Shared Flashcard Set

Details

CISSP (ElementK) Information Systems Access Control
CISSP, Element K 2nd Edition, Lesson 1
66
Computer Science
Professional
11/16/2009
Click here to study/print these flashcards.

Create your own flash cards! Sign up here.

Additional Computer Science Flashcards

 

 

Cards

Term
CIA Triad
 Definition
Confidentiality Integrity Availability
Term
Confidentiality
 Definition
keeping information/communications private and protecting from unauthroized access.
Term
Integrity
 Definition
keeping organization information accurate, w/o error, & unauthorized modification
Term
Availability
 Definition
ensuring systems operate continuously and authorized persons can access data they need to
Term
Access Control
 Definition
principle for determining & assigning privileges to various resources, objects, & data
Term
Reference Monitor
 Definition
component of some types on access control systems that determines if subject can access the object
Term
Reference Monitor Characteristics (three)
 Definition
1. Tamper proof
2. Always invoked
3. Compact & Verifiable
Term
Least Privilege
 Definition
principle that limits the need to know certain informaiton
Term
Need to Know
 Definition
principle based on individual's need to access classified data resources to perform a given task or job function
Term
Seperation of Duties (SoD)
 Definition
division of tasks between different people to complete a business process or work function
Term
Access Control Types (4)
 Definition
1. Identification & Authentication (I&A)
2. Authorization
3. Audit
4. Accountability
Term
I&A
 Definition
Identification & Authentication: unique identifier for a user & method(s) to ensure the identity of the user
Term
Authorization
 Definition
determines capabilities/rights of subject when accessing object
Term
Audit
 Definition
creates log/record of activities on system
Term
Accountability
 Definition
reports/reviews contents of log files. subject

NOTE: IDfier must be UNIQUE to relate to activities to one subject
Term
Access Control Services Implementation (5 steps)
 Definition
1. ID the individual/entity attempting to access an object.

2. Verify/Authenticate indiv. ID

3. Evaluate rules to see indiv's access

4. Create audit trail (access attempt & function performed)

5. Review log: see who/when accessed (done by managers)
Term
Access Control Categories (6 total: 3 suffcient, 3 additional)
 Definition
Sufficient: preventive, detective, corrective.

Additional: deterrent,recovery, compensating
Term
Preventive
 Definition
stops unauthorized access to object.

iie. CAC/BIOMETRICS
Term
Detective
 Definition
processes ID attempts to access entity w/o proper authorization. (alerts admins of attempted security violation)

iie. IDS
Term
Corrective
 Definition
responds to security violations to reduce/completely eliminate impact.

iie. IPS
Term
Deterrent
 Definition
discourages individuals from violating security policies

iie. policy that threatens termination, or imposes fine if security breached
Term
Recovery
 Definition
used to return system to operational state after CIA triad violation.

iie. backup tape, offsite journaling
Term
Access Control Types (3)
 Definition
Administrative
Physical
Technical
Term
Administrative
 Definition
AC Type that controls broad area of security.

includes personnel security, monitoring, user/pw management, permissions, etc.
Term
Physical
 Definition
AC Type used to limit physical access to protected information/facilities.

iie. locks, doors, fences, etc.
Term
Technical
 Definition
AC Type implemented in computing environment (OS, Applications, DB, Firewall)

iie. account lockout after 3 failed log on attempts
Term
Access Control Matrix
 Definition
table displaying subjects' access/permissions to an object (r w x o)
Term
Discretionary Access Control (DAC)
 Definition
restricting access to objects based on ID of subjects/groups

iie. admin privileges, user privileges
Term
Access Control List
 Definition
(DAC) list of permissions associated w/each object, specifies which subjects/groups can access, & levels if access.

more practical than ACM w/larger # of objects
Term
Mandatory Access Control (MAC)
 Definition
restricting access to objectes based on sensitivity of information in object

TOP SECRET, SECRET, CONFIDENTIAL, UNCLASSIFIED
Term
Non-Discretionary Access Techniques (5)
 Definition
Role based Access Control (RBAC)
Rule-based
Content dependent
Contstrained IF
Time-based
Term
Role based Access Control (RBAC)
 Definition
based on role/job performed by subject

Groups: Admin, user, nurse, etc
Term
Rule-based
 Definition
based on operational rules/restrictions

conditional format, like FW rules
Term
Content dependent
 Definition
limits based on subject's access based on content data

MORE OVERHEAD due to data analysis of contents
Term
Contstrained IF
 Definition
limits access by limiting interface

ATM only gives user limited information because can only interface using #pad, and limited options to manage account
Term
Time-based
 Definition
limits access based on time of day

only acess during certain hours (8am to 5pm)
Term
ID Types (2)
 Definition
ID Card
User ID
Term
Authentication Types (3)
 Definition
Something you . . .

