SlideShare a Scribd company logo

Identity, Authentication, and Access Control

D
DamaineFranklinMScBE

Instructions: You will be given a short set of questions to answer that will assess your comprehension of the material covered during the first two weeks of this module. There are a total of (40 marks) that can be obtained, and the number of marks for each question is provided next to the question, so please make sure you consider this while working on your answers.

Education
1 of 14
Download to read offline
Computer Security (46349) Formative Assessment 1 Identity, Authentication, and Access Control (Overview) Damaine Fabion Franklin Student #: R2104D12054733 06/23/2023
Part 1 - Questions (40 marks) Instructions: You will be given a short set of questions to answer that will assess your comprehension of the material covered during the first two weeks of this module. There are a total of (40 marks) that can be obtained, and the number of marks for each question is provided next to the question, so please make sure you consider this while working on your answers. 1. Describe the elements of the CIA Triad and why they are important principles of computer security [6 Marks] Answer: The acronym CIA, which stands for Confidentiality, Integrity, and Availability, is the foundation for information security and the design of information systems within an organization. • Confidentiality: The word Confidentiality is synonymous with the word privacy, which involves the measures taken to safeguard sensitive data from unauthorized access, copying, sharing, and dissemination. Data confidentiality is an essential component of computer security because it restricts access to sensitive data to only those with the proper authorization while denying access to those without the proper authorization. One method of ensuring data confidentiality is the use of Windows Active Directory group policy. • Integrity: Data integrity refers to the measures put in place to ensure that while data is at rest or in transit it is not being compromised or tampered with. Data integrity is an important principle in computer security since it ensures the authenticity, accuracy, and reliability of the data. To ensure data integrity nonrepudiation methods are employed such as the use of hashing algorithms, cryptography, and digital signatures. • Availability: The availability of data refers to measures put in place to ensure that access to data and information systems is consistent and readily available to individuals with authorized access. Data availability is an important element in computer security since it ensures business continuity and network redundancy within an organization. Without data availability, the confidentiality and integrity of data is meaningless.
2. What security principle describes a situation where a user of a system cannot deny having performed a certain action at a certain time? Describe what mechanisms can be used to implement it. [4 Marks] • Answer: The security principle in question is called nonrepudiation which is based on the concept that if John sends a secure encrypted message to Larry using his private key, and if Larry is able to decrypt that encrypted message using only John’s public key, then it proves that John must have sent that message. Therefore, John cannot deny nor refute sending the encrypted message. Also, in this scenario John’s public and private key acts as a signature which provides authentication and integrity for what was signed and sent to Larry. In this case, the mechanism that can be used to implement nonrepudiation is cryptography and digital signatures. 3. Which element of the CIA Triad is affected most in the event of a targeted DDoS attack? Explain your reasoning. [2 Marks] • Answer: Availability is the element of the CIA Triad that will be affected the most. In a DDoS attack, the intruder simultaneously initiates multiple attacks against a server or network by overwhelming the target with a constant flood of malicious traffic in order to overload the system, thereby causing a disruption or denying service to legitimate traffic. 4. A top-level executive at Apple is at an internet café reviewing a secret document about their latest R&D on their personal laptop. Someone in the Internet cafe manages to spot an image of a patent on the laptop and unsuspectingly takes a photo of it. [7 Marks]: a) Which element of the CIA triad is most affected (1 Mark) • Answer: Confidentiality is the element of the CIA Triad that will be affected. b) Explain the security flaws in this scenario from the perspective of the Apple company itself and the Apple executive (6 Marks) • From Apple’s perspective: In this scenario, the top-level executive may have been granted access to the secret document in the first place. However, a blunder at this level is a clear indication that either there is no information security policy
to govern data confidentiality, or if there is one the executive does not think the rules apply to him or her. Since data confidentiality is compromised, Apple should have ensured that authorized users cannot access classified company documents on their personal devices. This can be accomplished by configuring user access controls and access rights on certain devices and blocking access to unauthorized devices. Apple should also enforce security policies to govern the likelihood of a data breach and prohibit the use of unsecured public Wi-Fi to do company-related tasks. • From the Executive perspective: The security flaw on the part of the executive is that if there is an information security policy in place, then the executive failed to adhere to company policies. Furthermore, using a personal device on an unsecured public Wi-Fi puts the executive at risk of a cyber-attack whereby an attacker can use the personal laptop as a point of entry to infiltrate Apple’s network with malware and viruses. The stolen information from the personal laptop could also be used to damage Apple’s image, reputation, or relationship with competitors. 5. Describe the 3 authentication factors [3 Marks] • Answer: The three authentication factors are described as: ▪ Inherent Factor: Something you are such as biometric fingerprints, face recognition, or iris scan. ▪ Knowledge Factor: Something you know such as a password, security question, or PIN. ▪ Possession Factor: Something you have such as a smartcard, smartphone, or hardware Token, 6. Describe the Role-Based Access Control (RBAC) model [6 Marks] • Answer: Role-Based Access Control (RBAC) is a security policy mechanism that ensures individuals within a specified group have the proper permission and privileges to gain access to certain data, information systems, or applications within an enterprise organization. The fundamental principle of RBAC is not
