CIS4361 Final Exam
An access matrix is implemented by decomposition in 2 ways:
1. Access Control Lists Decomposed by columns For each object, list users and permitted access rights 2. Capability Tickets Decomposed by rows Specify authorized objects and operations for particular user
List several security concerns associated with writing safe program code.
> Correct Algorithm Implementation > Ensuring that machine language corresponds to the algorithm > Correct interpretation of data values > Correct use of memory > Prevent race conditions with shared memory
What are some security concerns with virtualized systems?
> Guest OS isolation
Virtualization
A technology that provides abstraction of the computing resources used by some software, which runs in a simulated environment called a virtual machine (VM)
Injection Attack
A wide variety of program flaws related to invalid handling of input data. Program input data can accidentally influence the flow of execution of a program 3 different types: Command Injection SQL Injection Code Injection
.............................is the granting of a right or permission to a system entity to access a system resource. This function determines who is trusted for a given purpose. A.) Authorization B.) Authentication C.) Audit
A.) Authorization
Additional security controls that may be used to secure the base operating system?
Anti-virus software - Computer software used to avoid, catch, and eliminate malicious software Host-based firewalls - Software bundle used to protect an individual host IDS or IPS software - Intrusion Prevention System(IPS) is capable of detecting or blocking the traffic by discarding the packet. Intrusion Detection System(IDS) uses types of algorithms to block traffic. Application white-listing - Limits programs in an explicit list on the system
Password Guessing Against a Single User
Attacker attempts to gain knowledge about account holder and system password policies and uses knowledge to guess password
Specific Account Attack
Attacker targets specific account and submits password guesses until correct
Software Security
Attacker targets specific bugs that result in failure that can be exploited by attacker
Workstation Hijacking
Attacker waits until logged-in workstation is unattended
Controls access based on attributes of the user, the resource to be accessed, and current environmental conditions. A.) MAC B.) RBAC C.) ABAC D.) DAC
C.) ABAC
Offline Dictionary Attack
Compare password hash against commonly used password hashes
Software Quality and Reliability
Concerned with the accidental failure of a program as a result of some theoretically random or unanticipated input, system interaction, or use of incorrect code
Where is application and service configuration information stored on Unix and Linux systems?
Configuration of applications and services is most generally applied using "separate text files". Applications and services configuration information are generally situated in either of the following: /etc directory Installation tree
Mandatory Access Control (MAC)
Controls access based on comparing security labels (how sensitive system resources are) with security clearances (which system entities are able to access certain resources)
Discretionary Access Control (DAC)
Controls access based on identity of the requestor & based on access rules stating what requestors are/aren't allowed to do
Role-Based Access Control (RBAC)
Controls access based on the roles users have & based on rules stating what accesses are allowed to users in given roles
What is the difference between "dictionary attacks" and "rainbow table attacks"?
Dictionary attacks are attacks in which the attacker tries each word and then tries obvious variants. These come from a large dictionary against hash in password files. Where as, rainbow table attacks are precomputed tables of hash values for the salts.
Exploiting Multiple Password Use
Different network devices share the same or similar password for a given user
List the main components of ICAM model.
Digital Identities Credentials Access Control
What type of access control model do UNIX and Linus systems implement?
Discretionary Access Control (DAC)
List different access control policies.
Discretionary access control (DAC) Mandatory access control (MAC) Role-based access control (RBAC) Attribute-based access control (ABAC)
Why is keeping all software as up to date as possible so important?
Due to the continuing discovery of software and vulnerabilities for commonly used operating system applications.
In the context of biometric user authentication define: Enrollment - Verification - Identification -
Enrollment - Each individual who's to be included in database of authorized users, must first be enrolled in the system Verification - User enters a PIN and also uses a biometric sensor Identification - Individual uses biometric sensor and no additional information
(T or F) In MAC, users can override security policy.
FALSE
Smart Card
Has a microprocessor, different types of memory, I/O ports, etc. May also have a crypto co-processor and an embedded antenna
2 common techniques for selecting or assigning passwords
Hashed Password with a Salt Value - Salt stored in plaintext with hash form (salt + password) Password File Access Control - Hashed passwords are kept in a separate file from user IDs called "shadow password file" (only privileged users have access to this)
Identify several issues associated with the correct creation and use of a lock file.
If a program chooses to ignore the existence of the lock file and access the resource, the system will not prevent this. Implementation must be precise, or a race condition will occur. Correct implementation is to always attempt to create the lock file (atomic operation).
Electronic Monitoring
If password is communicated over a network to log on a remote host, it is vulnerable to eavesdropping
Cross-site Scripting (XSS) Attack
Include a script code in the HTML content of a Web Page. Script code may need to access data associated with other pages currently displayed in browser. Attempt to exploit this feature and try to bypass the browser's security checks to gain elevated access privileges to sensitive data belonging to another site.
