Fundamentals of Information Security - Section 2
Biba model uses
1. Simple integrity axon is the level of access granted to an individual must be no lower than the classification of the resource 2. Star integrity axiom is anyone accessing a resource can only write its contents to a resource classified at the same level or lower
Bell-Lapadula model uses
1. Simple security property is the level of access granted to an individual must be at least as high as the classification of the resource in order for the individual to access it 2. Star property is anyone accessing a resource can only write (or copy) its contents to another resource classified at the same level or higher
1. What are some of the differences between access control lists and capabilities?
ACL's define permissions based on a given resource, identity, and a set of permissions, all generally held in a file of some sort, you can also define permissions based on a user's token, or key, otherwise known as a capability
If you're using an identity card as the basis for your authentication scheme, what steps might you add to the process to allow you to move to multifactor authentication?
Adding an additional password
Discuss the difference between authorization and access control.
Authorization is the process of determining exactly what an authenticated party can do. Access controls are the tools and systems you use to deny or allow access.
Why does access control based on the media access control address of this system on our network not represent strong security?
Because a MAC address is easily changed
The Bell-Lapadula and Biba multi-level access control models both have a primary security focus. Can these two models be used together?
Bell-Lapadula model uses the simple security property and the star security property Biba model uses the simple integrity axiom and the star integrity axiom
What are the differences between the MAC and DAC models of access control?
DAC model relies on the group owner's discretion and the MAC model relies on a separate entity to authorize access to whatever group/resource
Define "defense in depth."
Defense in depth is the basic concept to formulate a multi layered defense that will allow you to still mount a successful resistance should one or more of your defensive measures fail.
What are six items that might be considered logical controls?
It can include items such as passwords, encryption, access controls, firewalls, and intrusion detection system.
Define the Parkerian Hexad and its principles.
It contains the confidentiality integrity and availability triad. But also contains possession or control, authenticity, utility, and nonrepudiation Possession or control refers to the physical disposition of the media on which the data is stored. Authenticity allows you to say whether you've attributed the data in question to the proper owner or creator. Similar but reverse concept to this is nonrepudiation which prevents people from taking an action. Utility refers to how useful the data is to you.
Define Modification attacks
Modification attacks involved tampering with an asset.
Identify the factors involved in a multifactor authentication technique.
Multifactor authentication can be a combination of any of the following: something you know, something you are, something you have, something you do, and where you are. Such as a username and an ID card, or a password and pin, etc.
Compare authentication types
Multifactor authentication uses one or more of factors listed previously Mutual authentication is authentication mechanism in which both parties and transaction authenticate each other.
What do you call the process in which the client authenticates to the server and the server authenticates to the client?
Mutual authentication
If you're using an 8-character password that contains only lowercase characters, would increasing the length to 10 characters represent significant increase in strength? Why or why not?
No, it would still be lacking in uniqueness
What biometric factor describes how well a characteristic resists change over time
Permanence
Compare the abilities of physical, logical, and administrative controls, and combinations of same, to protect resources.
Physical controls include fences, gates, locks, guards, and cameras. Logical controls can include items such as passwords, encryption, access controls, firewalls, intrusion detection systems. Administrative controls are based on rules, laws, policy, procedures, guidelines, and other items that are paper in nature. They dictate how the users of your environment should behave.
Based on the Parkerian hexad, what principles are affected if you lose a shipment of encrypted backup tapes that contain personal and payment information for your customers?
Possession, authenticity, utility
A key would be described as which type of authentication factor?
Something you have
What factors might you use when implementing a multifactor authentication scheme for users who are logging onto workstations that are in a secure environment and are used by more than one person?
Username, password, passcode
Identify password security best practices.
Using a complex password. Using password hygiene such as utilizing password managers which help us manage all the logins and passwords we have for different accounts. don't use the same password for everything.
What term might you use to describe the usefulness of data?
Utility
Define identity verification.
Verifying identity based off a form, such as a driver's license, social security card, or birth certificate Note: identity verification is still not as good as authentication
How do you measure the rate at which you fail to authenticate legitimate users in a biometric system
We would measure it by using the the (FRR) or the false rejection rate. This is used when a false negative result or it fails to authenticate the user in the biometric system.
If the web servers in your environment are based on Microsoft's Internet Information Services and a new worm is discovered that attacks Apache web servers, what do you not have?
A new threat
Which type of system is considered absolutely secure?
A system that is shut off and disconnected from all networks; The only absolutely secure system does not allow any access.
Compare threats, vulnerabilities, risk, and impact.
A threat is something that has the potential to cause harm. Vulnerabilities are weaknesses or holes that threats can exploit to cause harm. Risk is the likelihood that something bad will happen. Impact takes into account the value of the asset being threatened and uses it to calculate risk.