determined by the user, but rather by the job function or the role the user assumes. In other words, once a user changes roles, their access changes accordingly. For example, an IT client support officer assumes the role of acting network administrator for a period of four weeks. While acting in that position, the IT client support office will be granted enterprise-level permission and privileges to carry out the duties of a network administrator. After four weeks, the IT client support officer will no longer have enterprise-level access because he or she is no longer assuming the role of the network administrator. 7. Explain the advantages and disadvantages of password-based authentication [8 Marks] • Advantages: The advantages of password-based authentication are ▪ Simple and convenient. Since most users rely on memory to retain their credentials, this authentication method is typically the most convenient. ▪ Flexible and dynamic. The use of passwords provides the user with a sense of control over the method of creating their own passwords, as well as the option to change their password at their convenience. ▪ Cost-Effective. Most small businesses find the use of passwords to be cost- effective, especially when compared to the expense of implementing more sophisticated authentication mechanisms in much larger organizations. • Disadvantages: The disadvantages of password-based authentications are: ▪ Vulnerable. The use of password-based authentication alone is not invulnerable to cyberattacks and poses a security risk. For instance, simple passwords which contain a person’s name, date of birth, or any dictionary words can be easily hacked with brute force or a dictionary attack. ▪ Predictable. Password-based authentication can be easily predicted since users often choose simple passwords to remember. Also, the use of social engineering and brute force attacks can effortlessly predict passwords comprised of alphanumeric and special characters. ▪ Complex. Since users rely on memory to recall their passwords, password- based authentication can occasionally be difficult to remember.
8. How does a brute-force password attack work? [4 Marks] • Answer: A brute force attack works in the following order: ▪ First the attacker decides which brute force tool to use to carry out the attack, these tools are available on the dark web or come pre-installed on certain Linux distributions for penetration testing purposes. ▪ Secondly, after deciding what tool to use, the attacker configures it to generate a combination of usernames and passwords using digits, alphabets, and symbols. ▪ Thirdly, the attacker runs a combination of usernames and passwords against a target system of devices. For example, if the attacker is trying to break into a Wi-Fi router, the attacker uses the brute force tool to automate the process of running the generated passwords against the Wi-Fi connection. If a password doesn’t match, the automated brute force tool simply discards that password and moves on to the next. This process is repeated over and over until the right password unlocks the Wi-Fi router. ▪ The effectiveness of the brute force attack depends on the complexity of the password. If the password is too simple and short, then the attack will be successful in a matter of minutes.
Part 2 - Practical Exercises (60 marks) Instructions: For these practical exercises, you will need to demonstrate how to use Linux to create user accounts, set credentials, and permissions, and modify a range of configuration and security settings. Login to your Linux machine and create 4 additional user accounts with the following settings. 9. Creating user 1 with username ‘elliot’ and password ‘mrrobot157’ with no account expiration date. • Verification of user 1 account
10. Create user 2 with username: ‘tyrell’ and password: ‘ecorp7’ with no account expiration date. • Verification for user 2 account
11. Create user 3 with username: ‘john’ and password: ‘1265’ with an account expiration date: October 25, 2025. • Verification
12. Create user 4 with username: 'guest', password: none, and account expiration date: '10 days from the current date'. 13. Add User 1 and User 2 to a group named 'fsociety' Note: I first create the group then add the user to the group followed by a verification. • User 1: elliot • User 2: Tyrell
14. Add User 3 and User 4 to a group named 'darkarmy' • User 3: john • User 4: guest 15. Print out to the command line the list of each group and their members.
Setting Password Policy 16. Locate the '/etc/login.defs' user account configuration file and modify it to meet the following requirements: • Passwords should be a minimum of 6 characters in length. • Passwords should be changed every 3 months. • Users are given a 5-day notice before their password expires. • Modify the user account settings as follows. Note: I used the command nedit /etc/login.defs to access the configuration file. I was able to set the PASS_MIN_DAY to 90 and the PASS_WAR_AGE to 5, however, I was not able to set the PASS_MIN_LEN. I notice that the length of passwords is set to unlimited by default.
17. Modify the original user account settings as follows. User 1 - root account • Adding user 1 - elliot to the sudoers group. Step 1 Step 2 Step 3
User 2 - service account • Encountered challenges with this task. User 3 - change the account expiration date to 10 days from the current date. • Setting user 3 – john account to expire 10 days from today. User 4 - give this user a password. • Configuring user account ‘guest’ account with a password • Password: ‘password123’ END OF LAB

