Certified Cybersecurity Technician Data Security Exam 212-82 PDF
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Summary
This document details data security controls and access controls in Windows. It covers topics like NTFS permissions and how to configure them. It is intended for a professional audience, such as a cybersecurity technician.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Data Security Module Flow 01 4...
Certified Cybersecurity Technician Exam 212-82 Data Security Module Flow 01 4 03 Understand Data Security #4.. | 7" Discuss Data Backup, and its Importance V- Retention, and Destruction 0202 Ny YT g W 04 04 Discuss Various Data §,§ * w Discuss Data Loss Security Controls Prevention Concepts Discuss Various Data Security Controls The objective of this section is to explain the use of various security controls to secure the data data. Module 15 Page 1761 EC-Council Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security ACL: Setting Access Controls and Permissions to Files and Folders in Windows Access controls can authorize users, groups, and computers to access files and folders in a computer When a user or an application requests for an access to the operating system resources, they need to submit their credentials to the operating system Credentials are access tokens created every time a user or an application tries to log in 0OS compares the details contained in the access tokens with the Access Control Entries (ACEs) for verification The ACEs can block or permit the services depending on object type ACL: Setting Access Controls and Permissions to Files and Folders in Windows (Cont’d) Aopiying NTFSpermisions o sies | (PRI [ P IN Special Permissions associated with each each NTFS NTFS File Permission: Sopivig NTFS permicsions osites T QQO Typical file permissions allowed on :;""m:":m ::"‘m‘:m v W ¥ v i v the NTFS file system are: reyeed Rescws v ¥ v v Read Resd Attnbutes ¥ 7 7 ¥ N~ v A v = Full Control D NN¥ ¥ v v Create Files/Wrie Filew/Write = Modify s Vil Y M e | | N | W Lol g v = Read and Execute wiesmeaes wieawese 7 4v | - LNE | R NS4 v = Read Deetesuttodens :::::Md«n N == Write Write = :;,m : ; ; ; ¥ v ¥ v & v O o v QO Q Each of these permissions includes a ::"'“"“ :‘_"““’" ¥ logical group of special permissions P ¥ N ¥ < ¥ v ¥ ¥ htps.//docs. micresoft.com https://docs. microsoft com Module 15 Page 1762 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security ACL:. Setting. Access Controls 3 e1 i x ° ° ° General Shaing Securty Previous Versions Customize and Permissions to Files and e Folders in Windows (Cont’d) o s nomes Group & Matn (martin@CND com) & Administrator £2 Admnstrators (CND\Administrators) QO To set, view, edit, or remove special permissions: To change pomiesions, cick Ed1 — Go to the specific file or folder on which you want to set a special Pemissionsfor SYSTEM Aow _ Deny permission Full control v " Moddy v... ' Read 8 execute V4 Right-click on the file or folder, click Properties, and then click PP ! the Security tab Read v Write v v @ cioknancs e Click Add to set special permissions for a new group or user in. —_ @ Permission Entry Window e ey, All Rights Reserved. Reproduction Is Strictly Prohibited ACL: Setting Access Controls and Permissions to Files and Folders in Windows (Cont’d) Applying NTFS permissions to folders | [Liruol ] Il Nl K Traverse folder/ N Q Typical folder permissions allowed on the NTFS Excimohic v v 4 4 file system are Resd Dots ¥ v v ¥ " «¢ Full Control :::”: : : : : : % Modify s R > ¢+ Read and Execute s el \ 4 v «* List Folder Contents vimearibstes o7 ¥ ¥ % Read —_—y ¥ v < Write Scbteidarsand A Files Q Each of these permissions include a logical Oelete ¥ v group of special permissions eitemin of o ¥ v v ¥ ::‘r::‘unn V Special Permissions associated with _ _ > | Theowmenns W7 each NTFS Folder Permission Syachvonise ¥ ¥ A4 < ¥ 4 https//docs microsoft.com Copyright © by EC All Rights Reserved, ReproductionIs Strictly Prohibited ACL: Setting Access Controls and Permissions to Files and Folders in Windows Access controls can authorize users, groups, and computers to access files and folders in a computer. When a user or an application requests for an access to the operating system resources, they need to submit their credentials to the operating system. Credentials are access tokens created every time a user or an application tries to log in. The operating system verifies whether the access token is created as a permission to access the objects before allowing the user or application to access them. Here, the OS compares the details contained in the access Module 15 Page 1763 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security tokens with the access control entries (ACEs) for verification. The ACEs can block or permit the services depending on object type. For example, the ACEs for a Printer are print, manage printing, and manage documents. The ACLs contain a combination of an object’s ACEs. = ACEs: An ACL can have zero or more ACEs, wherein each ACE has the access to an object. Overall, there are six types of ACEs, out of which securable objects support three (generic types), and the other three are directory service objects (object-specified types). * The three generic types of ACEs are: o Access denied ACE: Used in a discretionary ACL to prevent access to any user. o Access allowed ACE: Used in a discretionary ACL to allow access to any user. o System audit ACE: Used in a system ACL to create an audit log for each attempt by a user while accessing the objects. = The three object-specified types of ACEs are: o Access denied, object-specific ACEs: Used in the discretionary access control list to block access to a property or property set. It can even stop the inheritance level of a specified type of child object. o Access allowed, object-specific ACEs: Used in a discretionary ACL to permit access to a property or property set. It can even stop the inheritance level of a specified type of child object. o System audit, object-specific ACEs: Used in a system ACL to