SANS GICSP EXAM 100% CORRECT!!
Access Control Models - ANSWERSInformation Flow
Non Interference
Confidentiality of Stored Information
- Bell-LaPadula (Mandatory Access Control)
- Access Matrix (Read, Write or Execute or R/W/X)
- Take-Grant (Rights = Create, Revoke, Take and Grant
Integrity of Stored Information
- Biba Integrity Model (Bell-LaPadula upside down)
- Clark-Wilson
Mandatory Access Control (MAC) - ANSWERSPermissions to objects are managed
centrally by an administrator. Is an access policy determined by the system, rather than
by the owner. Organizations use this in multilevel systems that process highly sensitive
data such as classified govt or military.
Examples: 1) Rule-based, 2) Lattice Model
Discretionary Access Control (DAC) - ANSWERSIs an access policy determined by the
owner of a file (or other resource). The owner decides who's allowed access to a file
and what privileges they have.
Role Based Access Control (RBAC) - ANSWERSA method of implementing
discretionary access controls in which access decisions are based on group
membership, according to organization or functional roles.
LDAP - Lightweight Directory Access Protocol - ANSWERSAn Internet Protocol (IP) and
data storage model that supports authentication and directory functions. It is a remote
access authentication protocol. Vendors = Microsoft Active Directory, CA eTrust
Directory, Apache Directory Server, Novell eDirectory, IBM SecureWay and Tivoli
Directory Server, Sun Directlry Server. OpenLDAP and tinyldap open source versions.
User Account - ANSWERSAllows a user to authenticate to system services and be
granted authorization to access them; however, authentication does not imply
authorization.
Service Account - ANSWERSIs an account that a service on your computer uses to run
under and access resources. This should not be a user's personal account. Can also be
an account that is used for a scheduled task (e.g., batch job account) or an account that
is used in a script that is run outside of a specific user's context. (Ref GIAC White
Paper)
,Default Account - ANSWERSSystem login account predefined in a manufactured
system to permit initial access when system is first put into service. (pciscanner)
Guest Account - ANSWERSFor users who don't have a permanent account on your
computer or domain. It allows people to use your computer without having access to
personal files. Per MSFT cannot install software or hardware, change settings, or create
a password. (MSFT)
Account expiration - ANSWERSA time limit that is applied to the life of an account, so
that it can be used only for a predetermined period of time. (MSFT)
Access Control List (ACL) - ANSWERSList of subjects (including groups, machines,
processes*) that are authorized to access a particular object. Typically, the types of
access are read, write, execute, append, modify, delete and create. (Harris) (*NIST)
Access Reconciliation - ANSWERSThe action of making accounts consistent. A
process used to compare two sets of records to ensure the data are in agreement and
are accurate.
Configuration Control - ANSWERSProcess of controlling modifications to hardware,
firmware, software and documentation to protect the information system against
improper modification prior to, during, and after system implementation. (NIST)
Baseline Configuration - ANSWERSA set of specifications for a system that has been
formally reviewed and agreed on at a given point in time, and which can be changed
only through change control procedures. Used as a basis for future builds, releases,
and/or changes. (NIST)
Baseline - ANSWERSA process that identifies a consistent basis for an organization's
security architecture, taking into account system-specific parameters, such as different
operating systems. (Dummies)
A minimum level of security necessary throughout the organization (CISA)
Configuration Auditing - ANSWERSCheck that:
- Change was recorded correctly and work matched the Request for Change (RFC)
- Change had appropriate risk level
- Configuration items updated appropriately
- Documentation updated
(CISCO)
WSUS - Windows Server Update Services - ANSWERSNext version of automatic
updates for internal use. Built into Windows Server 2003. Previously called Software
Update Services (SUS) and Windows Update Services (WUS) but now obsolete.