Recommended

Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Top Network Security Interview Questions That You Should Know.pptx
Top Network Security Interview Questions That You Should Know.pptxTop Network Security Interview Questions That You Should Know.pptx
Top Network Security Interview Questions That You Should Know.pptxInfosectrain3
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Brianna Johnson
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxGovandJamalSaeed
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial PlannersMichael O'Phelan
 

Recommended

Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Top Network Security Interview Questions That You Should Know.pptx
Top Network Security Interview Questions That You Should Know.pptxTop Network Security Interview Questions That You Should Know.pptx
Top Network Security Interview Questions That You Should Know.pptxInfosectrain3
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Brianna Johnson
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxGovandJamalSaeed
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial PlannersMichael O'Phelan
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationPeter Choi
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured WorldJennifer Mary
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarDr. Shivashankar
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security AgentInternational Journal of Engineering Inventions www.ijeijournal.com
 
H04025057
H04025057H04025057
H04025057International Journal of Engineering Inventions www.ijeijournal.com
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing IRJET Journal
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Јаѓќеѕн Јажѕшаф
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxasharshaikh8
 
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationAddressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationKareo
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
Digital Forensics Assignment One UEL and Unicaf
Digital Forensics Assignment One UEL and UnicafDigital Forensics Assignment One UEL and Unicaf
Digital Forensics Assignment One UEL and UnicafDamaineFranklinMScBE
 
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...DamaineFranklinMScBE
 

More Related Content

Similar to Identity, Authentication, and Access Control

Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen? Claranet UK
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationPeter Choi
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured WorldJennifer Mary
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarDr. Shivashankar
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Aviva Spectrum™
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Michael Hidalgo
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing IRJET Journal
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxasharshaikh8
 
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationAddressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationKareo
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxvamshimatangi
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 

Similar to Identity, Authentication, and Access Control (20)

Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
How Does a Data Breach Happen?
How Does a Data Breach Happen? How Does a Data Breach Happen?
How Does a Data Breach Happen?
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured World
 
Network Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. ShivashankarNetwork Security_4th Module_Dr. Shivashankar
Network Security_4th Module_Dr. Shivashankar
 
Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach Cyber Security: User Access Pitfalls, A Case Study Approach
Cyber Security: User Access Pitfalls, A Case Study Approach
 
Internet Security Agent
Internet Security AgentInternet Security Agent
Internet Security Agent
 
H04025057
H04025057H04025057
H04025057
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
 
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA PresentationAddressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
Addressing the Data Security Risks of Cloud-Based Software - HBMA Presentation
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
 

