Chapter 5
Before you run a password-cracking program on your compnay's computer to check for weak password what should you do?
get permission! Have a memo providing permission to do a very specific set of actions and then do not deviate from them without further written permission.
Distinguish between false acceptance and false rejections
- A false acceptance occurs when a person is improperly matched to a template. - False rejection occurs when a person is improperly not matched to a template.
What are match indices, and how are they related to decision criteria?
- A match index compares access key features with the template - Because scanning never works exactly the same way twice, if the match index is close enough to satisfy the system's configurable decision criteria, the supplicant is accepted
Suppose that the probability of a false acceptance is one in a million, that there are 10,000 indentities in the database, and that there is a watch list with 100 people. What will be the FAR for the watch lists?
- A watch list will attempt 100 matches. - The probability of a false acceptance for a single match is one in a million. - Therefore, the probability of a false acceptance of verification is 1/1,000,000 times 100 (i.e., 0.0001). - Therefore, the probability of a false acceptance is 0.01%
What controls should be placed over employees taking equipment offsite?
- Controls over employees taking equipment offsite include: - Ensuring proper authorization to remove equipment - Limiting the personnel who are able to authorize removal - Enforcing time limits for off-site use - Logging equipment in/out -Periodic spot checks of the above rules should be conducted
Describe the three scanner actions in the enrollment process
- First, the reader scans each person's biometric data. - The reader then processes the enrollment scan to extract a few key features from the mass of scanned data. - Finally, the reader sends the key feature data to the database, which stores the key feature data as the user's template
What is a PIN
A PIN is a personal identification number. It is a short number you type in manually to authenticate yourself, often in conjunction with another authentication factor
Suppose that the probability of a false acceptance is one in a million, that there are 10,000 indentities in the database, and that there is a watch list with 100 people. What will be the FAR for identification
- Identification will attempt 10,000 matches. - The probability of a false acceptance for a single match is one in a million. - Therefore, the probability of a false acceptance of verification is 1/1,000,000 times 10,000 (i.e., 0.01). - Therefore, the probability of a false acceptance is 1%.
What controls should be applied to off-site equipment maintenance ?
- Offsite equipment maintenance must: - Be limited to authorized personnel only. - Be logged out and back in. - Have all sensitive information removed.
Why are password resets questions difficult to create?
- Some questions themselves are security violations (such as asking for SSN or mother's maiden name). - Some questions are easily answered by an attacker with little knowledge of the user (e.g., city of birth, pet's name, etc.). - Some questions are too hard to remember or difficult to answer (e.g., favorite song, favorite teacher in high school, etc.). - Some questions require exact spelling, which can cause the password reset answer to fail too often. (This is especially difficult with names.
In Kerberos, distinguish between the ticket granting ticket and the service ticket
- The ticket granting ticket is the supplicant's proof that it has already authenticated itself with the Kerberos server. - The service ticket is an encrypted session key that only the verifier can decrypt (due to sharing a key with the Kerberos server in a separate communication)
What are the three types of actions that should be taken on log files?
- They should be read regularly by someone who knows what he or she is looking at. - External auditing should be conducted periodically. - Automatic alerts should be established to provide security administrators with real-time feedback
Distinguish between UPSs and electrical generator
- Uninterruptable power supplies (UPSs) have batteries that can supply power to equipment for a brief period of time after an outage. UPSs allow orderly shutdown during power failures - Electrical generators can be used as backup for longer-duration outages. These run on gasoline.
Distinguish between verification and identification
- Verification is an action wherein the verifier determines whether the supplicant is the particular person he or she has claimed to be - identification, the verifier determines the identity of the supplicant; the supplicant does not claim to be a particular person
What is the book's recommended password policy for length and complexity?
- at least 8 characters long - at least one uppercase - at least one digit - Have at least one non-alphanumeric character not at the end of a password (DoD policy is two) - Another DoD policy is that keyboard shortcuts are not to be used (such as some combination of "asdf;lkj")
Distinguish between magnetic stripe cards and smart cards
- magnetic stripe card is a simple access card that can store authentication data - smart card looks like a magnetic stripe card but has a built-in microprocessor and memory. This allows smart cards to do processing for more sophisticated authentication. Smart cards can also give out information differentially to different applications. While magnetic stripe cards are passive, only containing data, smart cards are active
What controls should be applied to equipment disposal or reuse
- sensitive data must be reoved - at the very least, written over by special software that prevents data from being recovered
What should be done to protect laptops taken off premises?
