GMU IT 223 Exam 2 (Lecture 5-9)

What is access control?

authorized entities can use a system when they need to.

How is policy related to access control?

Policy driven control of access to systems, data, and dialogues. Examples of access control include barriers, passwords, and bio-metrics.

What is the role of authentication

in access control?

Verification (or not) of an individual's claim (usually of identity).

What is the role of authorization in access control?

An entity (via his/her/its identity) is given certain permissions to access particular resources.

What is the role of auditing in access control?

After-the-fact analysis of data collected about an individual's activities

What are 4 different ways to authenticate a claim of identity? Can you give an example of each?

- What you know - a password for an account

- What you have - a door key, a smart card

- Who you are - fingerprint

- What you do - how you pronounce a passphrase

What is multi-factor authentication? Why is it useful?

Role Based Access Control (RBAC). Lessens number of opportunities for errors

How does MFA impact the probability of a false negative result?

Increases probability of false negative

How does MFA impact the probability of a false positive result?

Decreases probability of false positive

What is mandatory access control?

Strict access control barriers to gain Entry, no variation allowed.

What is discretionary access control?

A department can decide what access to allow for each individual.

How does a multi-level security (MLS) system work?

Classified information requires complex layers of control that far exceed basic clearance granting and badge granting policies. On a NTK (Need to Know) access

Can you give examples of common policy requirements for physical security?

CCTV, wireless cameras, preventing dumpster diving, PC locking when leaving desk.

Why is it important to consider utilities?

Electricity, water, HVAC must be supplied to adequate level, inspected and tested regularly. Also, backup generator.

What are important issues to remember when disposing of computer equipment?

Ensure data destruction, keeping records of decommissioned equipment, minimize environmental liabilities, and choosing the right vendors

What is the role of a password in access control?

allows you to restrict access to vital password information on a "need to know" basis. The most common form is "role-based access control" which allows you to assign broad roles (with a set of password permissions) and then assign users to those roles.

Can you give examples of common policy requirements for passwords?

Changing passwords on regular intervals, not changing the password to something you've had before, at least 8 characters long, at least one change of case, at least one digit, at least one special character, and not at the end of the password.

How do users sometimes misuse passwords?

Sharing passwords or accounts and reusing passwords on different systems and sites.

Can you give examples of physical devices used in access control?

In Cabling Security, wiring has to be sufficiently hidden from tapping capabilities, or accidental cutting. Wiring closets locked and monitored.

What is the most important issue when using physical devices in this way?

Loss and Theft are common. 2 Factor authentication eases loss or theft.

What does "bio-metrics" mean literally? in the I.T. context?

based on something you are (your fingerprint, iris pattern, face, hand geometry, etc.) or something you do (write, type, walk, etc.). The major promise of bio-metrics is to make reusable passwords obsolete.

The process by which a person's unique physical and other traits are detected and recorded by an electronic device or system as a means of confirming identity.

Can you give examples of common bio-metric technologies?

Fingerprint recognition, iris scanning, and face recognition

What are two important parts of the bio-metric process that are never perfect?

Overly exact matches cause false rejections. Too loose a matching index will cause false acceptances.

What is a false acceptance rate (FAR)?

Match to a template that should not be made.

What is a false rejection rate (FRR)?

rate of false acceptances as a percentage of total access attempts

What are three different purposes for which bio-metric are commonly used?

Verification, supplicant is compared to table entry or template.

Identification, situation where the supplicant does not state his or her identity door access.

What are ways in which a bio-metric process can fail?

Error, when subject is not trying to fool system. Deception, subject hides face from cameras, uses an impersonation of finger print. Unavailability.

How can a cryptographic process support authentication?

HMACs, M.S.CHAP, and Digital Signatures.

What service/s can it provide?

HMACs provide key hashed message authentication codes which are Fast and inexpensive.

M.S. CHAP Windows using passwords for initial authentication.

Digital Signatures with digital certificates are extremely strong but slow, also good for initial authentication.

What is a PKI?

is a collection of software, standards, and policies that are combined to allow users from the Internet or other unsecured public networks to securely exchange data.

What are the components of a PKI?

components include digital certificates, certificate revocation lists, and certification authorities.

What is a PKI's purpose?

Using public key authentication with digital certificates requires the organization to establish a public key infrastructure (PKI) to create and manage public key-private key pairs and digital certificates.

How might an attacker compromise a PKI?

If an impostor can deceive the provisioning authority, the system breaks down (if given credentials, there is no effective technology access control).

What is a very important issue related to enrolling users in an authentication process?

