Security Pro

RBAC (Role-based access control), MAC (Mandatory Access Control), and TBAC (Task based access control)

Enforce security based on rules. The rules of RBAC is job descriptions The rules of MAC are classifications The rules of TBAC are work tasks.

In the /ect/shadow file, which character in the password field indicates that a standard user account is locked?

! or !! in the password field of the /ect/shadow indicates the account is locked and cannot be used to log in. the /ect/shadow file holds passwords and password expiration information for the user accounts. $ preceding the password identifies the password as an encrypted entry * indicates a system user account entry(which cannot be used to log in)

Management considerations

1. Keys can be easily distributed with no prior relationship required. Only the public key needs to be distributed, and it does not matter who has access to the public key. The private key is always kept secure and private. 2. asymmetric cryptography is scalable for use in very large, expanding environments where data is frequently exchanged between different communication partners. The number of keys required is 2n (2 keys per user). 3. Keyspace typically starts around 1,000 bits and goes as high as 32,000 bits. 4. Processing speeds are much slower (about 1000 times slower) than symmetric key cryptography . 5. two mechanisms are used that determine how long cryptographic key reamins in use: A. Ephemeral keys are generated every time the key establishment process is executed and only exist for the lifetime of a specific communication session. As such, these keys have a relatively short lifespan B. static keys can be reused by multiple communication sessions. As such, these keys remain in use for a relatively long period of time.

Asymmetric encryption functionality.

1. The public key is made available to anyone; the private key is kept secret. 2. One key encrypts and the other key decrypts. For example, if data is encrypted with the public key, the private key is used to decrypt the data. 3. the strength of an asymmetric encryption system lies in the secrecy and security of its private keys. if the private key is ever discovered, a new key pair must be generated. 4. Both private and public keys are created on a local machine by a local security authority (the security kernel) and a cryptographic service provider (CSP). 5. asymmetric key ciphers are two associated algorithms that are inverses of each other. Both of the two algorithms are easy to compute. 6. It is computationally infeasible to derive the second algorithm from the first without the private key.

Multi-factor authentication.

A password, a bio-metric scan, and a token device together are the strongest form of multi-factor authentication listed here. Multi-factor authentication is any combination of two or more of the same or different authentication factors. The three common authentication factor types are Something you know (such as a password), something you have (such as a smart card or token device), or something you are (such as a bio-metric quality like fingerprint).

Hashing algorithms are used to perform what activity?

Hashing algorithms are used to create a message digest to ensure that data integrity is maintained. A sender creates a message digest by performing the hash function on the data files to be transmitted. The receiver performs the same action on the data received and compares the two message digests. If they are the same then the data was not altered.

Mission critical

The services to be restored first are mission critical services. if mission critical services are not restored within their maximum tolerable downtime, the organization is no longer viable. least business critical services are to be restored last. financial support and outside communications are restored only after all other services with a higher level of critical have been restored.

disabling a account on Linux

Use the usermod -L joer to lock the user's password, thereby disabling the account. Usermod -d is used for changing the accounts home directory.

Linux Change Username

Use the usermod utility to modify user settings. Use the -l flag to signal a change to the username. The correct syntax requires the new username value be given, followed by the old username. The -u flag changes the uid number.

Which of the following utilities would you typically use to lock a user account.

Usermod and passwd using the following utilities to lock a user account: passwd -l disables an account. This command inserts a !! before the password in the /ect/shadow file. usermod -L disables an account. This command inserts a ! before the password in the /ect/shadow file.

Kerberos

grants tickets(also called a security token) to authenticated users and to authorized resources. Kerberos uses the following components: 1. An authentication server (AS) accepts and processes authentication requests. 2. A service server (SS) is a server that provides or holds network resources. 3. A ticket granting server (TGS) grants tickets that are valid for specific resources on specific servers.

tabletop exercise

in a tabletop exercise, small number of individuals get together and test just one part of the BCP by working through a simple scenario. A medium exercise involves a large number of individuals that test many parts of the BCP. A complex exercise involves a very large number of individuals and a very realistic scenario. Succession planning is a process for identifying and developing internal people with the potential to kill key positions.

