Authorization Essay

1. What are the three major categories used to provide authentication of an individual? a) something you know (e.g., a password) b) something you have (e.g., a certificate with associated private key or smart card) c) something you are (a biometric)

2. What is Authorization and how is this concept aligned with Identification and Authentication? a) Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. b) Authorization is what takes place after a person has been both identified and authenticated; it’s the step that determines what a person can then do on the system.

3. Provide at least 3 examples of Network Architecture Controls that help enforce data access policies at the LAN-to-WAN Domain level. a) Firewalls: Controls the traffic flow between a trusted network and an untrusted network. Usually firewalls are used to protect the boundaries of a network. b) Access control lists (ACL): Include restrictions on inbound and outbound connections, as well as connections between LAN segments internal to the site/enclave. c) Logical IDS: Network and workstation mechanisms that monitors network traffic and provide real-time alarms for network-based attacks Service Network.

4. When a computer is physically connected to a network port, manual procedures and/or an automated method must exist to perform what type of security functions at the Network Port and Data Switch level for access control? Name and define at least three. a) Physical Security – Is intended to detect and deter unauthorized personnel from gaining access. b) Logical Network Port Security – Implemented by configuring the network switch such that specific ports accept connections from one or more specific MAC address (es). Only a device configured with the authorized MAC address is allowed to access that network port. c) Port Authentication Using 802.1X – Is an authentication standard that can be used for wired or wireless networks. This standard provides for user/device authentication as well as distribution and management of encryption keys.

5. What is a Network Access Control (NAC) System? Explain its benefits in securing access control to a network. a) NAC is a networking solution for wired and Wi-Fi connections that identifies potential problems on a computer before it accesses the network. NAC uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. b) A benefit of NAC is the ability to control access to a network access to the LAN without putting the network in danger. Based on a computer’s credentials and the software installed on it, a NAC system may give it full access to the LAN, deny it any access, or give it partial access.

6. Explain the purpose of a Public Key Infrastructure (PKI) and give an example of how you would implement it in a large organization whose major concern is the proper distribution of certificates across many sites. a) A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. b) Work with one of the globally trusted roots, Cybertrust, to deploy a CA on your premises that is subordinate to a Cybertrust root CA. You can build and operate a CA that runs locally on your own equipment.

Read also  Design an Encryption Strategy

7. PKI provides the capabilities of digital signatures and encryption to implement what security services? Name at least three. a) Identification and authentication through digital signature of a challenge b) Data integrity through digital signature of the information c) Confidentiality through encryption

8. What is the X.509 standard and how does it relate to PKI? a) The X.509 standard defines a standard for managing public keys through a Public Key Infrastructure (PKI). b) It specifies standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation algorithm.

9. What is the difference between Identification and Verification in regard to Biometric Access Controls? a) When biometrics is used in the identification process, users do not state who they are. In identification, the process is one-to-many. When biometrics is used in the verification process, users first declare who they are by entering their logon name or presenting an identification card. Then biometric technology is used to verify that identity. This process is considered to be one-to-one.

10. Provide a written explanation of what implementing Separation of Duties would look like in regard to managing a PKI Infrastructure for a large organization. a) Managing a PKI Infrastructure for a large organization would require controls to the levels of administrative access to a CA. There would be different roles for the different processes. The separation of duties would look something like: CA or PKI Administrator whose role is to manage the CA itself. Certificate Manager who issues and revokes certificates.

Enrollment Agent is typically a role used in conjunction with smart cards; an Enrollment Agent enrolls for a certificate on behalf of another user. Key Recovery Manager if using key archival. The Key Recovery Manager is responsible for recovering private keys. An EFS Recovery Agent role may be created to recover data encrypted using EFS. Backup Operator who is responsible for backing up the CA and restoring data in case of failure. Auditor who is responsible for reviewing audit logs and ensuring policy is not being violated.

11. What are the 3 categories of vulnerability severity codes? a) CAT I – Any vulnerability, the exploitation of which will, directly and immediately result in loss of Confidentiality, Availability, or Integrity. b) CAT II – Any vulnerability, the exploitation of which has a potential to result in loss of Confidentiality, Availability, or Integrity. c) CAT III – Any vulnerability, the existence of which degrades measures to protect against loss of Confidentiality, Availability, or Integrity.

12. True or False. The use of 802.11i configured to use AES encryption, 802.1X authentication services along with the Extensible Authentication Protocol (EAP) provides the best solution for the enterprise level WLAN, particularly a high security environment. a) True

13. True or False. It is a best practice to write a password down and store it near the vicinity of the computer for easy access. a) False

14. True or False. From a security perspective, biometric verification is best deployed as a component of two-factor or three-factor authentication.

a) True

15. From an access control security perspective, why is performing an asset valuation or alignment to a data classification standard the first step in designing proper security controls? a) You need to know the level of sensitivity, value and criticality of the data in order to properly determine who or what should have access to it. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data.

Read also  Riordan Manufacturing Service

More Essays

  • Multi Layered Security Plan

    Hardware and software are key pieces of any organization's infrastructure. Components in each domain of the seven domains of the IT infrastructure may connect to a network or to the internet, and can be vulnerable to malicious attacks. Malicious attacks on hardware and software can also lead to more...

  • Final Exam_ Study Guide

    1. Which of the following is an action that could damage an asset? 2. Which law requires all types of financial institutions to protect customers' private financial information? 3. An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality? 4....

  • Design an Encryption Strategy

    Using the table given the encryption strategy for Richmond investments would go as follows. I will be using the privacy or confidentiality objective. The basic description for the privacy or confidentiality objective is to keep information secret from all person or persons, except those who are authorized...

  • Common Risks, Threats, and Vulnerabilities

    1. What are some common risks, threats, and vulnerabilities commonly found in the LAN-to-WAN Domain that must be mitigated through a layered security strategy? A layered security strategy will encompass Rouge protocols such as Bit mining and P2P, Unauthorized network scanning and probing, and unauthorized...

  • Two Factor Authentication

    According to the Federal Financial Institutions Examination Council, verifying someone's identity online involves at least one of a few factors. These factors are the following: Information the Person Knows This could be a username and password combination, social security number, a PIN they chose, or...

  • Introduction to Information Systems Security

    A LAN, or local area network, is a group of computers ranging from small to large within a single office or building. Security and access control has to be robust to secure data, applications, and confidential records. Unauthorized access to the network is a massive security risk for the infrastructure. One...

  • Impacts of Data Classification Standards

    Through my research I have found three basic domains that are affected by the "internal use only" data classification standard. What I would like to discuss in this report addressing IT infrastructure is how these three domains are affected. I will be discussing the User Domain, Workstation Domain, and LAN...

  • Riordan Manufacturing Service

    After the previous meeting we discussed many important subjects that required additional research to present the safe way to process the transitions of new changes. Also we had reviewed different data flow that will work in the best of improve the proper handling between Riordan Manufacturing and the plants...

  • Securing and Protecting Information

    The specific purpose of this paper is to describe the authentication process and to describe how this and other information security considerations will affect the design and development process for new information systems. The authentication process is a necessity for safeguarding systems against various...

  • Modification and Justification of Sla

    The physical protection of Finman's data will need to be protected by proper configuration and setup of data network infrastructure. Both thirds parties will need to ensure ACL systems are set and configured to ensure access and data flow is running properly. There is to be granted access to only privilege...