    • Identification: claiming an identity
    • Authentication: proving identity
    • Authorization: checking permissions for specific actions or data

    Authentication Factors

    • Something you know (e.g., passwords)
    • Something you have (e.g., access cards)
    • Something you are (e.g., biometrics)

    Multifactor Authentication (MFA)

    • Uses two or more authentication factors for enhanced security
    • May impact usability

    Password Security

    • Challenges balancing strength and memorability
    • Password strength is often measured by entropy
    • Common passwords skew entropy calculations
    • Shannon's entropy model helps estimate difficulty of guessing predictable passwords

    Password Storage

    • Uses hashing and salts to protect passwords
    • Salt: a long, pseudo-random string prepended or appended to a password before hashing
    • This prevents direct storage of plain text passwords
    • Different passwords, even with the same value, result in different hashed values due to the inclusion of a salt

    Password Attacks

    • Brute-force attacks
    • Dictionary attacks
    • Pre-computed hash table attacks

    Password Guidance

    • Use three random words for memorable and strong passwords

    Biometrics

    • Physical biometrics: facial identification, fingerprint recognition
    • Behavioural biometrics: how a user types
    • Identification Mode: Using biometrics to find a user in a database

    Verification Mode

    • User matches with a stored template of biometric recognition

    Fingerprint Biometrics Limitations

    • Fingerprints can change due to cuts or damage
    • Wet or faked fingerprints can cause issues
    • Fingerprints can be lifted from surfaces

    Biometric Concerns

    • Privacy concerns over storing sensitive biometric data
    • Failure to capture biometrics during enrollment or verification
    • Balancing false accept and false reject rates with system usability and cost
    • Concerns about diversity in machine learning training sets for biometrics

    Access Control Model

    • Four entities: subject (user/process), access request, object (resource), reference monitor

    Least Privilege Principle

    • Users should only have the minimum necessary access to perform their job
    • Reduces risk of information disclosure and privilege escalation

    Privilege Escalation Attacks

    • Vertical escalation: gaining access to a higher privilege account
    • Horizontal escalation: accessing similar functions with different data (e.g., another user's account)
    • Often performed through password guessing or SQL injection

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Week 4 Notes - Computer Security PDF

    Description

    Test your knowledge on the key aspects of access control, including identification, authentication, and authorization. Explore multifactor authentication, password security, and effective password storage techniques. This quiz covers essential concepts critical for maintaining security in digital systems.

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser