Access Control and Identity Management

Questions and Answers

What is the primary purpose of Mandatory Access Control (MAC)?

To track and monitor user activity

To authenticate users using biometric characteristics

To enforce access control through a set of rules based on user identity and resource classification (correct)

To grant access based on user roles

What type of threat is a sophisticated and targeted attack?

External Threat

Zero-Day Threat

Insider Threat

Advanced Persistent Threat (APT) (correct)

What is the purpose of Secure Sockets Layer/Transport Layer Security (SSL/TLS)?

To encrypt data at rest

To encrypt data in transit (correct)

To authenticate users using tokens

To track and monitor user activity

What is the primary purpose of the General Data Protection Regulation (GDPR)?

To protect sensitive personal data

What is the primary purpose of Host-Based Intrusion Detection Systems (HIDS)?

To monitor and detect malicious activity on hosts

What is the primary function of a hub in a network?

To connect multiple devices and amplify the signal

What is the purpose of network segmentation?

To isolate and restrict network access to sensitive areas

What is the goal of risk assessment?

To identify and prioritize potential risks

What is the primary purpose of a compliance framework?

To ensure compliance with regulatory requirements

What is the purpose of penetration testing?

To identify vulnerabilities and weaknesses

What is the primary purpose of data classification?

To protect sensitive data from unauthorized access

What is the primary purpose of access control models?

To restrict access to sensitive areas

What is the primary purpose of Single Sign-On (SSO)?

To simplify the login process for users

What is the primary purpose of a firewall?

To block unauthorized access to or from a network

What is the primary purpose of a vulnerability scan?

To identify potential vulnerabilities in a system

Study Notes

Access Control And Identity Management

• Access Control Models:
  • Mandatory Access Control (MAC): Enforces access control through a set of rules based on user identity and resource classification
  • Discretionary Access Control (DAC): Grants access based on user identity and permissions
  • Role-Based Access Control (RBAC): Assigns access based on user roles
  • Attribute-Based Access Control (ABAC): Grants access based on user attributes
• Identity Management:
  • Authentication: Verifies user identity
  • Authorization: Grants access to resources based on user identity
  • Accounting: Tracks and monitors user activity
• Identity Management Protocols:
  • Kerberos: Provides secure authentication using tickets
  • LDAP (Lightweight Directory Access Protocol): Manages and authenticates users and devices
  • RADIUS (Remote Authentication Dial-In User Service): Authenticates and authorizes network access
• Access Control Technologies:
  • Biometric Authentication: Uses unique physical or behavioral characteristics for authentication
  • Smart Cards: Stores user credentials and authentication information
  • Tokens: Generates one-time passwords for authentication

Threats And Vulnerabilities

• Threat Types:
  • Insider Threats: Threats from within an organization
  • External Threats: Threats from outside an organization
  • Advanced Persistent Threats (APTs): Sophisticated and targeted attacks
  • Zero-Day Threats: Exploits previously unknown vulnerabilities
• Vulnerability Types:
  • Network Vulnerabilities: Weaknesses in network infrastructure
  • System Vulnerabilities: Weaknesses in operating systems and applications
  • Application Vulnerabilities: Weaknesses in software applications
  • Human Vulnerabilities: Weaknesses in human behavior and decision-making
• Threat Actors:
  • Hackers: Individuals who exploit vulnerabilities for personal gain or malicious purposes
  • Script Kiddies: Inexperienced hackers who use pre-existing tools and scripts
  • Nation-State Actors: Government-sponsored hackers
  • Organized Crime: Criminal organizations that use hacking for financial gain
• Vulnerability Scanning:
  • Network Vulnerability Scanning: Identifies vulnerabilities in network infrastructure
  • System Vulnerability Scanning: Identifies vulnerabilities in operating systems and applications
  • Application Vulnerability Scanning: Identifies vulnerabilities in software applications