-laptops should never be left unattended - being limited to authorized personnel only - being logged out and back in - having all sensitive information removed
List rules for working in secure area
1) unsupervised work in secure areas should be avoided 2) when no one is working in secure area, it should be locked 3) Electronic devices that can record or copy mass amounts of information should be forbidden in secure areas
What are password resets?
A password reset is the action taken by a help desk employee to create a new password for an account when the current password is lost or forgotten
What are the four bases for authentication credentials
What you know (a password or a private key) What you have (a physical key or a smart card) Who you are (your fingerprint) What you do (how you specifically pronounce a passphrase)
Why is it less error-prone?
Appropriate authorizations are easier to understand for roles than for individuals.
Why is it a good way to assign initial permission?
Assigning as few permissions as necessary is a good way to assign permissions initially because it reduces potential points of vulnerability, possible unauthorized behaviors, and mitigates the damage an intruder may do
List the AAA access controls
Authentication Authorizations Auditing
On what two things about you is it based? What is it major promise?
Biometric authentication is based upon something you are (i.e., a physical feature) and something you do (i.e., an action). The major promise of biometrics is to make reusable passwords obsolete
How should trash bins be protected?
Building trash bins should be located in a secure and lighted area, preferably under CCTV surveillance.
Which is worse from a user acceptance viewpoint?
a false rejection, because it lets an attacker in
What is the attraction of proximity tokens
because they do not require physical contact with a reader or USB port, which is faster than directly interacting with a device
What should be done about them?
Emergency exists should be alarmed, monitored (preferably with cameras), and tested frequently. In all cases, security provisions must be compatible with fire codes. Most importantly, it is illegal to lock fire exits to bar egress.
What does failing safely mean in a security system?
Failing safely in a security system means that a failure is not likely to lead to security violations. The principal of least permissions ensures that users are not given too many permissions if an error is made
What are the mostly widely forms of biometric authentication?
Fingerprint, iris, face, and hand geometry are the most widely used types of biometric authentication today
For watch lists of criminals, which is worse from a security viewpoint, a false acceptance or false rejection ? explain
For a watch list of criminals, false rejection is worse from a security viewpoint because it means a criminal was not identified.
Which is worse from a security viewpoint - a false acceptance or a false rejection?
For computer access, a false acceptance is worse because it allows an unauthorized person through the door, giving the person access to sensitive building space
For watch lists of people who should be allowed to enter a room, which is worse from a security viewpoint a false acceptance or a false rejection ? explain
From a security viewpoint, a false acceptance is a worse error because it means a non-authorized person has improperly gained access to a resource. A false rejection would merely keep an authorized user out of the space, which is an inconvenience, but harmless in most cases. or destination host must drop a packet, it sends back an ICMP error message.
What steps should be taken to reduce the danger of environmental damage?
Hazardous and combustible material should be located away from sensitive areas, and there should be adequate equipment for fire fighting. Disaster response facilities and backup media should be located safely away from the building
Which requires more matches against templates?
Identification requires more matches against templates than verification because in verification, a supplicant is claiming a specific identity
How can a Trojan horse defeat this promise?
If a client PC is infected with a Trojan horse, the Trojan horse can send transactions when a user has already authenticated him or herself to an e-commerce site. If a user's computer is compromised, twofactor authentication means nothing.
Why are password duration policies important ?
If passwords are not changed frequently, or if an attacker cracks the password, he or she will be able to use it for a long period of time.
Why is it a problem to use the same password at multiple sites ?
because when a password is compromised at one site, it is compromised at all sites, expanding the risk of the compromise
Why is it important to disable lost or stolen access devices
If you do not disable them immediately and they are stolen, they can still be used by the thief indefinitely
How may passwords resets be handled in high-risk environments ?
In high-risk environments, password resets might best be handled by eliminating remote password resets altogether and requiring the users to go to the help desk in person and show ID
What is the advantage of iris recognition? What are the disadvantages?
It is the most precise form of biometric authentication, with very low FARs. The main disadvantage of iris recognition is that the technology is very expensive
What does the server do wit the key features created by the enrollment scan?
It uses these key features as the template for that user, which is the file entry containing key features from the enrollment process for a single individual
Why is long reading important ?
