Password Management and Security

Questions and Answers

What is the primary purpose of salting in password storage?

• To add a random value to the password before hashing (correct)
• To store passwords in plaintext
• To make passwords more complex
• To enforce password expiration policies

What type of firewall monitors and controls incoming and outgoing traffic on a single host?

• Application-based firewall
• Host-based firewall (correct)
• Perimeter firewall
• Network-based firewall

What is the main difference between Default Deny and Default Allow firewall rules?

• Default Deny is used for network-based firewalls, while Default Allow is used for host-based firewalls
• Default Deny allows all traffic, while Default Allow denies all traffic
• Default Deny denies all traffic unless explicitly allowed, while Default Allow allows all traffic unless explicitly denied (correct)
• Default Deny is used for incoming traffic, while Default Allow is used for outgoing traffic

What is the primary goal of Access Control Lists (ACLs)?

To define permissions for users or groups to access resources (A)

What is the main difference between Symmetric and Asymmetric encryption?

Symmetric encryption uses a single key, while Asymmetric encryption uses a pair of keys (A)

What is the primary purpose of Cryptographic Hash Functions?

To ensure data integrity (D)

What is the main advantage of using Role-Based Access Control (RBAC)?

It simplifies the management of access control by assigning roles to users (D)

What is the main goal of password expiration policies?

To force users to change their passwords regularly (D)

Flashcards are hidden until you start studying

Study Notes

Password Management

• Password Policies:
  • Length: minimum 8-12 characters
  • Complexity: mix of uppercase, lowercase, numbers, and special characters
  • Expiration: 60-90 days
  • History: prevent reuse of previous passwords
• Password Storage:
  • Hashing: one-way encryption, storing hashed passwords instead of plaintext
  • Salting: adding a random value to the password before hashing
• Password Cracking:
  • Types: brute force, dictionary, rainbow table attacks
  • Prevention: use strong passwords, implement rate limiting, and account lockout policies

Firewalls

• Types:
  • Network-based: monitors and controls incoming and outgoing network traffic
  • Host-based: monitors and controls incoming and outgoing traffic on a single host
• Firewall Rules:
  • Default deny: denies all traffic unless explicitly allowed
  • Default allow: allows all traffic unless explicitly denied
• Firewall Configurations:
  • Whitelisting: only allows specific traffic to pass through
  • Blacklisting: blocks specific traffic from passing through

Access Control

• Access Control Models:
  • Discretionary Access Control (DAC): access based on user identity
  • Mandatory Access Control (MAC): access based on user clearance level
  • Role-Based Access Control (RBAC): access based on user role
• Access Control Lists (ACLs):
  • Define permissions for users or groups to access resources
  • Can be used to implement DAC, MAC, and RBAC models
• Authentication, Authorization, and Accounting (AAA):
  • Authentication: verifies user identity
  • Authorization: determines access to resources
  • Accounting: tracks and logs user activity

Cryptography

• Types of Cryptography:
  • Symmetric encryption: uses the same key for encryption and decryption
  • Asymmetric encryption: uses a pair of keys for encryption and decryption
• Cryptography Algorithms:
  • AES (Advanced Encryption Standard): symmetric encryption algorithm
  • RSA (Rivest-Shamir-Adleman): asymmetric encryption algorithm
• Cryptographic Hash Functions:
  • SHA-256 (Secure Hash Algorithm 256): one-way encryption, used for data integrity
  • MD5 (Message-Digest Algorithm 5): one-way encryption, used for data integrity (though considered insecure)

Password Management

• Password policies require a minimum of 8-12 characters in length, with a mix of uppercase, lowercase, numbers, and special characters.
• Passwords should expire every 60-90 days and have a history to prevent reuse of previous passwords.
• Password storage involves hashing, which is a one-way encryption, and salting, which adds a random value to the password before hashing.
• Password cracking can be prevented by using strong passwords, implementing rate limiting, and account lockout policies.
• Types of password cracking attacks include brute force, dictionary, and rainbow table attacks.

Firewalls

• Network-based firewalls monitor and control incoming and outgoing network traffic.
• Host-based firewalls monitor and control incoming and outgoing traffic on a single host.
• Firewall rules can have a default deny policy, which denies all traffic unless explicitly allowed, or a default allow policy, which allows all traffic unless explicitly denied.
• Firewall configurations can use whitelisting, which only allows specific traffic to pass through, or blacklisting, which blocks specific traffic from passing through.

Access Control

• Discretionary Access Control (DAC) grants access based on user identity.
• Mandatory Access Control (MAC) grants access based on user clearance level.
• Role-Based Access Control (RBAC) grants access based on user role.
• Access Control Lists (ACLs) define permissions for users or groups to access resources and can be used to implement DAC, MAC, and RBAC models.
• Authentication verifies user identity, authorization determines access to resources, and accounting tracks and logs user activity.

Cryptography

• Symmetric encryption uses the same key for encryption and decryption.
• Asymmetric encryption uses a pair of keys for encryption and decryption.
• AES (Advanced Encryption Standard) is a symmetric encryption algorithm.
• RSA (Rivest-Shamir-Adleman) is an asymmetric encryption algorithm.
• SHA-256 (Secure Hash Algorithm 256) is a one-way encryption algorithm used for data integrity.
• MD5 (Message-Digest Algorithm 5) is a one-way encryption algorithm used for data integrity, but it is considered insecure.