Cyber Security: Access Control and AAA

Questions and Answers

PDF Questions PDF Answers

What does DAC stand for in the context of access control principles?

Discretionary Access Control

Which principle ensures that subjects are granted access only to what they need to know for their work tasks and job functions?

Attribute-based access control (ABAC)

Least privilege

Separation of privileges

Need to know (correct)

Mandatory Access Control (MAC) determines access levels based on the resource's sensitivity.

True

RBAC stands for Role-based access control, which controls access based on the __________ that users have within the system.

roles

What is access control?

Access Control is the process of protecting a resource so that it is used only by those allowed to.

Which functions are included in access control?

Authentication

Match the types of access control with their descriptions:

Physical Access Control = Controls access to physical resources like buildings or rooms Logical Access Control = Deciding which users can access a system and monitoring their actions Biometrics = Uses unique physical characteristics for authentication, like fingerprints or iris scans Passwords = Stringent controls for user passwords, with account lockout policies and event logging

What is the purpose of the Security Kernel?

The Security Kernel enforces access control for computer systems as a central point of control.

Biometrics is a type of logical access control.

False

What are the levels of Firewalls mentioned in the content?

Circuit level proxy firewall

What type of filtering is used by Packet filter and Stateful inspection firewalls to limit access to specific services?

IP address and protocol values

Application proxy firewalls relay and monitor the exchange of information for specific application protocols.

True

Circuit level gateway relays TCP segments from one connection to the other without examining contents, and its security function consists of determining which connections will be ________.

allowed

What are the conditions required for a user to access an object based on Rule-Based Access Control?

User's security clearance equals or dominates the object's classification, user has necessary need to know

What is the main obstacle to the adoption of Attribute-Based Access Control (ABAC) in real systems?

Performance impact

AAA protocols are commonly used with remote access systems to prevent internal LAN authentication systems from being attacked remotely.

True

RADIUS is a client/server protocol that enables __________ users to communicate with a central server to authorize their access to the requested system or service.

remote access

Match the following AAA protocols with their descriptions:

RADIUS = Client/server protocol for remote access communication TACACS+ = Provides centralized access control with TCP transport protocol DIAMETER = Protocol to build upon RADIUS functionality using TCP

What does IPS stand for?

Intrusion Prevention Systems

Which detection techniques can a Host-Based IPS (HIPS) utilize?

All of the above

Anomaly-based IPS detect deviations from a baseline of normal network behavior.

True

Honeypots are decoy systems designed to lure a potential attacker away from critical systems and collect information about the attacker's _ _ _ _ _ _ _ _.

activity

Define control as per the given context.

Control is defined as an action, device, procedure, or other measure that reduces risk by eliminating or preventing a security violation, by minimizing the harm it can cause, or by discovering and reporting it to enable corrective action.

Which type of controls address mechanisms and procedures primarily implemented by people rather than systems?

Operational controls

What do Technical controls involve in the context of security?

Technical controls involve the correct use of hardware and software security capabilities in systems, ranging from simple to complex measures to secure critical and sensitive data, information, and IT system functions.

Match the following email security technologies with their descriptions:

MIME = Provides new header fields for email messages S/MIME = Enhances email security allowing signing and encryption of emails PGP = Uses Public Private Keys method for email encryption and digital signatures

DNSSEC is deployed to prevent DNS Hijacking and DNS Pharming.

True

Define malware according to NIST 800-83.

A program that is inserted into a system with the intent of compromising confidentiality, integrity, or availability of data, applications, or operating systems.

Which information security properties can be compromised by malware?

All of the above

Malicious code attacks one or more of the three information security properties: Confdentiality, Integrity, and Availability.

malware

Persistent malware is always installed in persistent storage like a hard drive.

True

Match the malware classification dimensions:

Host dependent or Independent = Independent malware runs on its own while host dependent malware requires a host program. Persistent or Transient = Persistent malware is stored long-term, while transient malware is in volatile memory. Where it install itself = Refers to the layer of the system where malware is installed. How it is triggered = Describes the method of malware activation. Static or dynamically updated = Static malware lack infrastructure while dynamically updated ones can communicate with servers. Act alone or coordinated attack = Act alone malware are isolated, whereas coordinated malware contribute to larger attacks.

What does HTTPS stand for?

Hypertext Transfer Protocol Secure

What is the main purpose of the TLS Handshake Protocol?

All of the above

IPsec provides security services at the application layer.

False

______ provides the capability to secure communications across a LAN, private and public WANs, and the Internet, examples include: Secure branch office connectivity over the Internet, Secure remote access over the Internet, Establishing extranet and intranet connectivity with partners, and Enhancing electronic commerce security.

IPsec

How are payloads classified based on in terms of damage or threat to the system?

Based on the damage or threat they bring

Which of the following are classes of payload mentioned in the text? (Select all that apply)

Information Theft- Keyloggers and Spyware

What does a Botnet refer to?

