Access Controls and Authorization Concepts

Questions and Answers

What is the primary function of access controls in computing environments?

To simplify file sharing among users

To regulate who or what can view or use resources (correct)

To automatically grant access based on user history

To maximize user flexibility with system resources

Which role is primarily responsible for maintaining access control in a system?

End user

Owner

Custodian (correct)

Administrator of the organization

What distinguishes Mandatory Access Control (MAC) from Discretionary Access Control (DAC)?

MAC allows users to control security; DAC does not

MAC is enforced by central authority; DAC has no constraints

MAC is entirely user-driven while DAC is management-driven

MAC is the most restrictive model; DAC is the least restrictive model (correct)

Which access control method is characterized by task-based controls?

Nondiscretionary Controls (NDC)

What is an example of an access control mechanism?

Identification

Which of the following best describes an end user in the context of access controls?

A person using the system without changing access rights

What does the accountability mechanism in access control ensure?

Users are responsible for their actions within their accounts

Which type of access control allows users to maintain security over their assets?

Discretionary Access Control (DAC)

What are the primary functionalities of a hybrid firewall?

Combines packet filtering and proxy services

Which generation of firewall is characterized by stateful inspection?

Third Generation

What is a common feature of intrusion detection and prevention systems (IDPS)?

They analyze network traffic for malicious behavior

Which of the following layers does a MAC layer firewall operate at?

Data Link Layer (Layer 2)

Which type of firewall allows for the highest level of security due to its dynamic filtering capabilities?

Dynamic packet-filtering firewall

What is the focus of second generation firewalls?

Application-level filtering

What is a key characteristic of first generation firewalls?

They employ static packet filtering techniques

Which type of firewall is found in operating systems and is designed to provide kernel-level protection?

Fifth Generation Firewall

What primary function of IDPS involves sending notifications to administrators about abnormal activity?

Alerts

Which type of IDPS is designed to monitor and analyze network protocol activities?

Network-based IDPS

What is a key characteristic of the Intrusion Prevention System (IPS)?

It requires regular updates to its database.

Which IDPS methodology is best suited for identifying unknown attacks?

Anomaly-based Detection

Which of the following best describes the function of the remediation process in IDPS?

It provides mechanisms to block malicious threats.

What distinguishes Host-based IDPS from other types of IDPS?

It is installed on a single host.

Which of the following statements is true about signature-based intrusion detection?

It can only detect previously identified threats.

What does the maintenance function of IDPS entail?

Ensuring proper operation of security infrastructure.

What is the primary function of a firewall?

To filter incoming and outgoing traffic.

Which type of firewall inspects each packet and makes filtering decisions based on predefined rules?

Packet Filtering Firewalls

What distinguishes Application Gateway Firewalls from other types of firewalls?

They provide application-level control over network traffic.

Which firewall type provides security for both UDP and TCP connections?

Circuit Gateways

How do Packet Filtering Firewalls determine whether to allow or drop a packet?

According to predefined rules based on packet addresses.

Which firewall type relies on checking the MAC addresses of devices attempting to connect?

MAC Layer Firewalls

What is a notable characteristic of Circuit Gateways?

They monitor handshaking and session fulfillment processes.

In which layer of the OSI model do Circuit Gateways function?

Transport and application layers.

What is the primary purpose of a honeypot in cybersecurity?

To lure attackers and learn from them

Which of the following statements correctly describes a research honeypot?

Identifies potential attacks through in-depth research

What function do vulnerability scanners serve in a cybersecurity context?

They scan for and identify system weaknesses

Which scanning tool focuses specifically on the security of network connections?

Network Scanning Tools

What type of honeypot is implemented within production systems to prevent attacks on critical systems?

Production Honeypot

Which of the following is NOT an advantage of using a honeypot?

Enhancing overall system performance

Biometric authentication methods focus on which aspect of security?

Recognition of human body traits

What distinguishes a malware honeypot from other types of honeypots?

It is specifically designed to attract malware attacks

Study Notes

Access Controls

• Access controls regulate who or what can access resources in a computing environment.
• This is a fundamental security concept to minimize risk.
• Access controls involve allowing, restricting, and denying access to resources.

