Access Controls and Authorization Concepts

Questions and Answers

What is the primary function of access controls in computing environments?

• To simplify file sharing among users
• To regulate who or what can view or use resources (correct)
• To automatically grant access based on user history
• To maximize user flexibility with system resources

Which role is primarily responsible for maintaining access control in a system?

• End user
• Owner
• Custodian (correct)
• Administrator of the organization

What distinguishes Mandatory Access Control (MAC) from Discretionary Access Control (DAC)?

• MAC allows users to control security; DAC does not
• MAC is enforced by central authority; DAC has no constraints
• MAC is entirely user-driven while DAC is management-driven
• MAC is the most restrictive model; DAC is the least restrictive model (correct)

Which access control method is characterized by task-based controls?

Nondiscretionary Controls (NDC) (C)

What is an example of an access control mechanism?

Identification (D)

Which of the following best describes an end user in the context of access controls?

A person using the system without changing access rights (C)

What does the accountability mechanism in access control ensure?

Users are responsible for their actions within their accounts (A)

Which type of access control allows users to maintain security over their assets?

Discretionary Access Control (DAC) (A)

What are the primary functionalities of a hybrid firewall?

Combines packet filtering and proxy services (B)

Which generation of firewall is characterized by stateful inspection?

Third Generation (D)

What is a common feature of intrusion detection and prevention systems (IDPS)?

They analyze network traffic for malicious behavior (D)

Which of the following layers does a MAC layer firewall operate at?

Data Link Layer (Layer 2) (A)

Which type of firewall allows for the highest level of security due to its dynamic filtering capabilities?

Dynamic packet-filtering firewall (B)

What is the focus of second generation firewalls?

Application-level filtering (B)

What is a key characteristic of first generation firewalls?

They employ static packet filtering techniques (D)

Which type of firewall is found in operating systems and is designed to provide kernel-level protection?

Fifth Generation Firewall (B)

What primary function of IDPS involves sending notifications to administrators about abnormal activity?

Alerts (A)

Which type of IDPS is designed to monitor and analyze network protocol activities?

Network-based IDPS (D)

What is a key characteristic of the Intrusion Prevention System (IPS)?

It requires regular updates to its database. (C)

Which IDPS methodology is best suited for identifying unknown attacks?

Anomaly-based Detection (D)

Which of the following best describes the function of the remediation process in IDPS?

It provides mechanisms to block malicious threats. (D)

What distinguishes Host-based IDPS from other types of IDPS?

It is installed on a single host. (D)

Which of the following statements is true about signature-based intrusion detection?

It can only detect previously identified threats. (D)

What does the maintenance function of IDPS entail?

Ensuring proper operation of security infrastructure. (A)

What is the primary function of a firewall?

To filter incoming and outgoing traffic. (A)

Which type of firewall inspects each packet and makes filtering decisions based on predefined rules?

Packet Filtering Firewalls (C)

What distinguishes Application Gateway Firewalls from other types of firewalls?

They provide application-level control over network traffic. (D)

Which firewall type provides security for both UDP and TCP connections?

Circuit Gateways (B)

How do Packet Filtering Firewalls determine whether to allow or drop a packet?

According to predefined rules based on packet addresses. (A)

Which firewall type relies on checking the MAC addresses of devices attempting to connect?

MAC Layer Firewalls (B)

What is a notable characteristic of Circuit Gateways?

They monitor handshaking and session fulfillment processes. (B)

In which layer of the OSI model do Circuit Gateways function?

Transport and application layers. (A)

What is the primary purpose of a honeypot in cybersecurity?

To lure attackers and learn from them (B)

Which of the following statements correctly describes a research honeypot?

Identifies potential attacks through in-depth research (C)

What function do vulnerability scanners serve in a cybersecurity context?

They scan for and identify system weaknesses (C)

Which scanning tool focuses specifically on the security of network connections?

Network Scanning Tools (A)

What type of honeypot is implemented within production systems to prevent attacks on critical systems?

Production Honeypot (C)

Which of the following is NOT an advantage of using a honeypot?

Enhancing overall system performance (D)

Biometric authentication methods focus on which aspect of security?

Recognition of human body traits (D)

What distinguishes a malware honeypot from other types of honeypots?

It is specifically designed to attract malware attacks (A)

Flashcards

Access Controls

Security techniques that regulate who can use system resources.