KNOW - PW/PIN
HAVE - CAC CARD, TOKEN
ARE - BIOMETRICS
Term
Something You KNOW
 Definition
PW, PIN, Passphrase
Term
Something You HAVE
 Definition
Magnetic Striped Cards, Proxmity Cards, Smart Cards, token devices

usually require PIN

TOKEN: PIN displayed on device that user will be prompted to enter onto system as well as his/her personal PIN
Term
Something You ARE
 Definition
BIOMETRICS:
fingerprint
handprint
hand geometry
iris scan (colored eye pattern)
retina scan (blood vessel pattern)
voiceprint
facial recognition

susceptible to FRR/Type I and FAR/Type II errors
Term
False Rejection Rate
 Definition
Type I error, when authorized user is denied access
Term
False Acceptance Rate
 Definition
Type II error, when unauthorized user is granted access
Term
Crossover Error Rate
 Definition
CER: point which FRR & FAR intersect on graph
Term
Strong/2 Factor Authentication
 Definition
uses >1 type of authentication to access system/facility.

CAC & PIN, fingerprint & PIN
Term
Single Sign On (SSO) & 3 types of SSO
 Definition
single user ID & pw allow user to access all his/her applications.

Kerebros (RFC 4120)
SESAME (EUR)
KryptoKnight (IBM)
Term
Kerebros
 Definition
Credentials > Authentication Server (AS)

(from AS) Ticket Granting Ticket (TGT) > user

TGT > Ticket Granting Server (TGS)

Service Ticket (ST) > User

ST > Application Server/System Resource

susceptible to DoS attacks
Term
Access Control Administration Methods (3)
 Definition
Centralized (enterprise managed) RADIUS/TACACS/DIAMETER

De-Centralized (local managed)

Hybrid (both, however which admins can updated which accounts, changes can be overriden by central over local, vice versa)
Term
Risk
 Definition
indicates chance of exposure to damage/loss
Term
Access Control Methods (2)
 Definition
Software
Human
Term
Software Based AC Attack (8)
 Definition
DoS
Malicious SW
Brute Force
Dictionary Attack
Sniffing
Emanation
Object Reuse
Trap/Backdoor
Spoofing
Term
Human-based AC Attacks (6)
 Definition
Guessing
Shoulder surfing
Dumpster Diving
Theft
Social Engineering
Spoofing
Term
DoS
 Definition
targets network devices, bandwidth availability, servers, applications, workstations.

limit/eliminate user's ability to access network/data.
Term
Malicious SW
 Definition
causes system failures or malfunctions (affects integrity & confidentiality)

spyware, viruses, worms
Term
Brute Force
 Definition
PW attacks trying every possible combination to crack pw
Term
Dictionary Attack
 Definition
Using words from dictionary to crack pw
Term
Sniffing
 Definition
using special monitoring SW to gain access on network wire/wireless signal

used to steal content of communication or information to help access later
Term
Emanation
 Definition
obtaining protected information via electrons over wire or radio using sophisticated monitoring devices
Term
Object Reuse
 Definition
reclaiming classified/sensitive info from media once thought to have been erased or overwritten

data remanence: data left n media during file erase/deletion process
Term
Trap/backdoor
 Definition
trapdoor: hidden entry point in a program or OS that bypasses ID/authentication.

backdoor: SW attack, SW/Code used to create trapdoor aka backdoor. uses door to gain access.

delivered via trojan horse/virus
Term
Spoofing
 Definition
attacker assumes ID

IP
MAC
DNS
Term
Intrustion Detection Systems (IDS)
 Definition
ID and addresses potential attacks on host or network (hosted based, versus network based)

signature based: known patterns aka signatures

anomaly based: detects changes in normal behavior (needs to be learned)
Term
IDS Modes (2)
 Definition
Monitoring (alerts admints)
Prevention (IPS, blocks automatically if detected)
Term
IDS Categories (8)
 Definition
Network
Host-based
Signature-based
Anomaly-based
Protocol-based (PROXY)
Application-protocol-based (Application & Proxy)
Hybrid (2 or more IDS)
Passive/Reactive (alert vs IPS method)
Term
Penetration Test
 Definition
Controlled use of attack methods to test security

performed by internal or 3rd party

PROCESS:

1. Reconnaissance: collecting information about target

2. Enummeration: gaining more details from recon

3. vulnerability analysis: using info from enummeration to determine vulnerabilities

4. exploit vulnerabilities
Term
Penetration Test Types (7)
 Definition
Network Scan - using port scanner to enumerate applications

Social Engineering - get info to gain access to system

War Dialing - using modem to dial #s to locate systems PBX, HVAC

War Driving - locates/attempts to penetrate wireless systems

Vulnerability scanning - exploit known weakness in OS/Apps (from Recon/Ennum)

Blind testing - unknown test (RED TEAM)

targeting testing - known test (Green Team)
Supporting users have an ad free experience!