Unless individuals are carefully vetted before being allowed access to the system, impostors can simply enroll through social engineering.

How does the principle of least permissions relate to authorization?

that each person should only get the permissions that he or she absolutely needs to do his or her job. It results in systems failing safely

What is the purpose of auditing?

Database administrators use this to collect information about users' interactions with databases. Auditing provides administrators with the means of detecting noncompliance with established security policies.

What is federated identity management?

the centralized policy-based management of all information required for access to corporate systems by a person, machine, program, or other resources. Used between two companies or organizations.

Site and Facility physical security principles

Path Dependency

Voice, Data, Video, Power, etc....should be on different, physically disparate paths

Heating, Cooling, Power Generation

Fire suppression

Lighting

Emergencies...

Site selection

- Political situation

- Geographic situation

- Vulnerabilities

Design and implement physical security

Fencing; lighting; locks; construction materials; mantraps; dogs and guards.

Focus on Functional Order -

Deterrence, Denial, Detection, Delay

Equipment failure

Guarantee availability of resources, and

integrity of data in those resources

• Replacement plans - vendor levels of

support, etc.

• Replace aging hardware

- MTTF mean time to failure

- MTTR mean time to repair

Wiring closets

never use as general storage; keep clean and organized, no flammables

Server rooms

One hour minimum fire rating

Halogen / CO2 systems

Cooled adequately

Raised floors

DRPs (later on semester will visit again)

Media storage facilities

Locked

Managed

Check-in/Check-out process - controlled

Sanitization for reusables

Evidence Storage

Dedicated - separate from production networks

Keep system offline, and disconnected from internet

Evidence storage

Likely to involve the following:

A dedicated storage system distinct from the production network. Potentially keeping the storage system offline when not actively having new datasets transferred to it

Restricted and work area security/op-centers

Special cases

Not equal access to all locations

Server rooms, strictly controlled

Concentric Circles of protection

Shoulder surfing prevention

RFID?

Escorted access

Data centers

smartcard, proximity reader

Utilities and HVAC

Fault - momentary loss of power

Blackout - complete loss of power

Sag - momentary low voltage

Brownout - prolonged low voltage

Spike - momentary high voltage

Surge - prolonged high voltage

Inrush - initial surge of power - when first connecting

Noise - a steady interfering disturbance or fluctuation

Transient - a short duration of line noise disturbance

Clean - non-fluctuating pure power

Ground - wire that grounds a circuit

fire prevention/detection/suppression

starts as smoke and then becomes flames and becomes hot overtime.

water suppresses temp.

soda acid and dry powders suppress fuel supply

perimeter

fences, gates, man traps

Describe the science of digital forensics

defined as the use of scientifically derived and proven methods toward the preservations, collection, validation, identification,

analysis, interpretation, documentation, and presentation of digital evidence for the purpose of facilitating or furthering the reconstruction of

events found to be criminal or helping to anticipate unauthorized actions shown to be disruptive to planned operations."

Categorize the different communities and areas within digital forensics

Law Enforcement, Military IW Operations, Business & Industry

Media Analysis - Examining physical media's content for evidence.

Code Analysis - Review of software for malicious signatures. i.e. grep

Network Analysis - Scrutinize network traffic and logs to identify and locate.

Explain where computer forensics fits into DFS

analysis of data stored on or retrieved from computer storage media in such a way that the

information can be used as evidence in a court of law.

Describe criminalistics as it relates to the investigative process

The application of science to those criminal and

civil laws that are enforced by police agencies in a

criminal justice system

Discuss the 3 A's of the computer forensics methodology

• Acquire the evidence without altering or damaging the original.

• Authenticate the image.

• Analyze the data without modifying it.

Critically analyze the emerging area of cyber-criminalistics

Different from other forensic sciences as the media that is examined and the tools/techniques for the

examiner are products of a market-driven private

sector

Explain the holistic approach to cyber-forensics.

A holistic and risk-based approach to cyber-security ultimately ensures that your entire organization is capable of detection, prevention, and correction of cyber-security threats and vulnerabilities.

What are the origins of the word "cryptography"?

The word "cryptography" comes from Latinized Greek roots crypto meaning "hidden" or "private" and meaning "writing".

What is cryptography?

the transformation of meaningful data into something else and perhaps vice versa

What is cryptanalysis?

described as the process of defeating cryptographic systems.

What is plaintext?

Meaningful original data

What is ciphertext?

meaningless Encrypted data

What is a code? How is it different from a cipher?

A code is a system for representing data using a set of symbols.