(Day 3, Page 56-57)
, Attack - Man-in-the-Middle (MITM) - ANSWERSA type of attack in which an attacker
intercepts messages between two parties and forwards a modified version of the orginal
message. (Dummies)
Attack - Spoofing - ANSWERSTechnique used to forge TCP/IP packet information or
email header information. In network attacks it is used to gain access to systems by
impersonating the IP address of a trusted host. In email the sender address is forged to
trick an email users into opening or responding to an email. (Dummies)
Attack - Social Engineering - ANSWERSA low tech attack method that employs
techniques such as dumpster diving and shoulder surfing. (Dummies) A practice of
obtaining confidential information by manipulation of legitimate users (ISA)
Attack - Denial of Service (DoS) - ANSWERSAn attack on a system or network with the
intention of making the system or network unavailable for use. (Dummies) In the context
of ICS, can refer to loss of process function, not just loss of data communictions. (ISA)
Data Manipulation - ANSWERSA process of altering register data so as to change
output status, without altering the ladder program. (www.toolingu.com)
Attack - Session Hijacking - ANSWERSSimilar to Man in the Middle Attack, except that
the attacker impersonates the intended recipient instead of modifying messages in
transit. (Dummies)
Unauthorized Access - ANSWERS- Occurs when user, legimate or unauthorized,
accesses a resource that the user is not permitted to use. (FIPS 191)
- Viewing private accounts, messages, files or resources when one has not been given
permission from the owner to do so. Viewing confidential information without permission
or qualifications can result in legal action. (Business Dictionary)
Health, Safety and Environmental (HSE) - ANSWERSResponsibility for protecting the
health and safety of workers and surrounding community and maintaining high
environmental stewardship. (ISA)
Safety - Process Hazard Analysis (PHA) (aka Process Hazard Evaluation) -
ANSWERSis a set of organized and systematic assessments of the potential hazards
associated with an industrial process. Provides information to assist managers and
employees in making decisions for improving safety and reducing the consequences of
unwanted or unplanned releases of hazardous chemicals. (Wiki)
Safety - HAZOP - Hazard Operations - Hazard and Operability Study - ANSWERSA
Qualitative Technique.
Access Control Models - ANSWERSInformation Flow
Non Interference
Confidentiality of Stored Information
- Bell-LaPadula (Mandatory Access Control)
- Access Matrix (Read, Write or Execute or R/W/X)
- Take-Grant (Rights = Create, Revoke, Take and Grant
Integrity of Stored Information
- Biba Integrity Model (Bell-LaPadula upside down)
- Clark-Wilson
Mandatory Access Control (MAC) - ANSWERSPermissions to objects are managed
centrally by an administrator. Is an access policy determined by the system, rather than
by the owner. Organizations use this in multilevel systems that process highly sensitive
data such as classified govt or military.
Examples: 1) Rule-based, 2) Lattice Model
Discretionary Access Control (DAC) - ANSWERSIs an access policy determined by the
owner of a file (or other resource). The owner decides who's allowed access to a file
and what privileges they have.
Role Based Access Control (RBAC) - ANSWERSA method of implementing
discretionary access controls in which access decisions are based on group
membership, according to organization or functional roles.
LDAP - Lightweight Directory Access Protocol - ANSWERSAn Internet Protocol (IP) and
data storage model that supports authentication and directory functions. It is a remote
access authentication protocol. Vendors = Microsoft Active Directory, CA eTrust
Directory, Apache Directory Server, Novell eDirectory, IBM SecureWay and Tivoli
Directory Server, Sun Directlry Server. OpenLDAP and tinyldap open source versions.
User Account - ANSWERSAllows a user to authenticate to system services and be
granted authorization to access them; however, authentication does not imply
authorization.