Logging records the actions that an account owner takes on a resource. Unless logs are studied/read, they are useless
Why do techonologically strong access controls not provide stong acces conrol in real organizations ?
No access control, no matter how strong, will provide strong access control in real organizations unless the organization has well-thought-out security policies and rigorously implements those policies. Humans are ingenious in finding ways to harm themselves, especially when they are not monitored.
Why are the dangerous?
Password resets are dangerous because they are susceptible to social engineering by an imposter who can convince help desk personnel to reset a password, thus giving account access to the imposter and locking out the appropriate account holder
How can password resets be automated?
Password resets can be automated by using a system that asks the person requesting a reset to answer one or more secret questions, giving answers the authentic user gave at registration time
Why can PINs be short- only four to six digits- while passwords must be much longer?
Passwords need to be long because attackers can try millions of comparisons per second. However, people must enter PINs manually, so attackers can only enter a PIN every second or two. In addition, someone standing over an access door, trying many PIN codes, would be highly conspicuous and therefore vulnerable to detection
Why are automatic alerts desirable?
Reading log files only tells you about the past. Ideally, logging systems should have active log-reading functions that send the security administrator real-time alerts for certain types of events
Why is it less expense than access based on individual accounts?
Role-Based Access Control is less expensive than access control based on individuals because fewer assignments need be made (as there are far fewer roles to designate than there are people assigned to roles)
Why are authorizations needed after a person is authenticated ?
Simply knowing the identity of the communicating partner is not enough. The specific authorizations of the communicating party also need to be defined. Not everyone who is authenticated may be allowed to do anything he or she wishes in every directory
Which is safer for the cracker? why?
Stealing the password file and cracking it elsewhere is safer. There is no need to wait around by a compromised server while the password-cracking program does its work
What is bad about assigning all permission and then taking away the permission a user does not need?
The bad thing about assigning all permissions and then taking away those that are not needed is that it is easy for security to mistakenly NOT remove a permission that is not required, thus allowing access beyond that which is authorized
What is the advantage of face recognition?
The main advantage of face recognition is that it can be used surreptitiously (i.e., without the subject's knowledge).
What information does the service ticket give the verifier?
The service ticket gives the verifier the symmetric session key to use with the supplicant. The session ticket may also contain permissions that the supplicant should have on the verifier
How does the supplicant get the symmetric session key?
The supplicant gets the symmetric session key from the Kerberos server when the service ticket is sent to the verifier; the session key from the Kerberos server is encrypted to be read only by the server and supplicant
Which is more likely to generate a false acceptance? Why?
There is a small chance of a false acceptance every time a match is attempted. Because identification requires checking the supplicant against every template in a system, there is a greater chance that identification will generate a false acceptance than verification (which compares the supplicant with only one template).
Which is more likely to generate a false match? Why?
There is a small chance of a false acceptance with each match attempt. Identification must attempt matches against all templates in the database. Watch lists only require match attempts against the templates of members of the group. Therefore, identification is likely to generate more false matches
Why is loading dock security important? What access control rules should be applied to loading docks?
This is a busy area with many strangers. It is a likely penetration point. In addition, it holds expensive goods that are easy to steal. Internal employees should have limited access to loading docks, which prevents easy passing of material from inside to outside. External employees should have no access to the building beyond the loading dock. (They don't need it). Incoming shipments should be inspected and logged. Outgoing shipments should be separated from incoming shipments to reduce risk of theft.
What is user access data?
This is data collected during an access attempt scan, as opposed to the scanning data during enrollment
What is the role of the authenticator? What is the role of the central authentication server?
To send the supplicant's credentials to the authentication server, and then to send a message of authentication back to the supplicant from the authentication server
How can a main-in-the-middle attach defect this promise?
Two-factor authentication can often be defeated with a man-in-the-middle attack. If a user logs into a fake banking website, the fake site can act as a silent go-between to the real banking website. After the user successfully authenticates, the fake website can execute transactions of its own on the real website.
Suppose that the probability of a false acceptance is one in a million, that there are 10,000 indentities in the database, and that there is a watch list with 100 people. What will be the FAR for verification?
Verification only attempts a single match - the probability of a false acceptance for a single match is one in a million - therefore, the probability of a false acceptance of verification is one in a million
Compare identification with watch list matching
Watch list matching is a form of identification that identifies a person as being a member of a group. For instance, the matches may be made against the templates of people on a terrorist watch list.
