Topic 1: Access Control
Which of the following statements relating to the Bell-LaPadula security model is FALSE
(assuming the Strong Star property is not being used) ?
A.
A subject is not allowed to read up.
B.
The property restriction can be escaped by temporarily downgrading a high level
subject.
C.
A subject is not allowed to read down.
D.
it is restricted to confidentiality
A subject is not allowed to read down.
It is not a property of Bell LaPadula model.
The other answers are incorrect because:
A subject is not allowed to read up is a property of the 'simple security rule' of Bell
LaPadula model.
The property restriction can be escaped by temporarily downgrading a high level subject
can be escaped by temporarily downgrading a high level subject or by identifying a set of
trusted objects which are permitted to violate the property as long as it is not in the middle
of an operation.
It is restricted to confidentiality as it is a state machine model that enforces the
confidentiality aspects of access control.
Reference: Shon Harris AIO v3 , Chapter-5 : Security Models and Architecture , Page:279- 282
Which of the following control pairings include: organizational policies and procedures, preemployment
background checks, strict hiring practices, employment agreements,
employee termination procedures, vacation scheduling, labeling of sensitive materials,
increased supervision, security awareness training, behavior awareness, and sign-up
procedures to obtain access to information systems and networks?
A.
Preventive/Administrative Pairing
B.
Preventive/Technical Pairing
C.
Preventive/Physical Pairing
D.
Detective/Administrative Pairing
Preventive/Administrative Pairing
The Answer: Preventive/Administrative Pairing: These mechanisms include
organizational policies and procedures, pre-employment background checks, strict hiring
practices, employment agreements, friendly and unfriendly employee termination
procedures, vacation scheduling, labeling of sensitive materials, increased supervision,
security awareness training, behavior awareness, and sign-up procedures to obtain access
to information systems and networks.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.
Access Control techniques do not include which of the following?
A.
Rule-Based Access Controls
B.
Role-Based Access Control
C.
Mandatory Access Control
D.
Random Number Based Access Control
Random Number Based Access Control
Access Control Techniques
Discretionary Access Control
Mandatory Access Control
Lattice Based Access Control
Rule-Based Access Control
Role-Based Access Control
Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 13.
Which of the following is an example of discretionary access control?
A.
Identity-based access control
B.
Task-based access control
C.
Role-based access control
D.
Rule-based access control
Identity-based access control
An identity-based access control is an example of discretionary access
control that is based on an individual's identity. Identity-based access control (IBAC) is
access control based on the identity of the user (typically relayed as a characteristic of the
process acting on behalf of that user) where access authorizations to specific objects are
assigned based on user identity.
Rule Based Access Control (RuBAC) and Role Based Access Control (RBAC) are
examples of non-discretionary access controls.
Rule-based access control is a type of non-discretionary access control because this
access is determined by rules and the subject does not decide what those rules will be, the
rules are uniformly applied to ALL of the users or subjects.
In general, all access control policies other than DAC are grouped in the category of nondiscretionary
access control (NDAC). As the name implies, policies in this category have
rules that are not established at the discretion of the user. Non-discretionary policies
establish controls that cannot be changed by users, but only through administrative action.
Both Role Based Access Control (RBAC) and Rule Based Access Control (RuBAC) fall
within Non Discretionary Access Control (NDAC). If it is not DAC or MAC then it is most
likely NDAC.
BELOW YOU HAVE A DESCRIPTION OF THE DIFFERENT CATEGORIES:
MAC = Mandatory Access Control Under a mandatory access control environment, the system or security administrator will
define what permissions subjects have on objects. The administrator does not dictate
user’s access but simply configure the proper level of access as dictated by the Data
Owner.
The MAC system will look at the Security Clearance of the subject and compare it with the
object sensitivity level or classification level. This is what is called the dominance
relationship.
The subject must DOMINATE the object sensitivity level. Which means that the subject
must have a security clearance equal or higher than the object he is attempting to access.
MAC also introduce the concept of labels. Every objects will have a label attached to them
indicating the classification of the object as well as categories that are used to impose the need to know (NTK) principle. Even thou a user has a security clearance of Secret it does
not mean he would be able to access any Secret documents within the system. He would
be allowed to access only Secret document for which he has a Need To Know, formal
approval, and object where the user belong to one of the categories attached to the object.
If there is no clearance and no labels then IT IS NOT Mandatory Access Control.
Many of the other models can mimic MAC but none of them have labels and a dominance
relationship so they are NOT in the MAC category. DAC = Discretionary Access Control
DAC is also known as: Identity Based access control system.
The owner of an object is define as the person who created the object. As such the owner
has the discretion to grant access to other users on the network. Access will be granted
based solely on the identity of those users.