Collection of bots capable of acting in a coordinated manner

Keyloggers capture keystrokes to monitor sensitive information. Is this statement true or false?

True

Which of the following are main types of malware? (Select all that apply)

Virus

What is the main characteristic of a virus?

Infects programs and replicates to infect other content

Match the virus classification with its description:

Boot sector infector = Infects master boot record or boot record Macro virus = Infects files with macro or scripting code Encrypted virus = Creates a random encryption key and encrypts the remainder of the virus Stealth virus = Designed to hide itself from anti-virus software

Malvertising involves compromising websites to place malware on them.

False

Rootkits are difficult to detect and remove because they modifiy parts of the ____________ to conceal their presence.

operating system

Study Notes

Access Control

• Access control is the process of protecting a resource so that it is used only by those allowed to.
• The ultimate goal of access control is to secure all assets of an organisation.

Access Control Functions

• Identification: Who is asking to access the asset?
  • Subjects supply identification information (e.g., username, user ID, account number)
• Authentication: Can their identities be verified?
  • Verifying the identification information (e.g., passphrase, PIN, biometric, password, OTP)
• Authorisation: What can the requester access and do?
  • Using criteria to determine what the subjects can do on objects (e.g., "I know who you are, I will allow you to do what you are allowed to")
• Accountability: How are actions traced to an individual to ensure the person who makes data or system changes can be identified?
  • Audit logs and/or real-time monitoring to track subject activities with objects

Policy Definition and Policy Enforcement Phases

• Policy definition phase: Defining who has access and what systems or resources they can use (tied to authorisation phase)
• Policy enforcement phase: Grants/Rejects requests for access based on the authorisations defined in the first phase (tied to identification, authentication, and accountability)

Access Control Components

• Physical Access Control: Controlling access to physical resources or areas (e.g., smart cards, biometrics)
• Logical Access Control: Deciding which users can get into a system and what they can do on that system

Types of Access Control

• Physical Access Control: Controlling access to physical resources or areas
• Logical Access Control: Deciding which users can get into a system and what they can do on that system

Enforcing Access Control

• The Security Kernel: Enforces access control for computer systems and is the central point of access control
• How Access Control is enforced: The security kernel intercepts requests, refers to its rules base, and allows or denies access based on the rules

Logical Access Control Solutions

• Biometrics: Static (e.g., fingerprints, iris granularity, retina blood vessels) and dynamic (e.g., voice infections, keyboard strokes, signature motions)
• Tokens: Synchronous (e.g., one-time password) and asynchronous (e.g., smart cards, memory cards)
• Passwords: Stringent password controls for users, account lockout policies, and auditing logon events
• Single sign-on: Kerberos process, Secure European System for Applications in a Multi-Vendor Environment (SESAME)

Authentication Types

• Authentication by Knowledge: Something you know (e.g., passwords, passphrases, PIN number)
• Authentication by Ownership: Something you own (e.g., synchronous token, asynchronous token)
• Authentication by Characteristics: Something unique to you (e.g., biometrics, dynamic signatures)
• Authentication by Location: Somewhere you are (e.g., location-based authentication)

Access Control Principles

• Files and folders are managed by the operating system
• Access control entry (ACE) and access control list (ACL) manage access to files and folders
• A file handle provides an opaque identifier for a file/folder
• File operations include open, read, write, execute, and close

Access Control Models

• Discretionary Access Control (DAC): Access control based on the identity of the requester and on access rules
• Mandatory Access Control (MAC): Access control based on comparing security labels with security clearances
• Role-Based Access Control (RBAC): Access control based on roles that users have within the system
• Attribute-Based Access Control (ABAC): Access control based on attributes of the user, the resource to be accessed, and current environmental conditions

Discretionary Access Control (DAC)

• DAC is a scheme in which an entity may be granted access rights that permit the entity to enable another entity to access some resource
• Most common operating systems rely on DAC principles for access and operation
• DAC is often provided using an access matrix

DAC Terms and Concepts

• Access Control Lists (ACLs): Lists of users who are given the privilege of access to a system or resource
• User Provisioning: Granting access to new employees and include checking management approvals for granting access### Access Control Principles
• Access control permits access to an object based on the labelled security protection assigned to that object, such as Top Secret, Secret, Confidential, and unclassified.
• Access control models include Rule-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Authentication, Authorisation, and Accountability (AAA).

Rule-Based Access Control (RBAC)

• Uses specific rules to indicate what can and cannot happen between a subject and an object.
• Based on the concept of "if X then Y" programming rules.
• Before a subject can access an object, it must meet a set of predefined rules.

Attribute-Based Access Control (ABAC)

• Can define authorisations that express conditions on properties of both the resource and the subject.
• Strength lies in its flexibility and expressive power.
• Main obstacle to its adoption is concern about the performance impact of evaluating predicates on both resource and user properties.

