Access Controls
What is an Access Control List (ACL)?
Access Control Lists are used to specifically identify what is allowed and what is not allowed. ACL's can do this based on permissions or based on traffic.
What are some of the common roles within a RBAC Model?
Administrators (access all data and system settings), Executives (Access all data but not systemsettings), etc...
What is a "centralized" user account management environment?
All user accounts are stored in a central database (such as Active Directory in Windows). A centralized user account database helps provide single-sign-on (SSO) since user need only sign on once ot the domain.
What are the two types of enviornments within a Group Policy in which user accounts can be managed?
Centralized and Decentralized
What is "Group Policy"?
Group Policy is used in Windows domains to manage multiple users and computers within said domains. It allows an administrator to configure a setting once in the group policy object (GPO) any apply this setting to many users and computers within the domain.
What is a "device policy" within a windows domain?
Group policy can be used to enforce restriction of portable devices in a network such as flash drives by disallowing autorun or even installation of said devices.
What type of access policy do ACL's typically follow?
Implicit Deny Policy
What is a notable flaw with the Disrectionary Access Control (DAC) model?
It is susceptable to Trojan Horse Malware.
What is the downside of the Mandatory Access Control (MAC) model of access control?
Limited flexibility on the part of the administrator to change/alter/cancel access.
What are "Logical Access Control Methods"?
Logical access control methods are implemented through a technology and cotnrol access to the logical network, as opposed to controlling access to the physical areas of a building or physical access to network devices.
What are the three types of Access Control Models covered on the CompTIA Security+ Exam?
Mandatory Access Controls (MAC), Discretionary Access Controls (DAC), Role and Rule Based Access Control (RBAC)
What is a mantrap?
Mantraps are sued to control the access between a secure area and a nonsecure area. A mantrap (such as a turnstile or hallway capped with doors on either end) should be able to trap the individual halfway through, preventing them from moving forward or backward. Often used to prevent piggybacking.
Within a RBAC Access model, access is based upon what?
Membership in/assignment to a role membership.
With regards to access control, what are 'objects"?
Objects are items such as files, folders, shares and printers that are accessed by subjects.
What is a "password policy" within a Windows domain?
Password policies can be implemented using Group Policy to enforce a more secure use of passwords. The password policy only needs to be et once, but all users with domain accounts are required to comply with the password policy.
What are the access control boundary points?
Perimeter, Building, Secure Work Area, Server and Network Devices.
What is the definition of a "physical security method"?
Physical security inclused all the elements employed to restrict physical access to buildings and hardware devices.
What is piggybacking?
Piggybacking is where one user follows closely behind another user.
What are proximity cards?
Proximity cards are credit-card sized access cards that only need to be waved or places on close proximity to a card reader.
Which Access Control Model is also known as a hierarchal or task-based model?
Rule/Role Based Access Control (RBAC)
With regards to access control, what are "subjects"?
Subjects are typically users or groups that will access an Object. Occasionally, the subject may be a service that is using a service account to access an object.
True or false: Physical tokens can be used for access control as well as authentication.
TRUE
What is the Discrectionary Access Control (DAC) Model?
The DAC model specifies that every obejct has an owner, and the owner has full explicit control of the object. Access is established by the owner, who assigns permissions to users or groups. The owner can easily change permissions, making this a dynamic model.
What is the Mandatory Access Control (MAC) Model?
The MAC model uses sensitivity labels for users and data. Levels of security are defined in a lattice model, and associated permissions are set by the administrator. Access privleges are predefined and stay relatively static.
What is the Rule/Role Based Access Control (RBAC) Model?
The RBAC Model uses roles to grant access by placing users into roles based on their assigned jobs, Functions, or tasks. Rights and permissions are assigned to the roles. A user is placed into a role, thereby inheriting the rights and permissions of the role.
What is a Trojan Horse?
Trojan horses are executable files that masquerade as something useful but are actually malicious software
What is a "decentralized" user account management environment?
User accounts are stored on each individual workstation or server. A user could have multiple accounts to access on multiple systems. On Windows systems, the local database storing local user accounts is the Security Accounts Manager (SAM).
In what way does a router utilize ACL's?
Within a router, an ACL is a list of rules that define what traffic is allowed. If the traffic meets the requirements of one of the rules, it is allowed. If is does not meet the requirements of any of the rules, it is denied.\