Application Data And Host Security

• Secure Coding Practices:
  • Input Validation: Verifies user input to prevent attacks
  • Error Handling: Handles errors and exceptions securely
  • Secure Data Storage: Protects sensitive data at rest
• Secure Communication Protocols:
  • SSL/TLS (Secure Sockets Layer/Transport Layer Security): Encrypts data in transit
  • HTTPS (Hypertext Transfer Protocol Secure): Encrypts web traffic
  • SFTP (Secure File Transfer Protocol): Encrypts file transfers
• Host Security:
  • Host-Based Intrusion Detection Systems (HIDS): Monitors and detects malicious activity on hosts
  • Host-Based Intrusion Prevention Systems (HIPS): Prevents malicious activity on hosts
  • Host Security Baselines: Establishes a secure configuration for hosts
• Data Protection:
  • Data Encryption: Protects data at rest and in transit
  • Data Loss Prevention (DLP): Prevents unauthorized data exfiltration
  • Data Backup and Recovery: Ensures data availability and recoverability

Compliance And Operational Security

• Compliance Regulations:
  • HIPAA (Health Insurance Portability and Accountability Act): Protects sensitive health information
  • PCI-DSS (Payment Card Industry Data Security Standard): Protects sensitive payment card information
  • GDPR (General Data Protection Regulation): Protects sensitive personal data
• Operational Security:
  • Incident Response: Responds to and manages security incidents
  • Disaster Recovery: Ensures business continuity in the event of a disaster
  • Business Continuity Planning: Ensures business continuity in the event of a disaster
• Risk Management:
  • Risk Assessment: Identifies and evaluates potential risks
  • Risk Mitigation: Reduces the likelihood and impact of potential risks
  • Risk Acceptance: Accepts potential risks and implements compensating controls
• Security Policies and Procedures:
  • Security Policy: Outlines the organization's security goals and objectives
  • Security Procedures: Outlines the steps to implement security policies

Network Security

• Network Security Fundamentals:
  • Network Segmentation: Divides a network into smaller, isolated segments
  • Network Access Control (NAC): Restricts network access to authorized devices
  • Network Encryption: Encrypts data in transit
• Network Security Protocols:
  • IPsec (Internet Protocol Security): Encrypts data in transit
  • SSH (Secure Shell): Encrypts remote access to network devices
  • DNSSEC (Domain Name System Security Extensions): Encrypts DNS traffic
• Network Security Devices:
  • Firewalls: Blocks unauthorized access to a network
  • Intrusion Detection Systems (IDS): Monitors and detects malicious activity
  • Intrusion Prevention Systems (IPS): Prevents malicious activity
• Network Security Threats:
  • Malware: Malicious software that damages or exploits a network
  • Denial of Service (DoS) Attacks: Overwhelms a network with traffic
  • Distributed Denial of Service (DDoS) Attacks: Overwhelms a network with traffic from multiple sources

Access Control And Identity Management

• Mandatory Access Control (MAC): Enforces access control through a set of rules based on user identity and resource classification.
• Discretionary Access Control (DAC): Grants access based on user identity and permissions.
• Role-Based Access Control (RBAC): Assigns access based on user roles.
• Attribute-Based Access Control (ABAC): Grants access based on user attributes.
• Authentication: Verifies user identity.
• Authorization: Grants access to resources based on user identity.
• Accounting: Tracks and monitors user activity.
• Kerberos: Provides secure authentication using tickets.
• LDAP (Lightweight Directory Access Protocol): Manages and authenticates users and devices.
• RADIUS (Remote Authentication Dial-In User Service): Authenticates and authorizes network access.
• Biometric Authentication: Uses unique physical or behavioral characteristics for authentication.
• Smart Cards: Stores user credentials and authentication information.
• Tokens: Generates one-time passwords for authentication.