Service Account - ANSWERSIs an account that a service on your computer uses to run
under and access resources. This should not be a user's personal account. Can also be
an account that is used for a scheduled task (e.g., batch job account) or an account that
is used in a script that is run outside of a specific user's context. (Ref GIAC White
Paper)
,Default Account - ANSWERSSystem login account predefined in a manufactured
system to permit initial access when system is first put into service. (pciscanner)
Guest Account - ANSWERSFor users who don't have a permanent account on your
computer or domain. It allows people to use your computer without having access to
personal files. Per MSFT cannot install software or hardware, change settings, or create
a password. (MSFT)
Account expiration - ANSWERSA time limit that is applied to the life of an account, so
that it can be used only for a predetermined period of time. (MSFT)
Access Control List (ACL) - ANSWERSList of subjects (including groups, machines,
processes*) that are authorized to access a particular object. Typically, the types of
access are read, write, execute, append, modify, delete and create. (Harris) (*NIST)
Access Reconciliation - ANSWERSThe action of making accounts consistent. A
process used to compare two sets of records to ensure the data are in agreement and
are accurate.
Configuration Control - ANSWERSProcess of controlling modifications to hardware,
firmware, software and documentation to protect the information system against
improper modification prior to, during, and after system implementation. (NIST)
Baseline Configuration - ANSWERSA set of specifications for a system that has been
formally reviewed and agreed on at a given point in time, and which can be changed
only through change control procedures. Used as a basis for future builds, releases,
and/or changes. (NIST)
Baseline - ANSWERSA process that identifies a consistent basis for an organization's
security architecture, taking into account system-specific parameters, such as different
operating systems. (Dummies)
A minimum level of security necessary throughout the organization (CISA)
Configuration Auditing - ANSWERSCheck that:
- Change was recorded correctly and work matched the Request for Change (RFC)
- Change had appropriate risk level
- Configuration items updated appropriately
- Documentation updated
(CISCO)
WSUS - Windows Server Update Services - ANSWERSNext version of automatic
updates for internal use. Built into Windows Server 2003. Previously called Software
Update Services (SUS) and Windows Update Services (WUS) but now obsolete.
(Day 3, Page 56-57)
, Attack - Man-in-the-Middle (MITM) - ANSWERSA type of attack in which an attacker
intercepts messages between two parties and forwards a modified version of the orginal
message. (Dummies)
Attack - Spoofing - ANSWERSTechnique used to forge TCP/IP packet information or
email header information. In network attacks it is used to gain access to systems by
impersonating the IP address of a trusted host. In email the sender address is forged to
trick an email users into opening or responding to an email. (Dummies)
Attack - Social Engineering - ANSWERSA low tech attack method that employs
techniques such as dumpster diving and shoulder surfing. (Dummies) A practice of
obtaining confidential information by manipulation of legitimate users (ISA)
Attack - Denial of Service (DoS) - ANSWERSAn attack on a system or network with the
intention of making the system or network unavailable for use. (Dummies) In the context
of ICS, can refer to loss of process function, not just loss of data communictions. (ISA)
Data Manipulation - ANSWERSA process of altering register data so as to change
output status, without altering the ladder program. (www.toolingu.com)
Attack - Session Hijacking - ANSWERSSimilar to Man in the Middle Attack, except that
the attacker impersonates the intended recipient instead of modifying messages in
transit. (Dummies)
Unauthorized Access - ANSWERS- Occurs when user, legimate or unauthorized,
accesses a resource that the user is not permitted to use. (FIPS 191)
- Viewing private accounts, messages, files or resources when one has not been given
permission from the owner to do so. Viewing confidential information without permission
or qualifications can result in legal action. (Business Dictionary)
Health, Safety and Environmental (HSE) - ANSWERSResponsibility for protecting the
health and safety of workers and surrounding community and maintaining high
environmental stewardship. (ISA)
Safety - Process Hazard Analysis (PHA) (aka Process Hazard Evaluation) -
ANSWERSis a set of organized and systematic assessments of the potential hazards
associated with an industrial process. Provides information to assist managers and
employees in making decisions for improving safety and reducing the consequences of
unwanted or unplanned releases of hazardous chemicals. (Wiki)
Safety - HAZOP - Hazard Operations - Hazard and Operability Study - ANSWERSA
Qualitative Technique.