Command Injection
Input used in construction of a command that is then executed by the system with the privileges of the program
False Match Rate
Measures the percent of invalid inputs that are incorrectly accepted *Note that a decrease in false match rate necessarily results in increase in false non-match rate, vice versa
False Non-Match Rate
Measures the percent of valid inputs that are incorrectly rejected *Note that a decrease in false match rate necessarily results in increase in false non-match rate, vice versa
3 types of role hierarchy constraints
Mutually Exclusive Roles - A user can only be assigned to 1 role in set Cardinality - Max number with respect to roles. Set max number of users that can be assigned to a role Prerequisite Roles - A user can only be assigned to a particular role if it is already assigned to some other specified role
Race condition
Occurs when multiple processes and threads compete to gain uncontrolled access to some resource. Without suitable synchronization of accesses, it is possible that values may be corrupted or changes lost.
Principle Threats to the Secrecy of Passwords
Offline Dictionary Attack Specific Account Attack Popular Password Attack Password Guessing Against a Single User Workstation Hijacking Exploiting User Mistakes Exploiting Multiple Password Use Electronic Monitoring
Advantage of Challenge-Response Authentication over Password-Based Authentication
Only the hashes of the password are stored Do not have to be transmitted directly, so it cannot be captured during transmission
3 classes in an Access Control System
Owner - Creator of a resource (file) Group - In addition to owner privileges, a group of users may also have granted access rights World - Least amount of access rights. Users that are able to access the system but NOT included in owner/group classes
Principle of Least Privilege
Programs should execute with the least amount of privileges needed to complete their function.
Pros and Cons of automates patching
Pros Minimize the time any system is vulnerable to weaknesses Cons On rare but significant occasion, introduce instability
What effect do set user and set group permissions have when executing files on UNIX and Linux systems?
Provide more flexibility by specifying permissions
Protection Domain
Sets of objects with access rights to those objects In access matrix, this is a row
State the problem that can occur with input validation when the Unicode character set is used.
Some characters have multiple encoding. For example '/'. To prevent an absolute path name, ensure that the supplied filename does not start with /. If the check only assumes the shortest UTF-8 encoding of /, the attacker using one of the longer encoding can avoid the check.
Memory Card
Stores but does not process data
In the context of Access Control define: Subject - Object -
Subject - Entity capable of accessing objects Objects - Resource used to contain information
Reactive Password Checking
System periodically runs its own password cracker and cancels any passwords that were guessed and notifies user
(T or F) ACLs are not convenient for determining the access rights available to a specific user.
TRUE
(T or F) In ABAC, the root of trust is derived from many sources of which the object owner has no control.
TRUE
Identify several issues associated with the correct creation and use of a temporary file in a shared directory.
The temporary file must not be accessed by another process. An attacker could guess he name of the file and create it in between that time and the time the program checks if it already exists. The program can be redirected and would then overwrite the existing file. The use of secure system calls to avoid race conditions.
Access Right
The way in which a subject may access an object (read, write, execute, delete, create, search)
What is the point of removing unnecessary services, applications, and protocols?
This is security hardening, and security is improved. If fewer software packages are available to run, then the risk is reduced.
Main technique used by a defensive programmer to validate assumptions about program input.
Use of regular expressions to describe allowable input variables. Input that does not match, is rejected.
Popular Password Attack
Use popular password and try against a wide variety of user IDs
4 types of entities in a base model RBAC system
User - An individual that has access to system --> user ID Role - A named job function Permission - An approval of a mode of access to one or more objects Session - A mapping between user and an activated subset of the set of rules to which the user is assigned
4 common techniques for selecting or assigning passwords
User Education Computer-Generated Passwords Reactive Password Checking Proactive Password Checking
Proactive Password Checking
User chooses his password based on rules given by system. Balance between acceptability and strength
Exploiting User Mistakes
User is likely to write password down, attacker can exploit this mistake and steal the password
Challenge-Response Protocol
User sends identity Host responds with random number (R) User computes F(R, h(P)) and sends back Host compares value from user with own computed value If they match, the user is authenticated
SQL Injection
User-supplied input is used to construct a SQL request to retrieve information from a database
What is the difference between verification and identification?
Verification is establishing how valid the claim is. Where as, identification is when the user provides an existing identity to the system.
What is the main host firewall program used on Linux systems?
iptables
Sort the biometric authentication methods with respect to accuracy. (low accuracy to high accuracy) ☐ Voice, Retina, Iris ☐ Face, Iris, Finger ☐ Retina, Iris, Finger ☐ Hand, Fingerprint, Iris
☑ Voice, Retina, Iris ☐ Face, Iris, Finger ☐ Retina, Iris, Finger ☑ Hand, Fingerprint, Iris