Cipher is a process for concealing the meaning of a message.

What is encryption?

a process that converts plaintext into (hopefully) meaningless data called ciphertext.

What is decryption?

a process that converts ciphertext back into the original plaintext.

What is a key?

Encryption process is varied by incorporating a data value called a key.

What is symmetric cryptography? Why is it called "symmetric"?

the decryption process is the equal and opposite of the encryption process, meaning it uses the inverse operations in the reverse sequence for each cycle of decryption.

What key/s is/are used in symmetric cryptography?

the same key is used in encryption and decryption.

What is a challenge in symmetric cryptography?

Sharing the key is a challenge in symmetric cryptography.

What services can symmetric cryptography provide?

Confidentiality, Authentication of origin, Authentication of integrity

What is asymmetric cryptography? Why is it called "asymmetric"?

the decryption process is NOT the equal and opposite of the encryption process, meaning it does NOT use the inverse operations in the reverse sequence in each cycle of decryption.

What key/s is/are used in asymmetric cryptography?

encryption and decryption are the same operation but two different keys are used.

What is a challenge in asymmetric cryptography?

Authenticating someone else's public key is a challenge.

What services can asymmetric cryptography provide?

Confidentiality, Authentication of origin, Non-repudiation

Is there a significant difference in performance between modern symmetric and asymmetric algorithms?

Modern symmetric algorithms are typically used with keys of moderate length (e.g. 128 bits) and perform a sequence of very simple operations a small number of times. (FAST)

Modern asymmetric algorithms are typically used with very long keys (e.g. 2048 bits) and perform very CPU-intensive calculations. (SLOW)

How can asymmetric and symmetric algorithms be used together?

a one-time key value (called a "session key") is encrypted asymmetrically with a recipient's public key and a data set is encrypted symmetrically with that key value.

What is a substitution cipher? Can you give examples of substitution operations?

involves replacing a data value with another according to some rule(fixed replacement, variable replacement, table lookup, math, boolean)

What is a transposition cipher? Can you give examples of transposition operations?

involves rearranging the sequence of a set of values without altering each one (other than its place in the sequence)(swaps, rotations, shifts)

What is a product cipher?

uses both substitution and transposition operations.

What is a brute force attack?

involves trying every possible key value to decrypt intercepted ciphertext until the output seems to be valid plaintext.

What is a dictionary attack?

Remembering a long sequence of pseudo-random characters is impractical for almost all of us, especially if it changes often.

How might statistical analysis be useful in cryptanalysis?

This involves attempting to find non-random "patterns" in intercepted ciphertext that might reveal the plaintext

What is side-channel analysis?

This involves measuring some side-effect of the encryption/decryption in an attempt to learn some or all of the bits in the key

How might public data be useful in cryptanalysis?

This involves attempting to learn private data by analyzing public data related to it

If large-scale quantum computing becomes feasible how might it affect information security?

At present this is theoretical. It has been suggested that a big enough quantum computer could break solve of the "too big" problems that non-quantum computing can't solve in practical time.

What is social engineering

The practice of tricking people into giving private info or allow unsafe programs into the network.

What is a public communications channel? Can you give examples?

A channel anyone can listen in to. An example of this is a police scanner.

What types of attack are possible over a public communications channel?

MITM, eavesdropping.

Which information security service/s could encryption/decryption provide?

Origin and integrity.

Which key/s are used in asymmetric encryption/decryption?

Private and Public key. the owner contains the private key.

Which key/s are used in symmetric encryption/decryption?

Uses the same key to encrypt and decrypt

Which information security service/s might each attack violate?

All 6 of them

How can authentication of the origin of a message be enabled?

by a recipient the sender of a message must add some data that a recipient can check and that an attacker could not have created correctly.

What is/are the inputs to a MAC function? What is the output?

Message and key. Value has no apparent relationship with the message nor the key

- appears to be random.

What makes the output pseudo-random?

Properties of Symmetric encryption algorithm.

What is a collision onto a MAC value? Why is it very unlikely?

Two different MAC addresses produce the same key.

What does the recipient of a message and a MAC do with them? Why?

Checks to see of the MAC's match up. This is to tell if the message was interfered with or intercepted. She authenticates the integrity of the message.

What does it mean if the recipient's locally generated MAC is identical to the received MAC?

A collision has most likely not occurred.

How can an encryption algorithm be used in a MAC function?

When an algorithm is used in a Mac function only the "forward cipher" (the encryption part) is used.

What is/are the inputs to a hash function? What is the output?

A message. Appears to be random. Outputs a fixed-length value.