Threats And Vulnerabilities

• Insider Threats: Threats from within an organization.
• External Threats: Threats from outside an organization.
• Advanced Persistent Threats (APTs): Sophisticated and targeted attacks.
• Zero-Day Threats: Exploits previously unknown vulnerabilities.
• Network Vulnerabilities: Weaknesses in network infrastructure.
• System Vulnerabilities: Weaknesses in operating systems and applications.
• Application Vulnerabilities: Weaknesses in software applications.
• Human Vulnerabilities: Weaknesses in human behavior and decision-making.
• Hackers: Individuals who exploit vulnerabilities for personal gain or malicious purposes.
• Script Kiddies: Inexperienced hackers who use pre-existing tools and scripts.
• Nation-State Actors: Government-sponsored hackers.
• Organized Crime: Criminal organizations that use hacking for financial gain.
• Network Vulnerability Scanning: Identifies vulnerabilities in network infrastructure.
• System Vulnerability Scanning: Identifies vulnerabilities in operating systems and applications.
• Application Vulnerability Scanning: Identifies vulnerabilities in software applications.

Application Data And Host Security

• Input Validation: Verifies user input to prevent attacks.
• Error Handling: Handles errors and exceptions securely.
• Secure Data Storage: Protects sensitive data at rest.
• SSL/TLS (Secure Sockets Layer/Transport Layer Security): Encrypts data in transit.
• HTTPS (Hypertext Transfer Protocol Secure): Encrypts web traffic.
• SFTP (Secure File Transfer Protocol): Encrypts file transfers.
• Host-Based Intrusion Detection Systems (HIDS): Monitors and detects malicious activity on hosts.
• Host-Based Intrusion Prevention Systems (HIPS): Prevents malicious activity on hosts.
• Host Security Baselines: Establishes a secure configuration for hosts.
• Data Encryption: Protects data at rest and in transit.
• Data Loss Prevention (DLP): Prevents unauthorized data exfiltration.
• Data Backup and Recovery: Ensures data availability and recoverability.

Compliance And Operational Security

• HIPAA (Health Insurance Portability and Accountability Act): Protects sensitive health information.
• PCI-DSS (Payment Card Industry Data Security Standard): Protects sensitive payment card information.
• GDPR (General Data Protection Regulation): Protects sensitive personal data.
• Incident Response: Responds to and manages security incidents.
• Disaster Recovery: Ensures business continuity in the event of a disaster.
• Business Continuity Planning: Ensures business continuity in the event of a disaster.

Network Security

• OSI model consists of 7 layers
• TCP/IP model consists of 4 layers
• Network devices include router, switch, hub, and bridge
• Firewalls come in three types: network-based, host-based, and application-based
• Network segmentation can be achieved through VLAN and subnetting
• Network access control includes 802.1X and NAC

Risk Management and Compliance

• Risk assessment involves identifying, analyzing, and prioritizing risks
• Risk mitigation strategies include avoid, transfer, mitigate, and accept
• Security policies include acceptable use, password, and incident response policies
• Compliance frameworks include HIPAA, PCI-DSS, and NIST
• Operational security includes backup, disaster recovery, and incident response

Threats and Vulnerabilities

• Malware types include virus, worm, Trojan, spyware, and ransomware
• Network threats include DoS, DDoS, spoofing, and man-in-the-middle attacks
• Social engineering types include phishing, pretexting, and baiting
• Vulnerability scanning can be network-based or host-based
• Penetration testing types include black box, white box, and gray box
• Vulnerability remediation involves patching and configuration hardening

Application, Data, and Host Security

• Secure coding practices include input validation and error handling
• Secure communication protocols include SSL/TLS and HTTPS
• Data classification includes public, internal, confidential, and top secret categories
• Data protection methods include encryption, access control, and backup
• Host hardening involves disabling unnecessary services and removing unnecessary software
• Host-based intrusion detection systems (HIDS) are used for host security

Access Control and Identity Management

• Access control models include MAC, DAC, and RBAC
• Authentication methods include username/password, biometric, and smart card
• Identity and access management (IAM) systems are used for identity management
• Single sign-on (SSO) and federated identity are used for authentication

Description

Test your knowledge of access control models and identity management concepts, including MAC, DAC, RBAC, and ABAC, as well as authentication and authorization.