More from DamaineFranklinMScBE

Digital Forensics Assignment One UEL and Unicaf
Digital Forensics Assignment One UEL and UnicafDigital Forensics Assignment One UEL and Unicaf
Digital Forensics Assignment One UEL and UnicafDamaineFranklinMScBE
 
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...DamaineFranklinMScBE
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
Classical Cryptography and Digital Encryption
Classical Cryptography and Digital EncryptionClassical Cryptography and Digital Encryption
Classical Cryptography and Digital EncryptionDamaineFranklinMScBE
 
Is online education an effective replacement for traditional classroom teaching?
Is online education an effective replacement for traditional classroom teaching?Is online education an effective replacement for traditional classroom teaching?
Is online education an effective replacement for traditional classroom teaching?DamaineFranklinMScBE
 
What is The Role of Students in Online Courses?
What is The Role of Students in Online Courses?What is The Role of Students in Online Courses?
What is The Role of Students in Online Courses?DamaineFranklinMScBE
 

More from DamaineFranklinMScBE (14)

Digital Forensics Assignment One UEL and Unicaf
Digital Forensics Assignment One UEL and UnicafDigital Forensics Assignment One UEL and Unicaf
Digital Forensics Assignment One UEL and Unicaf
 
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
LEGAL AND REGULATORY STRUCTURE PREVAILING IN THE UK RELATED TO DATA PRIVACY A...
 
Security Management
Security ManagementSecurity Management
Security Management
 
Security Management
Security ManagementSecurity Management
Security Management
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
Classical Cryptography and Digital Encryption
Classical Cryptography and Digital EncryptionClassical Cryptography and Digital Encryption
Classical Cryptography and Digital Encryption
 
ebay_data_breach
ebay_data_breachebay_data_breach
ebay_data_breach
 
Ebay cyber attack
Ebay cyber attackEbay cyber attack
Ebay cyber attack
 
Is online education an effective replacement for traditional classroom teaching?
Is online education an effective replacement for traditional classroom teaching?Is online education an effective replacement for traditional classroom teaching?
Is online education an effective replacement for traditional classroom teaching?
 
What is The Role of Students in Online Courses?
What is The Role of Students in Online Courses?What is The Role of Students in Online Courses?
What is The Role of Students in Online Courses?
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdf
 
Computer Security - Case Study
Computer Security - Case StudyComputer Security - Case Study
Computer Security - Case Study
 
IT & Internet Law
IT & Internet LawIT & Internet Law
IT & Internet Law
 
IT and Internet Law
IT and Internet LawIT and Internet Law
IT and Internet Law
 

Recently uploaded

Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 

Recently uploaded (20)

Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 

Identity, Authentication, and Access Control

  • 1. Computer Security (46349) Formative Assessment 1 Identity, Authentication, and Access Control (Overview) Damaine Fabion Franklin Student #: R2104D12054733 06/23/2023
  • 2. Part 1 - Questions (40 marks) Instructions: You will be given a short set of questions to answer that will assess your comprehension of the material covered during the first two weeks of this module. There are a total of (40 marks) that can be obtained, and the number of marks for each question is provided next to the question, so please make sure you consider this while working on your answers. 1. Describe the elements of the CIA Triad and why they are important principles of computer security [6 Marks] Answer: The acronym CIA, which stands for Confidentiality, Integrity, and Availability, is the foundation for information security and the design of information systems within an organization. • Confidentiality: The word Confidentiality is synonymous with the word privacy, which involves the measures taken to safeguard sensitive data from unauthorized access, copying, sharing, and dissemination. Data confidentiality is an essential component of computer security because it restricts access to sensitive data to only those with the proper authorization while denying access to those without the proper authorization. One method of ensuring data confidentiality is the use of Windows Active Directory group policy. • Integrity: Data integrity refers to the measures put in place to ensure that while data is at rest or in transit it is not being compromised or tampered with. Data integrity is an important principle in computer security since it ensures the authenticity, accuracy, and reliability of the data. To ensure data integrity nonrepudiation methods are employed such as the use of hashing algorithms, cryptography, and digital signatures. • Availability: The availability of data refers to measures put in place to ensure that access to data and information systems is consistent and readily available to individuals with authorized access. Data availability is an important element in computer security since it ensures business continuity and network redundancy within an organization. Without data availability, the confidentiality and integrity of data is meaningless.
  • 3. 2. What security principle describes a situation where a user of a system cannot deny having performed a certain action at a certain time? Describe what mechanisms can be used to implement it. [4 Marks] • Answer: The security principle in question is called nonrepudiation which is based on the concept that if John sends a secure encrypted message to Larry using his private key, and if Larry is able to decrypt that encrypted message using only John’s public key, then it proves that John must have sent that message. Therefore, John cannot deny nor refute sending the encrypted message. Also, in this scenario John’s public and private key acts as a signature which provides authentication and integrity for what was signed and sent to Larry. In this case, the mechanism that can be used to implement nonrepudiation is cryptography and digital signatures. 3. Which element of the CIA Triad is affected most in the event of a targeted DDoS attack? Explain your reasoning. [2 Marks] • Answer: Availability is the element of the CIA Triad that will be affected the most. In a DDoS attack, the intruder simultaneously initiates multiple attacks against a server or network by overwhelming the target with a constant flood of malicious traffic in order to overload the system, thereby causing a disruption or denying service to legitimate traffic. 4. A top-level executive at Apple is at an internet café reviewing a secret document about their latest R&D on their personal laptop. Someone in the Internet cafe manages to spot an image of a patent on the laptop and unsuspectingly takes a photo of it. [7 Marks]: a) Which element of the CIA triad is most affected (1 Mark) • Answer: Confidentiality is the element of the CIA Triad that will be affected. b) Explain the security flaws in this scenario from the perspective of the Apple company itself and the Apple executive (6 Marks) • From Apple’s perspective: In this scenario, the top-level executive may have been granted access to the secret document in the first place. However, a blunder at this level is a clear indication that either there is no information security policy
  • 4. to govern data confidentiality, or if there is one the executive does not think the rules apply to him or her. Since data confidentiality is compromised, Apple should have ensured that authorized users cannot access classified company documents on their personal devices. This can be accomplished by configuring user access controls and access rights on certain devices and blocking access to unauthorized devices. Apple should also enforce security policies to govern the likelihood of a data breach and prohibit the use of unsecured public Wi-Fi to do company-related tasks. • From the Executive perspective: The security flaw on the part of the executive is that if there is an information security policy in place, then the executive failed to adhere to company policies. Furthermore, using a personal device on an unsecured public Wi-Fi puts the executive at risk of a cyber-attack whereby an attacker can use the personal laptop as a point of entry to infiltrate Apple’s network with malware and viruses. The stolen information from the personal laptop could also be used to damage Apple’s image, reputation, or relationship with competitors. 5. Describe the 3 authentication factors [3 Marks] • Answer: The three authentication factors are described as: ▪ Inherent Factor: Something you are such as biometric fingerprints, face recognition, or iris scan. ▪ Knowledge Factor: Something you know such as a password, security question, or PIN. ▪ Possession Factor: Something you have such as a smartcard, smartphone, or hardware Token, 6. Describe the Role-Based Access Control (RBAC) model [6 Marks] • Answer: Role-Based Access Control (RBAC) is a security policy mechanism that ensures individuals within a specified group have the proper permission and privileges to gain access to certain data, information systems, or applications within an enterprise organization. The fundamental principle of RBAC is not
