sem 3 Flashcards
Types of Access Control
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
- Role- Based Access Control (RBAC)
What is Mandatory Access Control (MAC)
MAC is access based on security labels and security clearances. A user cannot grant clearance to another person. Only the administrator can grant access to users. MAC is strict and it can be applied in environments where tight control is necessary such as military.
Discretionary Access Control (DAC)
it is based on the subject and the access rules that states whether the subjects can perform certain actions on the object.
Subjects have controlled access to their own objects. it is flexible because subjects can grant access to other subjects, but can be too messy
Role-Based Access Control (RBAC)
access is based on the role subjects are assigned to and the rules that state which roles have access to which objects.
administrators assign access rights to roles, instead of individual users.
it is less flexible than DAC, but easily manageable because it is centrally-controlled.
Draw a general model for File Access
slide 22
- has the subject
- object
- and access right
what are the 3 groups that can be granted permission in Linux?
- User (owner)
- groups
- others
ls -l /etc/passwd
sees which user has what type of access to the file.
output: rw-r–r– (other stuff.._)
id
id command shows us what groups we are assigned to.
groups root
helps us to see the members of the group named “root”.
touch suss1
creates a file named “suss1”
ls -l suss1
shows us the permissions for only filed name “suss1”
output: -rw-rw-r–
chmod 765 suss1
ls -l suss1
changes permission for the file that was created by the user or owned by the user.
output: -rwxrw-r-x
values of read, write and execute command.
what is the value of
rw-r-xr?
read: 4
write: 2
execute:1
rw-r-xr–:
rw:4 + 2 = 6
r-x: 4 + 1 = 5
r–: 4
Therfore, it should be chmod 654 suss1
ls -l suss1
chmod u+x suss1
chmod ug-x suss1
chmod +x suss1
outputs:
-rw-r-xr-
-rwxr-xr–
-rw-r–r–
-rwxr-x-rx–
what command do you put if you want to remove write access for user and gain write access for group?
chmod u-w,g+w suss1
ls -l
what are the 3 types of security threats for operating systems
- intruders
- malicious software
- Buffer overflow
what are the 3 types of intruders?
Masquerader: usually outsider, breaks system access control and pretends to be another user.
Misfeasor: usually insider, user misuses his or her access privileges or access resources he or she does not have access to.
Clandestine: usually insider or outsider, gets root control system and bypasses access control
what are the 2 groups of malicious software?
independent: known as a self-contained program, and can be run by the OS (worm)
needs a host program: known as a parasitic, needs to be attached to a host program (virus)
it can destroy files and bypass access control.
Explain Buffer Overflow
– can occur because of programming error when a process
attempts to overwrite adjacent memory location
– can result in the attacker able to gain control in the
program
– attacker can use Metasploit against unpatched system
(that is vulnerable to buffer overflow) and get a shell
remotely
What are the 3 countermeasures for the 3 security threats mentioned?
- Authentication
- Access Control
- Buffer Overflow Countermeasures
Authentication
To identify and verify users or whom they claim to be.
OS can use these information to authenticate:
1. Something you know: username and passwords
2. Something you are: fingerprints
3. Something you have: ATM card
Two or more factors can be implemented to enhance security.
Access Control
works hand in hand with authentication
provides the correct access rights after authentication
sudo su -
adduser david
cat /etc/passwd
a more user friendly way to add a new user in the Linux OS
last command helps to check if the new user has been successfully added.
deluser david
delete the user david