Authorization

Giving permission to use a resource

Mandatory Access Control (MAC)

Most restrictive access control. Rules are set by management and enforced by the system.

Role-based access control

Access determined by job title/role.

Custodian

Person maintaining system security, adding/removing access rights.

End User

Person using the system. Limited access from a security perspective.

Firewall

A computer with two network cards, used to control network traffic.

Identification

Verifying a user's identity (e.g., username, email).

Hybrid Firewall

Combines multiple firewall technologies, such as packet filtering and proxy services, to provide comprehensive protection.

Application Gateway

A firewall that operates at the application layer (Layer 7), inspecting and controlling data at the application level.

Circuit Gateway

A firewall that operates at the transport layer (Layer 4), ensuring secure communication between systems.

Packet Filtering Firewall

A firewall that inspects network packets based on their headers (source and destination addresses, ports, protocols).

MAC Layer Firewall

A firewall that operates at the data link layer (Layer 2), inspecting and controlling data based on MAC addresses.

Stateful Inspection Firewall

A firewall that monitors the state of ongoing connections and uses that information to decide whether to allow or block traffic.

Intrusion Detection & Prevention System (IDPS)

A security tool that analyzes network traffic, detects malicious activities, and takes actions to prevent or mitigate attacks.

What are some benefits of an IDPS?

IDPS can detect malware, socially engineered attacks, DDoS attacks, and other threats. It offers preemptive intrusion prevention for internal threats and compromised systems.

Application Gateway Firewall

Controls access to specific applications and services, acting like a proxy for the internet. It's like a receptionist who directs you to the right department.

Circuit Gateway Firewall

Provides security for TCP and UDP connections, monitoring the handshake and session fulfillment. It's like a chaperone ensuring everyone is behaving properly.

What are the smaller message units used in networking?

Packets are smaller message units that carry data and information over a network. Each packet contains sender and recipient addresses, which helps the firewall identify the origin and destination.

What standards are used by Packet Filtering Firewalls for control?

Packet Filtering Firewalls control traffic based on the sender's address, recipient's address, and the protocol used for data transfer.

Why is the Application Gateway Firewall important for security?

It acts as a barrier between private networks and the internet, preventing unauthorized access to sensitive resources. It's like a security guard at a building's entrance ensuring only authorized personnel enter the building.

What do IDPS solutions do?

IDPS (Intrusion Detection and Prevention Systems) monitor and alert administrators about potential threats, and sometimes block them, but they don't always take action on their own.

What are the two main IDPS intrusion detection methods?

IDPS use signature-based detection for known attacks and anomaly-based detection for unknown or unusual activities.

What does signature-based intrusion detection do?

Signature-based detection identifies threats by comparing network traffic to a database of known attack patterns.

What does anomaly-based intrusion detection do?

Anomaly-based detection picks out unusual activity that doesn't match established patterns.

How does a network-based IDPS work?

A network-based IDPS examines network traffic coming in and out of the system, checking for signs of malicious activity.

How does a host-based IDPS work?

A host-based IDPS is installed on individual computers and monitors the activities on that specific computer.

What's the difference between an IDS and an IPS?

While an IDS simply alerts administrators about potential threats, an IPS takes action to block those threats based on its ruleset.

What are the main functions of IDPS?

IDPS solutions monitor for potential threats, alert admins, and sometimes block threats, and they also monitor the health of the security infrastructure.

Honeypot

A decoy system designed to attract and trap attackers, providing insights into their methods and preventing attacks on critical systems.

Research Honeypot

A type of honeypot used for analyzing and understanding attack patterns, often deployed in a controlled environment for research purposes.

Production Honeypot

A honeypot deployed within a live production system to lure attackers away from critical resources.

Vulnerability Scanner

A tool that identifies weaknesses and security flaws in a system, allowing for proactive patching and prevention of attacks.

Network Scanning Tool

A tool that assesses the security of a network, checking for open ports and connected devices, identifying potential security risks.

Penetration Testing Tool

A tool used to simulate real-world attacks to assess the security of a system's defenses, testing its resistance to unauthorized access.

Malware Analysis Tool

A tool that analyzes suspicious behavior and malware activity, helping to identify, quarantine, and prevent infections.

Biometrics

Authentication methods using unique biological characteristics of individuals, providing an additional security layer for system access.

