Question

CYBER-SECURITY Access Control Homework Read three recent news articles about passwords and write a brief summary....

CYBER-SECURITY

Access Control Homework

Read three recent news articles about passwords and write a brief summary. Include a reference to each article.

0 0
Add a comment Improve this question Transcribed image text
Answer #1

Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization.There are two types of access control: physical and logical. Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical access control limits connections to computer networks, system files and data.

To secure a facility, organizations use electronic access control systems that rely on user credentials, access card readers, auditing and reports to track employee access to restricted business locations and proprietary areas, such as data centers. Some of these systems incorporate access control panels to restrict entry to rooms and buildings as well as alarms and lockdown capabilities to prevent unauthorized access or operations.

Access control systems perform identification authentication and authorization of users and entities by evaluating required login credentials that can include passwords, personal identification numbers (PINs), biometric scans, security tokens or other authentication factors. Multi factor authentication, which requires two or more authentication factors, is often an important part of layered defense to protect access control systems.

These security controls work by identifying an individual or entity, verifying that the person or application is who or what it claims to be, and authorizing the access level and set of actions associated with the username or IP address. Directory services and protocols, including the Local Directory Access Protocol (LDAP) and the Security Assertion Markup Language (SAML), provide access controls for authenticating and authorizing users and entities and enabling them to connect to computer resources, such as distributed applications and web servers.

The main types of access control are:

  • Mandatory access control (MAC): A security model in which access rights are regulated by a central authority based on multiple levels of security. Often used in government and military environments, classifications are assigned to system resources and the operating system or security kernel, grants or denies access to those resource objects based on the information security clearance of the user or device. For example, Security Enhanced Linux is an implementation of MAC on the Linux operating system.
  • Discretionary access control (DAC): An access control method in which owners or administrators of the protected system, data or resource set the policies defining who or what is authorized to access the resource. Many of these systems enable administrators to limit the propagation of access rights. A common criticism of DAC systems is a lack of centralized control.
  • Role-based access control (RBAC): A widely used access control mechanism that restricts access to computer resources based on individuals or groups with defined business functions -- executive level, engineer level 1 -- rather than the identities of individual users. The role-based security model relies on a complex structure of role assignments, role authorizations and role permissions developed using role engineering to regulate employee access to systems. RBAC systems can be used to enforce MAC and DAC frameworks.
  • Rule-based access control: A security model in which the system administrator defines the rules that to govern access to resource objects. Often these rules are based on conditions, such as time of day or location. It is not uncommon to use some form of both rule-based access control and role-based access control to enforce access policies and procedures.
  • Attribute-based access control (ABAC): A methodology that manages access rights by evaluating a set of rules, policies and relationships using the attributes of users, systems and environmental conditions.


The goal of access control is to minimize the risk of unauthorized access to physical and logical systems. Access control is a fundamental component of security compliance programs that ensures security technology and access control policies are in place to protect confidential information, such as customer data. Most organizations have infrastructure and procedures that limit access to networks, computer systems, applications, files and sensitive data, such as personally identifiable information and intellectual property.

Access control systems are complex and can be challenging to manage in dynamic IT environments that involve on-premises systems and cloud services. After some high-profile breaches, technology vendors have shifted away from single sign-on systems to unified access management, which offers access controls for on-premises and cloud environments.

The Latest Facebook Password Leak: Hundreds of Millions of User Passwords Exposed to Company Employees -On Apr 1, 2019

The privacy issues never seem to end for Facebook. The company has been embroiled in a string of troubles since 2017, the latest of which is a massive password security breach. The Facebook password leak of early 2019 appears to have exposed user’s plaintext passwords to company employees. At the moment, the best available information indicates that the passwords of between 200 and 600 million Facebook users were exposed. About 20,000 Facebook employees potentially had access to these passwords in plaintext, and this appears to have been ongoing since 2012.

How did the Facebook password leak happen?

The information was leaked to Brian Krebs on March 21 by an anonymous source claiming to be a Facebook employee. The Facebook password leak was confirmed by the company an hour after it began appearing in the media.

The security lapse consists of a database of hundreds of millions of plaintext user passwords, widely accessible to Facebook staff. It is estimated that around 20,000 company employees had access to the Facebook password leak, but the whistleblower enclosed data indicating that about 2,000 Facebook employees have run about nine million queries on the database since it first appeared in 2012. The company claims that employees no longer have access to this database.

How did this Facebook password leak come about? Krebs is reporting that certain company employees created internal apps able to log unencrypted passwords, and these passwords were being stored automatically in a massive database. Facebook security engineer Scott Renfro claims that this was an inadvertent side effect of other work, and that the company’s internal investigation has not yet revealed any misuse of user data. It’s still very unclear as to how intentional all of this was and whether any Facebook employee abused or improperly accessed this information.

