Security Concepts, Access Control, Methods of Authentication

What is DAC? Is it more secure than MAC?

Discretionary Access Control. The system in which the owners of files actually determine who gets access to the information. A user who creates a sensitive file determines who can access that sensitive file. Less secure than MAC

A hooligan unplugs the power from the central data server at a large bank. Which of the following describe the effect on the information security? a. Confidentiality has been breached b. Loss of availability c. The information has lost integrity d. None of the above

He is denying availability of the users to the server, not changing the information stored or read it. Therefore the answer is B.

What are the 3 steps to any access control process?

1. Identification: who is the user? 2. Authentication: is the user who he says he is? 3. Authorization: what dose the user have permission to do?

Which of the following are components of CIA? a. Confidentiality b. Authentication c. Integration d. Integrity e. Availability f. Character

A, D, E

What is Kerberos?

An open-source and widely accepted method of authentication that works on a shared secret key system with a trusted third party.

how is authorization achieved?

Authorization is actually achieved between the reference model and the kernel of the operating system

A user complains that he has to use a separate login and password for his email, his domain account, his specialized software, and even for his computer. What would be a solution to his problems? a. smart card b. SSO technology c. Biometrics d. Chap

B

Which of the following would not be a form of multifactor authentication? a. requiring an ATM card and a pin number b. Requiring a secret answer to a given question c. Requiring a fingerprint and a kerberos ticket d. Requiring a USB key and a password

B

On an Active Directory network the groups that a user is in determine his access to files. This is a form of: a. MAC b. DAC c. Type II Authentication factor d. RBAC e. Type I Authentication factor

Because the group that the user is in determines his access to files, it is not a far step to say that his role really determines his access to those files. The answer is RBAC. D,

Which of the following is the correct order of the access control process? a. Identification, Authorization, Authentication b. Authorization, Identification, Confidentiality c. Identification, authentication, Authorization d. Confidentiality, Integrity, Avaiability

C

What is chap?

Challenge-Handshake authentication Protocol. Authentication protocol that uses username and password combinations that authenticate users.

how does a locked box ensure confidentiality and integrity?

Conf: only those with a key can open it. Int: information is not able to be altered during delivery

Key question associated with access control?

How do you ensure that a user is in fact who he claims to be?

Which of the following is a true statement about Kerberos? a. it requires two distinct physical servers, one to give keys and the other to give tickets b. it is only used in UNIX environments c. Communication can only take place when both parties can utilize a trusted third party Kerberos server d. It is a form of biometric identification and authorization

Kerberos is often used in UNIX environments but not exclusively. C

What happens after the keys are distributed in the Kerberos system?

Kerberos issues what are known as "tickets" throught he TGS or Ticket Granting Server.

What is the KDC?

Key distribution center, the logical part of the Kerberos server that governs key distribution

What is MAC? How does it work?

Mandatory Access Control. The system in which a central aadministrator or administration dictates all of the access to information in a network or system. Subjects and objects are each associated with a set of labels. When a subject requests access to an object, access is granted if labels match, and denied if the labels do not match.

What are biometric factors? Types? How secure is it?

Methods of authentication that utilize the biological entities of a user. Considered the most secure. Typical biometric factors are fingerprint and retinal scans and photocomparison technology

What do the best authentication systems use?

Multi-factor authentication

What is a good password?

Numbers and letters, lower case and uppercase and symbols. Complex. At least 6 characters but probably 8 or more.

A user encrypts an email before sending it. The only person that can decrypt the email is the recipient. By encrypting the email in this way the user is attempting to preserve the: & why? a. Confidentiality of the recipient b. accessibility of the email server c. Confidentiality of the information d. None of the above

ONLY ensures confidentiality of the information. Not integrity due to the fact that nothing is preventing the manipulation of the email being sent.

Which of the following is not a possible description of type II authentication? a. something you are b. fingerprints c. Passwords d. Retinal scans

Passwords are type 1, so C

What is RBAC?

Role-based access control. A system in which the roles of users determine their access to files.

What technology is Kerberos associated with?

SSO Single sign on technology

What is SSO?

Single sign on . Refers to the ability for a user to only be authenticated once to be provided authorization to multiple services

What two systems allow for protection against password breech?

Systems that allow for lost password retrieval should not allow a malicious user to learn information about the users of a system. Systems should not elaborate as to whether a username or password is incorrect.

What does integrity refer to?

The idea that information should arrive at a destination as it was sent.

What is the most common form of authentication? What type is is?

Type I. Username and password system.

What is chap used in? What does it use to prevent replay attacks? An example?

Used in PPP. Uses a three-way handshake to prevent replay attacks. microsoft has a version of CHAP known as MS-CHAP

What is type 2 access control?

What you have. Physical keys or cards, smart cards and other physical devices.

What is type 1 of access control?

What you know. Passwords, numeric keys, PIN numbers, secret questions and answers.

What do TGS allow for

actual communication between the clients by storing authentication information

Sending information in a locked box would ensure what?

both confidentiality and integrity

What is CIA

confidentiality, integrity and availability

What is one of the Kerberos vulnerabilities? How does this effect CIA?

extensive use of the trusted third party. If the third party is compromised information confidentiality and integrity may be breached. If the third party simply fails, availability is lost.

When is MAC used?

high security applications, such as labeled top secret information.

What does Kerberos use time stamps for?

in order to "time out" communications. Time stamps mitigate the threat of replay attacks and provide a small measure of integrity. If two hosts are on different times, communication will be impossible.

What does "top secret" mean

only those who are cleared to see that information can actually view it.

What is Multifactor?

refers to more than one type of authentication

What is access control?

the ability of a system to limit access to only certain users.

What does availability refer to?

the idea that information should be available to those authorized to use it.

What does confidentiality refer to?

the idea that information should only be accessible to its intended recipients and those authorized to receive the information.

What is the reference model? How would it be used?

the system that directs the Kernel what it can and cannot access. A request to access information would be sent throught he reference model to verify that the user requesting access should actually have access to what he is requesting.

What is type 3 access control?

what you are. High-tech systems may use fingerprints, retinal scans, or even DNA.