In biometrics, what is a match?
a match occurs when a match index (a comparison of access key features and the template) meets the decision criteria
Why are key features necessary?
are necessary because raw biometric scans will be different each time due to nuanced actions (e.g., pressure, angle of scanning, interfering substance, etc.), but key features will be the same (or almost the same) no matter how a finger is scanned.
What are one-time password tokens?
are small devices with displays that have a number that changes frequently. Users must type the current number into key locks or into their computer.
What are key features?
are specific metrics extracted from the scanning data. Two scans will never give the same scanning data, but they should give generally the same key features, such as the relative locations of arches and whorls in a fingerprint
Explain Authorization
are specific permissions that a particular authenticated user should have given his or her authenticated identity.
What are the three devices in central authentication using RADIUS servers?
are the supplicant, authenticator, and RADIUS central authentication server
What is a auditing ?
auditing records and analyzes what the person or program actually did, rather than what was theoretically authorized
Why is it difficult to enforce a policy of using a different password as each site?
because it is difficult for users to remember different passwords for different sites.
How can password-cracking programs be used enforce password strength policy?
by having systems administrators run a password-cracking program against their own servers to check for policy violations in password length and complexity
Why is having a single point of building entry important ?
by limiting access points, it is easier to apply protections to people coming into and going out of the building
In what to ways can password-cracking programs be used?
can be loaded on a server (assuming the hacker can gain access to the server) to try thousands of possible account name/password combinations per second until one works. Also, if the attacker can gain access to the password file from a computer
Explain Auditing
consists of collecting information about the activities of each individual in log files for immediate and later analysis.
What is two-factor authentication's promise?
defense in depth. If one authentication method is broken, the impostor will still not be able to authenticate him or herself (facebook uses this )
What is the likely future of passwords?
e phased out in the fairly near future primarily because they are such a significant weakness. Password cracking has gotten easier and faster, and users are limited in their ability to handle truly strong passwords
List the four elements of entry authorizations in CobiT
in Cobit, building entry must be justified, authorized, logged, and monitored
Why are emergency exists important ?
in case of fire or other problems, people must be able to escape
What are USB tokens?
is a small device that plugs into a computer's USB port to identify the owner
What is DumpsterTM diving?
is an attack in which an attacker goes through a firm's trash bins looking for documents, backup tapes, floppy disks, and other information-carrying media
What is biometric authentication ?
is authentication based on biological metrics.
Why is password cracking over a network difficult to do ?
is difficult to do because the attacker will almost always be locked out after a few attempts.
What is the most widely used form of biometrics?
is fingerprint recognition, primarily because it is cheap
What is the principle of least permissions?
is that each person should only get the permissions that he or she absolutely needs to do his or her job.
What are the disadvantage of voice print recognition ?
is that it is easily deceived by recordings. Another is that high false rejection rates make voice recognition frustrating to users
Explain Authentication
is the process of assessing the identity of each individual claiming to have permission to use a resource.
What is the advantage of fingerprint recognition?
main advantage of fingerprint recognition is that the technology of fingerprint scanners is inexpensive
What is the disadvantage of fingerprint recognition?
main disadvantage of fingerprint recognition is that it is easily deceived in all but the most advanced and expensive fingerprint scanner technologies
For watch lists of criminals, what is a false acceptance?
means that an innocent person is identified as a criminal
What is another name for authorizations ?
permissions
What is a RBAC?
role-based access control. Authorizations are assigned to roles instead of to individuals
If wiring cannot be run through walls, what should be done to protect the wiring?
should be protected by running it through conduits (preferably armored conduits) and should not be run through public areas
For what type of use is fingerprint recognition sufficient?
should only be used in cases in which there is little danger of serious deception. An example would be logging into a personal computer that does not hold sensitive information.
What can be done to reduce the dangers of desktop PC theft and unauthorized use?
t, individual desktop PCs in ordinary office areas can be locked onto their desks with a cable, provided that there is something on the desk to wrap the cable around. In addition, each PC should have a login screen that requires a complex password and a screen saver so that an intruder cannot simply walk up to it and use it.
Why is it necessary ?
unless authentication and authorization activities are audited frequently, improper behavior can go on for a very long time
Where is hand geometry recognition used ?
used mostly in door access control.
What is the advantage of USB token compared to cards?
used to authenticate a user without the cost of having a smart card reader attached to the PC
What does surreptitious mean?
without the subject's knowledge