Such system is good for low level of security. One of the major problem is the fact that a
user who has access to someone's else file can further share the file with other users
without the knowledge or permission of the owner of the file. Very quickly this could
become the wild wild west as there is no control on the dissimination of the information.
RBAC = Role Based Access Control
RBAC is a form of Non-Discretionary access control.
Role Based access control usually maps directly with the different types of jobs performed
by employees within a company.
For example there might be 5 security administrator within your company. Instead of
creating each of their profile one by one, you would simply create a role and assign the
administrators to the role. Once an administrator has been assigned to a role, he will
IMPLICITLY inherit the permissions of that role.
RBAC is great tool for environment where there is a a large rotation of employees on a
daily basis such as a very large help desk for example RBAC or RuBAC = Rule Based Access Control
RuBAC is a form of Non-Discretionary access control.
A good example of a Rule Based access control device would be a Firewall. A single set of
rules is imposed to all users attempting to connect through the firewall.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.
and
NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf
and
http://itlaw.wikia.com/wiki/Identity-based_access_control
An access system that grants users only those rights necessary for them to perform their
work is operating on which security principle?
A.
Discretionary Access
B.
Least Privilege
C.
Mandatory Access
D.
Separation of Duties
Least Privilege
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation
Which access control model provides upper and lower bounds of access capabilities for a
subject?
A.
Role-based access control
B.
Lattice-based access control
C.
Biba access control
D.
Content-dependent access control
Lattice-based access control
the lattice model, users are assigned security clearences and the data is
classified. Access decisions are made based on the clearence of the user and the
classification of the object. Lattice-based access control is an essential ingredient of formal
security models such as Bell-LaPadula, Biba, Chinese Wall, etc.
The bounds concept comes from the formal definition of a lattice as a "partially ordered set
for which every pair of elements has a greatest lower bound and a least upper bound." To
see the application, consider a file classified as "SECRET" and a user Joe with a security
clearence of "TOP SECRET." Under Bell-LaPadula, Joe's "least upper bound" access to
the file is "READ" and his least lower bound is "NO WRITE" (star property).
Role-based access control is incorrect. Under RBAC, the access is controlled by the
permissions assigned to a role and the specific role assigned to the user.
Biba access control is incorrect. The Biba integrity model is based on a lattice structure but
the context of the question disqualiifes it as the best answer. Content-dependent access control is incorrect. In content dependent access control, the
actual content of the information determines access as enforced by the arbiter.
References:
CBK, pp. 324-325. AIO3, pp. 291-293. See aprticularly Figure 5-19 on p. 293 for an illustration of bounds in
action.
Which of the following is a trusted, third party authentication protocol that was developed
under Project Athena at MIT?
A.
Kerberos
B.
SESAME
C.
KryptoKnight
D.
NetSP
Kerberos
Kerberos is a trusted, third party authentication protocol that was developed
under Project Athena at MIT.
Kerberos is a network authentication protocol. It is designed to provide strong
authentication for client/server applications by using secret-key cryptography. A free
implementation of this protocol is available from the Massachusetts Institute of Technology.
Kerberos is available in many commercial products as well.
The Internet is an insecure place. Many of the protocols used in the Internet do not provide
any security. Tools to "sniff" passwords off of the network are in common use by systems
crackers. Thus, applications which send an unencrypted password over the network are
extremely vulnerable. Worse yet, other client/server applications rely on the client program
to be "honest" about the identity of the user who is using it. Other applications rely on the
client to restrict its activities to those which it is allowed to do, with no other enforcement by
the server.
Some sites attempt to use firewalls to solve their network security problems. Unfortunately,
firewalls assume that "the bad guys" are on the outside, which is often a very bad
assumption. Most of the really damaging incidents of computer crime are carried out by
insiders. Firewalls also have a significant disadvantage in that they restrict how your users
can use the Internet. (After all, firewalls are simply a less extreme example of the dictum
that there is nothing more secure then a computer which is not connected to the network --
and powered off!) In many places, these restrictions are simply unrealistic and
unacceptable. Kerberos was created by MIT as a solution to these network security problems. The
Kerberos protocol uses strong cryptography so that a client can prove its identity to a
server (and vice versa) across an insecure network connection. After a client and server
have used Kerberos to prove their identity, they can also encrypt all of their
communications to assure privacy and data integrity as they go about their business.
Kerberos is freely available from MIT, under a copyright permission notice very similar to
the one used for the BSD operating and X11 Windowing system. MIT provides Kerberos in
source form, so that anyone who wishes to use it may look over the code for themselves
and assure themselves that the code is trustworthy. In addition, for those who prefer to rely
on a professional supported product Kerberos is available as a product from many
different vendors.
In summary, Kerberos is a solution to your network security problems. It provides the tools
of authentication and strong cryptography over the network to help you secure your
information systems across your entire enterprise. We hope you find Kerberos as useful as
it has been to us. At MIT, Kerberos has been invaluable to our Information/Technology
architecture.
