CompTIA Security+ Section 20: Access Control

¡Supera tus tareas y exámenes ahora con Quizwiz!

What are the different Access Control Models?

- Discretionary Access Control (DAC) - Mandatory Access Control (MAC) > Rule-Based Access Control > Lattice-Based Access Control - Role-Based Access Control - Attribute-Based Access Control (ABAC)

What does #chmod 777 <filename> mean?

- Owner can RWX - All groups can RWX - All users can RWX

What does #chmod 760 <filename> mean?

- Owner can RWX - Group can RW - All Users (no access)

How can permissions be set within Linux?

- Read - Write - Execute

Best Practices for Access Control

-Separation of duties -Job rotation -Least privilege -Implicit deny -Mandatory vacations

What number correlates to X (Execute) permissions within Linux?

1

How can you keep your usernames, passwords, and accounts secure?

1. Always require the user to change the default password when the account is created 2. Require that the password is changed frequently (every 90 days) 3. Always change the default Administrator or Root password 4. Disable the Guest account on your systems 5. Enable CTRL+ALT+DEL for logging into the system • Turn this on in the Advanced tab of the User Accounts dialogue box 6. Use good, strong policies in regards to your passwords

Benefits of using User Account Control (UAC)

1. Eliminates unnecessary admin-level requests for Windows resources 2. Reduces risk of malware using admin-level privileges to cause system issues

How can you create a new user within an ADUC?

1. Right-click on an empty area in the Users folder of ADUC and select Create New User 2. Create a new user within the Organizational Unit (OU) within Active Directory

What number correlates to W (Write) permissions within Linux?

2

What number correlates to R (Read) permissions within Linux?

4

What is the minimum number of characters for a secure password?

8

User Account Control (UAC)

A security component in Windows that keeps every user in standard user mode instead of acting like an administrative user - Can be disabled from the Control Panel (not recommended)

ADUC

Active Directory Users and Computers

Implicit Deny

All access to a resource should be denied by default and only be allowed when explicitly stated A rule in an ACL that blocks all traffic that hasn't been explicitly allowed. This rule is the last rule in an ACL

Mandatory Access Control (MAC)

An access control policy where the computer system determines the access control for an object. The computer chooses the permissions Relies on security labels being assigned to every user (called a subject) and every file/folder/device or network connection (called an object). Data labels create trust levels for all subjects and objects. To access something, you need to meet the minimum level and have a "need-to-know" Implemented through the Rule-based and the Lattice-based access control methods An access control model that uses sensitivity labels assigned to objects (files and folders) and subjects (users). Mac restricts access based on a need to know basis

Role-Based Access Control (RBAC)

An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single data label to define the permission level - Power Users is a role-based permission An access control model that uses roles based on jobs and functions to define access. It is often implemented with groups (providing group-based privileges)

Attribute-Based Access Control (ABAC)

An access model that is dynamic and context-aware using IF-THEN statements - If Jason is in HR, then give him access to \\fileserver\HR An access control model that grants access to resources based on attributes assigned to subjects and objects

How do you get rid of propagation?

By breaking the inheritance

Groups

Collection of users based on common attributes (generally work roles)

Strong Passwords

Contain uppercase letters, lowercase letters, numbers, special characters, and at least 8 characters or more (preferably 14 or more)

Rule-based Access Control

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label - type of MAC

Access Control

Methods used to secure data and information by verifying a user has permissions to read, write, delete, or otherwise modify it

Privilege Creep

Occurs when a user gets additional permission over time as they rotate through different positions or roles. Violates the principles of least privilege

Propagation

Occurs when permissions are passed to a subfolder from the parent through inheritance

Job Rotation

Occurs when users are cycled through various jobs to learn the overall operations better, reduce their boredom, enhance their skill level, and most importantly, increase our security. Helps the employee become more well-rounded and learn new skills. This also helps the organization identify theft, fraud, and abuse of position A process that ensures employees rotate through different jobs to learn the processes and procedures in each job. It can sometimes detect fraudulent activity

Who are permissions set to/assigned to?

Owners (U), Groups (G), and All Users (O or A)

User Rights

Permissions assigned to a given user

User Access Recertification

Process where each user's rights and permissions are revalidated to ensure they are correct

chmod

Program in Linux that is used to change the permissions or rights of a file or folder using a shorthand number system

Separation of Duties

Requires more than one person to conduct a sensitive task or operation. Can be implemented by a single user with a user and admin account A security principle that prevents any single person or entity from controlling all the functions of a critical or sensitive process. It's designed to prevent fraud, theft, and errors

Discretionary Access Control (DAC)

The access control policy is determined by the owner. Commonly used Two things need to be met: 1. Every object in a system must have an owner 2. Each owner determines access rights and permissions for each object An access control model where all objects have owners and owners can modify permissions for the objects (files and folders). Microsoft NTFS uses this model

UAC

User Account Control

Least Privilege

Users are only given the lowest level of access needed to perform their job functions. - "Does everyone in the company need to know employee salary data?" A security principle that specifies that individuals and processes are granted only the rights and permissions needed to perform assigned tasks or functions, but no more

Lattice-based Access Control

Utilizes complex mathematics to create sets of objects and subjects to define how they interact - type of MAC

How can permissions be set within Windows?

• Full Control • Modify • Read & Execute • List Folder Contents • Read • Write


Conjuntos de estudio relacionados

EMS Chapter 38: Transport Operations

View Set

OB: Chp. 12 - Charismatic Leadership

View Set

Quiz 1 (Behaviorism, Constructivism, Transfer of Learning)

View Set

Chapter 7: GMAT Math, Basic Principles

View Set