Computationally

in a way that uses or relates to computers.

MS-CHAP

is Microsoft's proprietary method uses for remote access connections. MS-CHAP uses a three-way handshake (challenge/response) to perform authentication using a hashed form of a shared secret.

Need to Know

is a access control tool used in mandatory access control environments to implement granular control over access to segmented classified data.

Birthday attack

is a brute force attack in which the attacker hashes the messages until one with the same hash is found.

Hash

is a function that takes a variable-length string (message) and compresses and transforms it into a fixed-length value. Hashes ensure the data integrity of files and messages in transit. For example, when users post files for download, they often create a hash value for the file. After you download the file, you can create a hash using the same algorithm. If the hash values match, you know that the file you have matches the original file.

Smart Card

is a hardware device that contains identification information. Smart cards can contain a magnetic strip, radio frequency transmitter, or hardware contracts that allow it to interact with a smart card reader. The reader uses information on the card to allow or deny access.

ACL (Access control list)

is a security mechanism that defines which subjects have access to certain objects and the level or type of access allowed. This security mechanism is unique for each object and is embedded directly in the object itself.

Public Key infrastructure (PKI)

is a system of certificate authorities that issue certificates, but is not a mechanism used for authentication.

Job rotation

is a technique where users are cross-trained in multiple job positions, and where responsibilities are regularly rotated between personnel. Job rotation can be used for training purposes, but also allows for oversight of past transactions. As jobs rotate, personnel in new positions have the chance to review actions taken by others in that same position and possibly catch security problems.

RSA

is an asymmetric encryption algorithm. Asymmetric encryption is typically not used for bulk encryption of data.

802.1x

is an authentication mechanism for controlling port access 802.1x uses RADIUS/TACACS+ servers.

Workgroup

is an example of decentralized privilege management solution. In a workgroup, user accounts are defined on each individual system rather than on a centralized access control server.

Brewer-Nash Model

is designed primarily to prevent conflicts of interest by dynamically adjusting across based on current activity.

Primary goal of BCP

is maintaining business operations with reduced or restricted infrastructure capabilities or resources. Minimizing the risk to the organization from delays and interruptions in providing services is a goal of DRP. if your organization cannot provide services, it is experiencing a disaster. minimize decision making during the development process is not a valid goal of BCP or DRP, decisions should be made during development. the correct DRP goal is to minimize decisions during an emergency, protecting an organization from major computer services failure is a goal of DRP, not BCP. if computer services fail, business continuity is interrupted, thus there is a disaster.

Clark-Wilson Model

is primarily based on controlled intermediary access applications that prevent direct access to the back-end database.

Data integrity

is proven when the same hashing algorithm performed on a message results in the same hash value.

AES

is stronger and faster than 3DES when implemented with a large key size (256 bits). DES was one of the first symmetric encryption methods and is now obsolete (known weaknesses can be used to break the encryption). 3DES improves upon DES by applying the encryption three times. It is an acceptable alternative to DES.

A matrix

is the basis for the access matrix.

Separation of duties.

is the concept of having more than one person required to complete a task. This helps prevent insider attacks because no one person has end to end control and no one person is irreplaceable.

Duel administrator accounts

is the policy of ensuring each administrator has a privileged level account and a normal user level account.

Hash value

is the result of a compressed and transformed message (or some type of data) into a fixed-length value.

Separation of Duties.

is the security principal that states no single user is granted sufficient privileges to compromise the security of an entire environment. Usually this principle is implemented by dividing administrative privileges among-st several administrators.

Separation of Duties.

is the security principle that states no single user is granted sufficient privileges to compromise the security of an entire environment. Usually this principle is implemented by dividing administrative privileges amongst several administrators.

SHA-1

is the strongest hashing algorithm, SHA-1 generates a message digest of 160 bits.

Symmetric encryption

is typically used for fast encryption of data.

Asymmetric encryption.

is used for encrypting small amounts of data or for exchanging keys used with symmetric encryption.

