Podcast Beta
Questions and Answers
A user with Top Secret clearance can access files without any restrictions.
False
Discretionary Access Control allows object owners to define access permissions for other users.
True
Role-Based Access Control provides uniform access privileges to all users within a system.
False
NTFS is an example of a file system that uses Discretionary Access Control.
Signup and view all the answers
In Role-Based Access Control, the Administrator role can run procedures assigned to other roles.
Signup and view all the answers
Identification involves proving that a person is who they say they are.
Signup and view all the answers
Biometric authentication uses identifiable traits like fingerprints for user verification.
Signup and view all the answers
Password protection is an infallible method for confirming identity due to its complexity.
Signup and view all the answers
Common methods for password attacks include guessing and brute force.
Signup and view all the answers
A dictionary attack involves using phrases from a dictionary to guess passwords.
Signup and view all the answers
The same dictionaries that help identify weak passwords can also assist attackers.
Signup and view all the answers
User names can be used as a secure form of authentication.
Signup and view all the answers
Authentication can use two, three, four, or more factors.
Signup and view all the answers
A one-time password can be used multiple times.
Signup and view all the answers
Continuous authentication requires proper setup and endpoint guarding.
Signup and view all the answers
A subject can be a human user issuing requests on objects.
Signup and view all the answers
Access modes do not include the ability to modify or delete objects.
Signup and view all the answers
A privileged account has fewer permissions than a guest account.
Signup and view all the answers
Out-of-band communication is exemplified by sending a bank card PIN separately from the card.
Signup and view all the answers
The COPS, Crack, and SATAN utilities are used to scan systems for weak passwords.
Signup and view all the answers
Auditing access activity falls under the category of authorization.
Signup and view all the answers
A brute force attack involves guessing passwords based on personal traits of the user, like eye color.
Signup and view all the answers
Users might be granted different levels of access, such as read-only or full control.
Signup and view all the answers
Encryption is used to store passwords in their public form to enhance security.
Signup and view all the answers
Good password practices include using a mix of characters and avoiding real words.
Signup and view all the answers
Passive tokens are devices like magnetic-stripe cards and do not change over time.
Signup and view all the answers
Dynamic tokens are static by nature and do not offer any form of security improvement.
Signup and view all the answers
Biometric authentication methods include voice and fingerprint recognition.
Signup and view all the answers
Single sign-on (SSO) allows users to log in once and access multiple services without re-authenticating.
Signup and view all the answers
Changing passwords regularly is not considered necessary for good security practices.
Signup and view all the answers
Access Control Models include Role-based Access Control.
Signup and view all the answers
The principle of least privilege allows users to have unrestricted access to all system objects.
Signup and view all the answers
An access log can help identify which objects were accessed in case of misuse.
Signup and view all the answers
In Mandatory Access Control (MAC), every subject requires a Clearance to access the object.
Signup and view all the answers
Mandatory Access Control (MAC) is primarily used in civilian sectors rather than military applications.
Signup and view all the answers
An Access Control Matrix can be represented as a list of triples consisting of subject, object, and rights.
Signup and view all the answers
The Need to Know Policy permits users to access all available information within the system.
Signup and view all the answers
Access logs are unnecessary as they do not aid in system upgrades or failure investigations.
Signup and view all the answers
Access Control Lists (ACLs) are one of the ways to implement access control in systems.
Signup and view all the answers
Study Notes
Authentication Overview
- Computers rely on data for identity recognition in the absence of face-to-face cues.
- Authentication involves proving asserted identities, typically through passwords and security questions.
Types of Authentication Factors
- Something You Know: Involves passwords and PINs.
- Something You Are: Utilizes biometrics like fingerprints, facial recognition, and voice patterns.
- Something You Have: Involves physical tokens such as ID badges and driver's licenses.
Password Authentication
- Password systems authenticate by checking user-inputted passwords against stored records.
-
Weaknesses:
- Human practices can compromise password strength (e.g., reusing passwords).
- Attack methods include guessing, dictionary attacks, and brute force tactics.
Password Attacks
- Common attack techniques:
- Guessing (easy, based on common patterns or personal details).
- Dictionary attacks (using lists of common words).
- Brute force attacks (exhaustively trying all potential passwords).
Good Password Practices
- Use diverse characters beyond just lowercase letters.
- Create long, memorable passwords.
- Regularly change passwords and avoid sharing them.
Biometric Authentication
- Biometrics include various physical characteristics:
- Fingerprints, hand shape, retinal patterns, voice recognition, and facial features.
Token-based Authentication
-
Types of Tokens:
- Active Tokens: E.g., cards that interact with sensors.
- Passive Tokens: E.g., keys or identification cards.
- Static Tokens: Constant value (e.g., ID cards).
- Dynamic Tokens: Values that change to prevent duplication.
Advanced Authentication Methods
- Single Sign-On (SSO): Allows users to log in once and gain access to multiple services.
- Multifactor Authentication: Employs two or more authentication factors for enhanced security.
- One-Time Passwords (OTP): Used only once and must be shared securely between parties.
Access Control Fundamentals
- AAA: Stands for Authentication, Authorization, and Accounting, crucial for security management.
- Access Control: Limits who can access specific objects and defines permitted actions.
Access Control Mechanisms
- Account Types: End user, privileged, guest, service, and shared accounts.
- Access Policies: Enforce least privilege and monitor acceptable usage.
Access Logging
- Systems maintain audit logs to track user accesses, useful for troubleshooting and understanding access patterns.
Access Control Models
- Mandatory Access Control (MAC): Uses labels for permission based on security clearance, common in military applications.
- Discretionary Access Control (DAC): Object owners determine access, commonly used in Windows and UNIX systems.
- Role-Based Access Control (Role-BAC): Access assigned based on user roles, allowing distinct permissions for different user types.
Role-Based Access Control Examples
- User roles like "Teller," "Clerk," and "Administrator" assigned different permissions associated with banking operations.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Explore the essentials of authentication in computer security with this quiz based on Chapter 2 from the Information & Computer Security course. Understand how systems identify users and the importance of proper authentication methods. Test your knowledge and ensure your grasp of essential security concepts.