KryptoKnight is a Peer to Peer authentication protocol incorporated into the NetSP product
from IBM.
SESAME is an authentication and access control protocol, that also supports
communication confidentiality and integrity. It provides public key based authentication along with the Kerberos style authentication, that uses symmetric key cryptography.
Sesame supports the Kerberos protocol and adds some security extensions like public key
based authentication and an ECMA-style Privilege Attribute Service. The complete Sesame
protocol is a two step process. In the first step, the client successfully authenticates itself to
the Authentication Server and obtains a ticket that can be presented to the Privilege
Attribute Server. In the second step, the initiator obtains proof of his access rights in the
form of Privilege Attributes Certificate (PAC). The PAC is a specific form of Access Control
Certificate as defined in the ECMA-219 document. This document describes the extensions
to Kerberos for public key based authentication as adopted in Sesame.
SESAME, KryptoKnight, and NetSP never took off and the protocols are no longer
commonly used. References:
http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#whatis and
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 40.
Smart cards are an example of which type of control?
A.
Detective control
B.
Administrative control
C.
Technical control
D.
Physical control
Technical control
Logical or technical controls involve the restriction of access to systems and
the protection of information. Smart cards and encryption are examples of these types of
control.
Controls are put into place to reduce the risk an organization faces, and they come in three
main flavors: administrative, technical, and physical. Administrative controls are commonly
referred to as “soft controls” because they are more management-oriented. Examples of
administrative controls are security documentation, risk management, personnel security,
and training. Technical controls (also called logical controls) are software or hardware
components, as in firewalls, IDS, encryption, identification and authentication mechanisms.
And physical controls are items put into place to protect facility, personnel, and resources.
Examples of physical controls are security guards, locks, fencing, and lighting.
Many types of technical controls enable a user to access a system and the resources
within that system. A technical control may be a username and password combination, a
Kerberos implementation, biometrics, public key infrastructure (PKI), RADIUS, TACACS +, or authentication using a smart card through a reader connected to a system. These
technologies verify the user is who he says he is by using different types of authentication
methods. Once a user is properly authenticated, he can be authorized and allowed access
to network resources.
Reference(s) used for this question: Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 245). McGraw-
Hill. Kindle Edition.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page 32).
Which access control model is best suited in an environment where a high security level is
required and where it is desired that only the administrator grants access control?
A.
DAC
B.
MAC
C.
Access control matrix
D.
D. TACACS
MAC
MAC provides high security by regulating access based on the clearance of
individual users and sensitivity labels for each object. Clearance levels and sensitivity
levels cannot be modified by individual users - for example, user Joe (SECRET clearance)
cannot reclassify the "Presidential Doughnut Recipe" from "SECRET" to "CONFIDENTIAL"
so that his friend Jane (CONFIDENTIAL clearance) can read it. The administrator is
ultimately responsible for configuring this protection in accordance with security policy and
directives from the Data Owner DAC is incorrect. In DAC, the data owner is responsible for controlling access to the object.
Access control matrix is incorrect. The access control matrix is a way of thinking about the
access control needed by a population of subjects to a population of objects. This access
control can be applied using rules, ACL's, capability tables, etc.
TACACS is incorrect. TACACS is a tool for performing user authentication.
References:
CBK, p. 187, Domain 2: Access Control.
AIO3, Chapter 4, Access Control.
In discretionary access environments, which of the following entities is authorized to grant
information access to other people?
A.
Manager
B.
Group Leader
C.
Security Manager
D.
Data Owner
Data Owner
In Discretionary Access Control (DAC) environments, the user who creates a
file is also considered the owner and has full control over the file including the ability to set
permissions for that file.
The following answers are incorrect:
manager. Is incorrect because in Discretionary Access Control (DAC) environments it is the owner/user that is authorized to grant information access to other people.
group leader. Is incorrect because in Discretionary Access Control (DAC) environments it is
the owner/user that is authorized to grant information access to other people.
security manager. Is incorrect because in Discretionary Access Control (DAC)
environments it is the owner/user that is authorized to grant information access to other
people.IMPORTANT NOTE:
The term Data Owner is also used within Classifications as well. Under the subject of
classification the Data Owner is a person from management who has been entrusted with a
data set that belongs to the company. For example it could be the Chief Financial Officer
(CFO) who is entrusted with all of the financial data for a company. As such the CFO would
determine the classification of the financial data and who can access as well. The Data
Owner would then tell the Data Custodian (a technical person) what the classification and
need to know is on the specific set of data. The term Data Owner under DAC simply means whoever created the file and as the
creator of the file the owner has full access and can grant access to other subjects based
on their identity.
Page 5 out of 105 Pages |
Previous |