MD-5

is weaker than SHA-1, producing a message digest of 128 bits.

Creeping Privileges.

is what occurs when a user's job position changes and they are granted a new set of access privileges for their new work tasks, however their previous access privileges are not removed. As a result, the user accumulates privileges over time that are not necessary for their current work tasks. This is a form of privilege escalation.

collect and destroy

it is essential to collect and destroy all old plan copies as a new version of a plan is rolled out. senior management approval should have been obtained before releasing a new version of the plan. new awareness sessions are usually not required as the major concepts and ideas of the plan will have remained constant, it is only the details that need periodic updating. new awareness is needed only when the plan significantly changes or when a significant length of time has elapsed since the last time employees went through awareness. roles and responsibilities do not need to be redefined due to a new plan version, just updated.

Explicit Deny, explicit allow, implicit allow.

means identifying users or objects that are to be prevented access. Explicit allow identifies specifically the objects that are allowed access. Implicit allow is a form of access control that rarely exists, which would be that access is allowed unless it has been explicitly denied.

Account Permissions

no this strategy does won't work because permissions are not copied when a user object is copied. if the permissions had been assigned to a group that craig jenkins was a member of, then the strategy would work because group memberships are preserved when making a copy of a user account.

infeasible

not possible to do easily or conveniently; impracticable.

derive

obtain something from a specified source. base a concept on a logical extension or modification of another concept.

False Negative

occurs when a person who should be allowed access is denied access.

False Positive

occurs when a person who should be denied access is allowed access. The processing rate of system throughput, identifies the number of subjects or authentication attempts that can be validated. The crossover error rate, also called the equal error rate, is the point where the number of false positives matches the number of false negatives in a bio-metric system.

Strong Authentication

uses two or more authentication credentials, but of the same type. A fingerprint and a retina scan uses two pieces of type 3 authentication, while a pass phrase and a PIN uses two pieces of type 1 authentication.

userdel -r

will delete a user's home directory along with the user account. The command userdel by itself will not delete a user's home directory along with the user account. Executing rm- rf on the user's home directory after executing userdel would remove the home directory

userdel -h

will display the syntax and options for the userdel command.

Asymmetric algorithms

Provide a means to exchange small amounts of data securely over a public network. Both symmetric and asymmetric algorithms provide for non-repudiation.

Active directory

allows you to make copies of existing user accounts: when you do, a new security identifier (SID) is automatically created for the new user.

High amplification

also known as the avalanche effect, means a small change in the message results in a big change in the hashed value.

Hashes

are one way functions, meaning that once you hash a message, you cannot reverse the hashing algorithm to extract the data.

DES and AES

are symmetric encryption algorithms, with DES being weaker than AES.

Dynamic Access controls

are the basis of the brewer-nash model.

Business processes

are the primary focus of the scope BCP. company assets are the focus of risk assessment for security policy development, not BCP. Human life and safety are considerations for emergency response, but are not the focus of the BCP scope. recovery time objective is a consideration in the development of emergency response, not an aspect of BCP scope.

Symmetric algorithms

are used to encrypt bulk data for communications exchange.

Common asymmetric encryption implementations

asymmetric encryption uses the following protocols SSL//TLS IPSec VPNs (PPTP, L2TP, SSTP) SSH tunnels

Asymmetric encryption uses.

asymmetric key encryption can provide confidentiality (encryption), strong authentication, and non repudiation. 1. Data encryption to secure data. 2. digital signing to confirm the integrity of the message and the authenticity of the sender. 3. key exchange to ensure keys are secure during transit. Asymmetric encryption is often used to securely exchange symmetric keys.

Two Factor Authentication

uses two different types of authentication (i.e. a combination of type 1, type 2, and type 3 authentication). Of the examples listed here, a token device (type 2) combined with a PIN (type 1) is the only example of two factor authentication.

LANMAN and NTLM

both use hashing to protect authentication credentials, but these protocols are not used for creating hashes of data. LANMAN is less secure than NTLM, with either method being less secure than MD-5 (NTLM uses either MD-4 or MD-5 to produce the hash)

Asymmetric cryptography

uses a unique key pair for each participant. This key pair consists of a public key and a private key.