Authentication, Authorisation, and Accountability (AAA)

• AAA protocols are commonly used with remote access systems to provide centralised access control.
• Prevent internal LAN authentication systems and other servers from being attacked remotely.
• Used for mobile IP, which provides access to mobile users with smart phones.

Centralised and Decentralised AAA

• Centralised authentication, authorisation, and accounting (AAA) servers include RADIUS, TACACS+, and DIAMETER.
• Decentralised access control: access control is in the hands of the people closest to the system users.

RADIUS

• A client/server protocol and software that enables remote access users to communicate with a central server to authorise their access.
• Allows companies to have a single administered entry point, providing standardisation in security and a simplistic way to track usage and network statistics.

TACACS+

• Provides the same functionality as RADIUS with a few differences in some of its characteristics.
• Uses TCP as its transport protocol, while RADIUS uses UDP.
• TACACS+ is faster to transmit and suitable for complex environments.

DIAMETER

• A protocol that has been developed to build upon the functionality of RADIUS and overcome many of its limitations.
• Uses TCP as its transport protocol.
• Provides the same type of functionality as RADIUS and TACACS+ in addition to wireless networks access.

Single Sign-On (SSO)

• In an SSO system, users have one password for all corporate and back-office systems and applications they need to perform their jobs.
• Single Sign-On mechanisms include Kerberos, Federated Identities, and others.

Kerberos

• Designed to provide authentication for client-server applications by using symmetric-key cryptography.
• A free implementation available from MIT.
• Works by assigning a unique key, called a ticket, to each user.

Federated Identities

• Sites have an arrangement with a service so users can log in with the service credentials and don't have to create a new unique user name and password.
• Examples include Facebook, Google, and others.

Defensive Technologies

• Firewall Systems: Used to establish a controlled link between the premises network and the Internet.
• Intrusion Detection Systems (IDS): Gathers and analyses information to identify possible security intrusions.
• Intrusion Prevention Systems (IPS): Blocks malicious traffc in real-time.
• Honeypots: A trap set to detect, deflect, or detain an intruder.

Firewall Systems

• Placed between the premises network and the Internet to establish a controlled link.
• Used as a perimeter defence.
• Separates the internal systems from external networks.
• Characteristics: monitors network traffic, only authorised traffic is allowed, and the firewall itself is immune to penetration.

Types of Firewall

• Packet filtering firewall: Monitors network traffic at a number of levels, from low-level network packets to inspecting details of application protocols.
• Stateful filtering firewall: Reviews packet information and records information about TCP connections.
• Application proxy firewall: Acts as a relay of application-level traffic.
• Circuit-level proxy firewall: Sets up two TCP connections and relays TCP segments between them.

Host-Based Firewalls/Personal Firewall

• Used to secure an individual host.
• Available in operating systems or can be provided as an add-on package.
• Can be housed in a router that connects all of the home computers to the Internet.
• Filter and restrict packet flows, and provide an additional layer of protection.

Intrusion Detection Systems (IDS)

• Gathers and analyses information from various areas within a computer or network to identify possible security intrusions.

• Comprises of three logical components: sensors, analysers, and user interface.

• Uses either the Anomaly detection or the Signature/Heuristic detection approach.### Security Controls

• A security control is defined as an action, device, procedure, or other measure that reduces risk by eliminating or preventing a security violation, by minimizing the harm it can cause, or by discovering and reporting it to enable corrective action.

Control Classifications

Management Controls

• Focus on security policies, planning, guidelines, and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization's mission.
• These controls refer to issues that management needs to address.

Operational Controls

• Address the correct implementation and use of security policies and standards, ensuring consistency in security operations and correcting identified operational deficiencies.
• These controls relate to mechanisms and procedures that are primarily implemented by people rather than systems.
• They are used to improve the security of a system or group of systems.

Technical Controls

• Involve the correct use of hardware and software security capabilities in systems.
• These range from simple to complex measures that work together to secure critical and sensitive data, information, and IT systems functions.

Control Classes

• Each of the control classes may include the following:
  • Supportive controls:
    • Pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls.
  • Preventative controls:
    • Focus on preventing security breaches from occurring, by inhibiting attempts to violate security policies or exploit a vulnerability.
  • Detection and recovery controls:
    • Focus on the response to a security breach, by warning of violations or attempted violations of security policies or the identified exploit of a vulnerability and by providing means to restore the resulting lost computing resources.

Technical Controls - TCP/IP Security Solution

• A number of approaches to providing Internet security are possible.
• The various approaches that have been considered are similar in the services they provide in relation to the TCP/IP protocol stack.

Description

This quiz covers the basics of access control, including logical access control, access control principles, and access control models, as well as authentication, authorization, and accountability (AAA) in cyber security.