create an audit log when a user attempts to access the child object. The object-specific types and generic types differ only in the design of the inheritance level. = ACLs: An ACL is a table that provides a detailed description of the access rights of the users for accessing objects. Every object has an ACL that contains the details of the user rights and privileges for accessing that object. Each OS system has specific ACLs. The ACLs have one or more ACEs that contains the user details. = Permissions: Each container or object has a security descriptor attached to itself. This security descriptor contains a detailed description of the user access rights. The security descriptor is created along with the container or object. An ACE represents the permission to users or user groups, and the entire list or set of permissions is contained in an ACL. There are two types of permissions: o Explicit permissions: Permissions that are set by default upon creation. o Inherited permissions: Permissions inherited from the parent object to the child object. For example, any files and folders in a folder can inherit the permissions applicable to that particular parent folder. Here, the parent folder has an explicit permission, whereas the files and folders have inherited permissions. Module 15 Page 1764 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security = There are two sets of permission entries for accessing a folder on a file server: o Share permission on a folder: Used for files and folders shared across the network or many user accounts. The permissions can be either denied or granted depending on the users or user accounts. The most commonly used shared permissions are full control, change, and read. NTFS permissions on a folder: Control the permissions over a network and local computers. The most commonly used NTFS permissions are full control, modify, read and execute, and read and write. Applying NTFS Permissions to Files and Folders Access controls for files and folders can specify which users and user groups can have the access permissions. NTFS files and folder permissions allow users to access files stored on a local computer and also files stored in a shared folder over a network. NTFS also allows the sharing of permissions on shared folders in accordance with file and folder permissions. = NTFS permissions for files: O Full control: Specifies whether the user has all permissions to access files. Users with full control have the complete access rights to any file even if permission is denied to them. Modify: Allows the user to read, write, execute, and traverse. Read and execute: Allows the user to go through each directory and read all files. Read: Allows the user to list folders, read files, read attributes, and read permissions. Write: Allows the user to create files, write data, create folders, and set attributes. Module 15 Page 1765 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Specnal Full Read and m Traverse Folder/ L CCC KL Execute File ¢ CELCLLCLCCLCLC L€« List Folder/ Read Data € €€ Read Attributes < €€ €L Read Extended Attributes Create Files/Write Data €€« Create Folders/ Append Data Write Attributes Write Extended Attributes Delete Subfolders and Files Delete €€ Read Permission Change Permission Take Ownership Synchronise v v v < Table 15.2: Special permissions associated with each NTFS file permission NTFS permissions for folders: o Full control: Specifies whether the user has complete access to folders. o Modify: This allows the user to read, write, execute, and traverse. o Read and execute: This allows the user to list folders, read files, read attributes, and read permissions. o List folder contents: Specifies if the user can access the folders and sub-folders. o Read: This allows the user to list folders, read files, read attributes, and read permissions. o Write: Allows a user to create files, write data, create folders, and set attributes. Module 15 Page 1766 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security Special Full Read and List Folder Modi Read Traverse Folder/ Execute File CLELCLCLCLC L € €CCCLL K Y &Y List Folder/ Y Y Read Data Read Attributes Read Extended Attributes Create Files/Write Data €€« Create Folders/ Append Data Write Attributes Write Extended Attributes Delete Subfolders and Files CEECECEC Delete €< Read Permission Change Permission Take Ownership Synchronise \2 4 v v \2 Table 15.3: Special permissions associated with each NTFS folder permission List folder contents permissions can be set only when they are inherited by folders and not files, whereas read and execute can only be set for files and folders. It is possible to back up and restore data on NTFS files. However, it is not possible to set permissions to individual files and folders for FAT files. To set, view, change, or remove special permissions for files and folders, go to a specific file or folder on which you want to set the special permission. 1. Right-click the file or folder, click Properties, and then click the Security tab 2. Click Advanced 3. Click Add to set special permissions for the user or new group in the Permission Entry window In Linux, ACLs are used to implement access control by setting access permissions to a specific file or folder. Module 15 Page 1767 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Data Security ~ Demo Properties X General Sharing Securty Previous Versions Customize Object name: Object name: C:\Demo Group GI'DUD or or user user names: names: SYSTEM 8& Martin Martin ([email protected]) (matin@CND com) 2 Administrator £2 Administrators (CND\Administrators) To change pemissions, click Edit. Edit... Pemissions for SYSTEM Allow Deny Full control v : NN Modfy v AR NANANE Modify Read & execute v List folder contents v Read v Write Wirite v For special pemissions pemmissions or advanced settings, anced click Advanced. click Advanced. o Pdvancgd — | Cose || Cancel Cancel Aoply Figure 15.4: Screenshot of Properties window Module 15 Page 1768 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.