User on vacation?

disable the account is the best measure to protect an inactive account. This prevents the account from being used for logon.

Access Token

does not contain the user account password. The password is only used during authentication. Following authentication, the access token is used to gain access to resources. When a security principal logs on, an access token is generated. The access token is used for controlling access to resources and contains the following information: The SID for the user or computer The SID for all groups the user or computer is a member of User rights granted o the security principal. When the security principal tries to access a resource or take an action, information in the access token is checked. For example, when a user tries to access a file, the access token is checked for the SID of the user and all groups. The SIDs are then compared to the SIDs in the object's DACL to identify permissions that apply.

Substantive tests

evaluate individual transactions, integrity of data, and the processing of information. substantive tests ensure that the balances of financial statements and all supporting data and documentation are valid and accurate.

DAC (Discretionary Access Control)

uses identities to control resource access. Users can make their own decisions about the access to grant to other users.

Using asymmetric and symmetric encryption together.

operating systems, applications, and other components of information systems typically use a hybrid cryptography system. A hybrid cryptography system combines the strengths of both the symmetric and asymmetric cryptography systems (i.e. symmetric systems can process large amounts of data relatively fast, and asymmetric systems can securely distribute keys). A hybrid cryptography system works as follows: 1. A plain text message is encrypted into cipher text with a symmetric session key. 2. The symmetric session key is then encrypted with asymmetric cryptography (using the public key of the recipient) 3. The encrypted symmetric session key and the cipher text are sent to the recipient. 4. The recipient decrypts the symmetric session key with asymmetric cryptography (using the recipient's private key) 5. The cipher text is then decrypted into plain text with the decrypted session key.

a linux user is locked out

passwd -S login credentials displays the status of the user account. LK indicates the user account is locked and PS indicates the user account has a password.

Collision

results when two different messages produce the same hash value (a low number of collisions is desirable)

The Principle of least Privilege.

states that users should have the minimal amount of access necessary to perform their work tasks.

Single sign-on (SSO)

system can reduce human error and system administration time by providing access to all authorized resources with a single instance of authentication through a single set of user credentials.

compliance testing

tests control procedures to see if they are working as expected and are being implemented in accordance with management policies. compliance tests are performed with a specific objective in mind and they always include examination of documentary evidence.

Sanitization Media

that will be reused in different security context. Sanitization is the process of cleaning a device by having all data remnants removed. Sanitization is necessary because deleting, overwriting, and reformatting (even multiple times) does not remove all data remnants.

Microsoft system

the access token is only generated during authentication. changes made to group memberships or user rights do not take effect until the user logs on again and a new access token is created.

birthday attack being successful.

the discovered password will allow the attack to log on as the user, even if it is not the same as the user's password. This is because the birthday attack (i.e. password cracking) will discover a collision. A collision is when two messages produce the same hash. Collision does not guarantee that the two messages are the same. Thus, another password could be discovered that has the same hash as the original user's password. Since the authentication system checks only for matching hashes, the attacker could log on with a different password as long as it produces the correct hash.

RC4

the most frequently used implementation of symmetric key stream ciphers is Ron's Code (or Ron's Cipher) V4, known as RC4. RC4 uses variable key up to 256 bits and is commonly used with WEB and SSL. It uses the key scheduling algorithm (KSA) and the pseudo-random generation algorithm (PRGA) Blowfish , twofish, and AES are all block ciphers.

Bell-LaPadula

the star property is no write down The simple property of Bell-Lapadula is no read up.

implicit deny

users or groups which are not specifically given access to a resource are denied access. implicit deny means that there is an assumed or unstated deny that prevents access to anyone not explicitly on the list.

Symmetric cryptography

uses a shared private key. Both communication partners must be in possession of the same key in order to exchanged encrypted data. (key management is difficult when symmetric cryptography is implemented on a large scale. Because two users must share the same unique key to encrypt and decrypt data, even a small group of users would require the generation of a large amount of keys. The formula to determine the number of keys is n(n-1)/2.