Study Notes

Access Controls

• Access controls regulate who or what can access resources in a computing environment.
• This is a fundamental security concept to minimize risk.
• Access controls involve allowing, restricting, and denying access to resources.

Access vs. Authorization

• Authorization is permission.
• Access is the method or means to gain permission.

Important Terms

• Owner: Responsible for the integrity and security of an asset. This role may be a manager instead of a technical role.
• Custodian: Maintains system security, often by adding or removing user accounts (usually IT staff).
• End User: A person who uses an asset like reading a file or opening a webpage, but is not able to change access rights. Also referred to as the subject in some contexts.

Access Control Methods

• Mandatory Access Control (MAC): Most restrictive. Ownership and a security policy control access.
• Nondiscretionary Controls (NDC): Enforced version of MACs, controlled by a central authority.
  • Role-Based Access Controls (RBAC): Access based on a person's role in the organization.
  • Task-Based Access Controls: Access based on job tasks or duties.
• Discretionary Access Control (DAC): Least restrictive. Users can control access to their own assets.

Access Control Mechanisms

• Identification: Using email, ID, usernames, or student numbers to identify users.
• Authentication: Verification of user identity using passwords or OTPs.
• Authorization: Determining if a user is allowed to perform a certain action.

Firewalls

• A barrier between networks that filters incoming and outgoing traffic, preventing suspicious traffic.
• Can be a separate computer system, software running on a router, or a dedicated network.
• Categorized by processing type or generation.

Firewalls by Processing Type

• Packet Filtering Firewalls: Filters incoming and outgoing packets based on addresses, protocols, or rules.
• Each packet has sender and recipient addresses.
• Filters are based on source address, destination address, or protocols in the packet.

Firewalls Types

• Application Gateway Firewalls: Control application-level network traffic, often used to control access to specific resources.
• Circuit Gateways: Secure TCP/UDP connections, monitoring handshakes to verify connections.
• MAC Layer Firewalls: Use MAC addresses to control access, useful for preventing unauthorized devices from accessing resources.

Firewall Generations

• Static Packet Filtering Firewalls: Simple, static rules determining packet transmittal.
• Second Generation Firewalls: Includes proxy servers, acting as intermediaries between networks to hide internal network details.
• Third Generation Firewalls: Stateful inspection firewalls, tracking communication state (more advanced).

Intrusion Detection and Prevention Systems (IDPS)

• Intrusion Detection System (IDS): Monitors network traffic, detects malicious activities, but usually doesn't take direct action.

• Intrusion Prevention System (IPS): Controls network traffic, actively blocking or preventing threats.

• Monitoring: Analyze network traffic to identify unusual or malicious behavior.

• Alerts: Notification of potential security issues.

• Remediation: Blocking or isolating malicious activity as necessary.

• Maintenance: Checks the health of hardware and security components.

Types of IDPS

• Network-based IDPS: Monitors entire networks, examining packets for malicious code.
• Host-based IDPS: Focuses on activity on a singular host.

IDPS Methodologies

• Signature-based: Matches known malicious behavior patterns to identified threats.
• Anomaly-based: Detects unusual or unusual behavior that deviates from normal patterns to identify potential threats.

Honeypots

• Decoy systems used to attract cyberattacks, allowing researchers to understand and learn about the attacks.
• Research Honeypots: Used to study potential and actual attacks and identify security issues.
• Production Honeypots: Implemented in production systems to trap attackers and protect critical systems.

Scanning and Analyzing Tools

• Vulnerability Scanners: Identify security weaknesses.
• Network Scanners: Examine network infrastructure.
• Penetration Testing Tools : Attempt to exploit vulnerabilities.
• Malware Analysis Tools: Analyze malware samples and identify their threats.
• Log Analysis Tools: Examination of logs to find suspicious activities.

Biometric Authentication

• Use of physical characteristics to verify and control access. (Examples: fingerprint, facial recognition, iris scan)

Packet Sniffers and Traffic Analysis Tools

• Tools analyze network packets, focusing on packet contents.

Description

This quiz covers fundamental concepts related to access controls in computing environments, including definitions of access and authorization. It explores key terms such as owner, custodian, and end user, as well as various access control methods like Mandatory Access Control (MAC) and Nondiscretionary Controls (NDC). Test your understanding of these essential security concepts.