Access vs. Authorization

• Authorization is permission.
• Access is the method or means to gain permission.

Important Terms

• Owner: Responsible for the integrity and security of an asset. This role may be a manager instead of a technical role.
• Custodian: Maintains system security, often by adding or removing user accounts (usually IT staff).
• End User: A person who uses an asset like reading a file or opening a webpage, but is not able to change access rights. Also referred to as the subject in some contexts.

Access Control Methods

• Mandatory Access Control (MAC): Most restrictive. Ownership and a security policy control access.
• Nondiscretionary Controls (NDC): Enforced version of MACs, controlled by a central authority.
  • Role-Based Access Controls (RBAC): Access based on a person's role in the organization.
  • Task-Based Access Controls: Access based on job tasks or duties.
• Discretionary Access Control (DAC): Least restrictive. Users can control access to their own assets.

Access Control Mechanisms

• Identification: Using email, ID, usernames, or student numbers to identify users.
• Authentication: Verification of user identity using passwords or OTPs.
• Authorization: Determining if a user is allowed to perform a certain action.

Firewalls

• A barrier between networks that filters incoming and outgoing traffic, preventing suspicious traffic.
• Can be a separate computer system, software running on a router, or a dedicated network.
• Categorized by processing type or generation.

Firewalls by Processing Type

• Packet Filtering Firewalls: Filters incoming and outgoing packets based on addresses, protocols, or rules.
• Each packet has sender and recipient addresses.
• Filters are based on source address, destination address, or protocols in the packet.

Firewalls Types

• Application Gateway Firewalls: Control application-level network traffic, often used to control access to specific resources.
• Circuit Gateways: Secure TCP/UDP connections, monitoring handshakes to verify connections.
• MAC Layer Firewalls: Use MAC addresses to control access, useful for preventing unauthorized devices from accessing resources.

Firewall Generations

• Static Packet Filtering Firewalls: Simple, static rules determining packet transmittal.
• Second Generation Firewalls: Includes proxy servers, acting as intermediaries between networks to hide internal network details.
• Third Generation Firewalls: Stateful inspection firewalls, tracking communication state (more advanced).

Intrusion Detection and Prevention Systems (IDPS)

• Intrusion Detection System (IDS): Monitors network traffic, detects malicious activities, but usually doesn't take direct action.

• Intrusion Prevention System (IPS): Controls network traffic, actively blocking or preventing threats.

• Monitoring: Analyze network traffic to identify unusual or malicious behavior.

• Alerts: Notification of potential security issues.

• Remediation: Blocking or isolating malicious activity as necessary.

• Maintenance: Checks the health of hardware and security components.

Types of IDPS

• Network-based IDPS: Monitors entire networks, examining packets for malicious code.
• Host-based IDPS: Focuses on activity on a singular host.

IDPS Methodologies

• Signature-based: Matches known malicious behavior patterns to identified threats.
• Anomaly-based: Detects unusual or unusual behavior that deviates from normal patterns to identify potential threats.

Honeypots

• Decoy systems used to attract cyberattacks, allowing researchers to understand and learn about the attacks.
• Research Honeypots: Used to study potential and actual attacks and identify security issues.
• Production Honeypots: Implemented in production systems to trap attackers and protect critical systems.

Scanning and Analyzing Tools

• Vulnerability Scanners: Identify security weaknesses.
• Network Scanners: Examine network infrastructure.
• Penetration Testing Tools : Attempt to exploit vulnerabilities.
• Malware Analysis Tools: Analyze malware samples and identify their threats.
• Log Analysis Tools: Examination of logs to find suspicious activities.

Biometric Authentication

• Use of physical characteristics to verify and control access. (Examples: fingerprint, facial recognition, iris scan)

Packet Sniffers and Traffic Analysis Tools

• Tools analyze network packets, focusing on packet contents.

Description

This quiz covers fundamental concepts related to access controls in computing environments, including definitions of access and authorization. It explores key terms such as owner, custodian, and end user, as well as various access control methods like Mandatory Access Control (MAC) and Nondiscretionary Controls (NDC). Test your understanding of these essential security concepts.