What does the Brewer in Nash model protect against?
Also known as the Chinese Wall model, designed to prevent conflicts of interest.
Which should take place first, authorization or authentication?
Authentication
Define authentication and its factors.
Authentication is a set of methods used to establish whether a claim of identity is true. The authentication factors include the following: something you know, something you are, something you have, something you do, and where you are.
Define Interruption attacks
Interruption attacks make your assets unusable or unavailable to you on a temporary or permanent basis.
Differentiate confidentiality, integrity, and availability.
Confidentiality is disclosure. Integrity is alteration. Availability is denial.
Define the confidentiality, integrity, availability (CIA) triad.
Confidentiality refers to our ability to protect our data from those who are not authorized to view it. Implemented at many levels Integrity is the ability to prevent people from changing their data in an unauthorized or undesirable manner. To maintain integrity not only do you need to have the means to prevent unauthorized changes to your data but you need the ability to reverse unwanted authorized changes Availability refers to the ability to access our data when we need it.
A malicious actor has breached the firewall with a reverse shell. Which side of the CIA triad is most affected?
Confidentiality; A reverse shell enables an attacker to gain remote access to and control of a machine by bypassing firewall safeguards.
Define Fabrication attacks
Fabrication attacks involve generating data, processes, communications, or other similar material with a system.
Define the incident response process and its stages
High level incident response process at a high level, consists of the following: preparation, detection and analysis, containment, eradication, recovery, post incident activity.
If you have a file containing sensitive data on a Linux operating system, would setting the permissions to RW RW RW cause a potential security issue? If so, which portions of the CIA triad might be affected?
I would say yes because granting write permissions would allow someone with nefarious intentions to alter the data. The integrity portion would be affected because of alterations.
Define identification, including "who we claim to be."
Identification makes a claim about what someone or something is. Who we claim to be encompasses many topics surrounding identification
Compare identification, identity verification, and authentication.
Identification makes a claim about what someone or something is. identity verification is based off a form, such as a driver's license, social security card, or birth certificate Authentication is a set of methods used to establish whether a claim of identity is true.
Define Interception attacks
Interception attacks allow unauthorized users to access your data, applications, or environments, and they are primarily attacks against confidentiality.
Identify the four types of attacks (i.e., interception, interruption, modification, and fabrication).
Interception, Interruption, Modification, Fabrication
Identify elements of incident response in policies and procedures.
Incident response should be done after risk management and you should base your reaction to previous documented incident response plans which should be regularly reviewed, tested, and practiced by those who will be expected to enact them in case in an actual incident.
Define information security.
Information security is defined as protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Which concept of the CIA Triad is associated with reliability?
Integrity; Integrity ensures data has not been tampered with and is correct, authentic, and reliable.
A user changes a number in a dataset with a typo. Which side of the CIA triad is most affected?
Integrity; Integrity ensures data has not been tampered with and is correct, authentic, and reliable. In this scenario, data has been tampered with and is no longer correct and reliable.
Which category of attack is an attack against confidentiality?
Interception
Which access control model could you use to prevent users from logging into their accounts after business hours?
Rule or Role based access controls.
Identify the layers of a defense-in-depth strategy.
The innermost layer is data, the second is application, the third is the host, the fourth layer is internal network, the last layer is the external network.
Define the risk management process and its stages
The risk management process requires you to identify your important assets, figure out the potential threats against them, assess your vulnerabilities, and then take steps to mitigate these risks.
How do you know at what point you can consider your environment to be secure?
There is no set point
Using the concept of defense and depth, what layers might you use to secure yourself against someone removing confidential data from your environment on a USB flash drive?
You could lock the USB in a box, have it then hidden in a drawer, then have a passcode on the USB, if possible, then use password protected files
Explain the difference between a vulnerability and a threat
a. A threat is something that has the potential to cause harm. b. Vulnerabilities are weaknesses or holes that threats can exploit to cause harm
1. Explain how the confused deputy problem could allow users to carry out activities for which they are not authorized.
a. Cross site request forgery and clickjacking are both examples of the confused deputy problem
Name three reasons why an identity card alone might not make ideal method of authentication.
a. Someone could steal it b. You could lose it and lock yourself out c. It may an old photo
What is the difference between verification and authentication of an identity?
a. Verifying identity based off a form, such as a driver's license, social security card, or birth certificate b. Authentication is a set of methods used to establish whether a claim of identity is true.
Administrative controls
are based on rules, laws, policy, procedures, guidelines, and other items that are paper in nature. They dictate how the users of your environment should behave.
Identify types of controls to mitigate risk
physical, logical, administrative
Physical controls
protect the physical environment in which your system sits, or where your data is stored
Logical controls
sometimes called technical controls, protect the systems, networks, and environments that process, transmit, and store your data.