  • 5. determined by the user, but rather by the job function or the role the user assumes. In other words, once a user changes roles, their access changes accordingly. For example, an IT client support officer assumes the role of acting network administrator for a period of four weeks. While acting in that position, the IT client support office will be granted enterprise-level permission and privileges to carry out the duties of a network administrator. After four weeks, the IT client support officer will no longer have enterprise-level access because he or she is no longer assuming the role of the network administrator. 7. Explain the advantages and disadvantages of password-based authentication [8 Marks] • Advantages: The advantages of password-based authentication are ▪ Simple and convenient. Since most users rely on memory to retain their credentials, this authentication method is typically the most convenient. ▪ Flexible and dynamic. The use of passwords provides the user with a sense of control over the method of creating their own passwords, as well as the option to change their password at their convenience. ▪ Cost-Effective. Most small businesses find the use of passwords to be cost- effective, especially when compared to the expense of implementing more sophisticated authentication mechanisms in much larger organizations. • Disadvantages: The disadvantages of password-based authentications are: ▪ Vulnerable. The use of password-based authentication alone is not invulnerable to cyberattacks and poses a security risk. For instance, simple passwords which contain a person’s name, date of birth, or any dictionary words can be easily hacked with brute force or a dictionary attack. ▪ Predictable. Password-based authentication can be easily predicted since users often choose simple passwords to remember. Also, the use of social engineering and brute force attacks can effortlessly predict passwords comprised of alphanumeric and special characters. ▪ Complex. Since users rely on memory to recall their passwords, password- based authentication can occasionally be difficult to remember.
  • 6. 8. How does a brute-force password attack work? [4 Marks] • Answer: A brute force attack works in the following order: ▪ First the attacker decides which brute force tool to use to carry out the attack, these tools are available on the dark web or come pre-installed on certain Linux distributions for penetration testing purposes. ▪ Secondly, after deciding what tool to use, the attacker configures it to generate a combination of usernames and passwords using digits, alphabets, and symbols. ▪ Thirdly, the attacker runs a combination of usernames and passwords against a target system of devices. For example, if the attacker is trying to break into a Wi-Fi router, the attacker uses the brute force tool to automate the process of running the generated passwords against the Wi-Fi connection. If a password doesn’t match, the automated brute force tool simply discards that password and moves on to the next. This process is repeated over and over until the right password unlocks the Wi-Fi router. ▪ The effectiveness of the brute force attack depends on the complexity of the password. If the password is too simple and short, then the attack will be successful in a matter of minutes.
  • 7. Part 2 - Practical Exercises (60 marks) Instructions: For these practical exercises, you will need to demonstrate how to use Linux to create user accounts, set credentials, and permissions, and modify a range of configuration and security settings. Login to your Linux machine and create 4 additional user accounts with the following settings. 9. Creating user 1 with username ‘elliot’ and password ‘mrrobot157’ with no account expiration date. • Verification of user 1 account
  • 8. 10. Create user 2 with username: ‘tyrell’ and password: ‘ecorp7’ with no account expiration date. • Verification for user 2 account
  • 9. 11. Create user 3 with username: ‘john’ and password: ‘1265’ with an account expiration date: October 25, 2025. • Verification
  • 10. 12. Create user 4 with username: 'guest', password: none, and account expiration date: '10 days from the current date'. 13. Add User 1 and User 2 to a group named 'fsociety' Note: I first create the group then add the user to the group followed by a verification. • User 1: elliot • User 2: Tyrell
  • 11. 14. Add User 3 and User 4 to a group named 'darkarmy' • User 3: john • User 4: guest 15. Print out to the command line the list of each group and their members.
  • 12. Setting Password Policy 16. Locate the '/etc/login.defs' user account configuration file and modify it to meet the following requirements: • Passwords should be a minimum of 6 characters in length. • Passwords should be changed every 3 months. • Users are given a 5-day notice before their password expires. • Modify the user account settings as follows. Note: I used the command nedit /etc/login.defs to access the configuration file. I was able to set the PASS_MIN_DAY to 90 and the PASS_WAR_AGE to 5, however, I was not able to set the PASS_MIN_LEN. I notice that the length of passwords is set to unlimited by default.
  • 13. 17. Modify the original user account settings as follows. User 1 - root account • Adding user 1 - elliot to the sudoers group. Step 1 Step 2 Step 3
  • 14. User 2 - service account • Encountered challenges with this task. User 3 - change the account expiration date to 10 days from the current date. • Setting user 3 – john account to expire 10 days from today. User 4 - give this user a password. • Configuring user account ‘guest’ account with a password • Password: ‘password123’ END OF LAB