As if it needed to be said again: Don’t reuse passwords
The foolhardiness of recycling login credentials between different accounts has been demonstrated over and over by various hacks and data breaches over the past decade. This recent Facebook password leak is just another example. Passwords may not even need to be hacked to be compromised; all it takes is some rogue employees in combination with passwords stored in a readable format, and this type of internal violation can go undetected for years.

Another bad look for Facebook – More fuel on the antitrust fire?
As mentioned, it’s very possible that this was a technical error. One that really isn’t excusable given Facebook’s position and the highly-paid expertise they have in house, but not necessarily something that was done with bad intent.

However, it’s tough to give the social network the benefit of the doubt at this point. Facebook has been making moves that warrant scrutiny and caution since the very beginning, when founder Mark Zuckerberg used user passwords from the original incarnation of his site to hack into email accounts at The Harvard Crimson.

Thought ‘ji32k-7au4a83’ was a unique, secure password? Experts don't agree
A food app and a music streaming service may not have anything in common, but setting a common password can expose your details to hackers.
ET Bureau|Updated: Mar 28, 2019, 09.30 AM IST

Add a comment
Know the answer?
Add Answer to:
CYBER-SECURITY Access Control Homework Read three recent news articles about passwords and write a brief summary....
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • Read three recent news articles about passwords and write a brief summary. Include a reference to...

    Read three recent news articles about passwords and write a brief summary. Include a reference to each article.

  • Please write a paper of summary regarding one of the topic blew and a recent news...

    Please write a paper of summary regarding one of the topic blew and a recent news article about an event that has happened in the last five months of assignment date. Find the event from a credible news organization. Thank you so much. Topics: Internet policy Usage issues that affect cyber security Laws regarding the Internet use Dark web The Open Router (TOR)

  • The assignment: Find TWO recent news articles (within the past year) from a credible news source...

    The assignment: Find TWO recent news articles (within the past year) from a credible news source relating to any of the Business topics we have covered this semester. For EACH article, 1. Write a brief analysis (150 word minimum, 200 word maximum) of how the article relates to our course. DO NOT simply proved a summary of the articles. You must incorporate terminology and concepts as we have discussed them throughout the semester. 2. Please type or cut and paste...

  • write a brief on 3 research journal articles, each having to do with the same nutrient....

    write a brief on 3 research journal articles, each having to do with the same nutrient. Select any macro or micronutrient of interest. Provide a brief summary (1 paragraph) that includes a statement of the problem or issue that your topic addresses and why it is important. Provide a brief summary of each of the 3 research journal articles. Provide a conclusion that explains your opinion on the matter after having read the articles. Properly write the brief, and include...

  • Locate and read a recent news article on bioethics and death or dying. If you’re having trouble finding a relevant artic...

    Locate and read a recent news article on bioethics and death or dying. If you’re having trouble finding a relevant article, try using the following search terms: Bioethics Euthanasia (active and passive) Clinical death Whole-brain death Persistent vegetative state Physician-assisted suicide Living will DNR (do not resuscitate) order Write a brief paragraph in which you summarize the main idea of the article. You will then describe your position on this issue. Describe why you do or do not agree with...

  • Find an article in the news about any tax issue that interests you. Write three to...

    Find an article in the news about any tax issue that interests you. Write three to four paragraphs summarizing the article; add a paragraph telling what you learned from using our online library. Remember that this is a graded writing assignment based upon the quality of your summary, not the quality of the article. Post your summary and the url for the article.

  • For this discussion, find a recent news story that details a breach in information security. The...

    For this discussion, find a recent news story that details a breach in information security. The breach could have occurred in a government organization or in a private company. Give a high-level summary to provide context to your peers (including a link to the article), then, in your posting, include the following: What kinds of policies would have helped to prevent this breach? Why would the policies you suggest help the organization? What can the organization do differently (in regards...

  • •In a paragraph each write a brief summary of these three biogeochemical cycles: 1. Carbon cycle...

    •In a paragraph each write a brief summary of these three biogeochemical cycles: 1. Carbon cycle 2. Nitrogen cycle 3. Sulfur cycle •Include a statement about their biological and/or geological importance along with a few statements describing the processes (including how microbes are involved).

  • Write down the 1 page policy proposal about womens rights and access to abortion services. I...

    Write down the 1 page policy proposal about womens rights and access to abortion services. I have attached the sample paper below DUBRs will not count toward the minimum research requirements. Carefully choose those sources that provide a variety of perspectives on your selected · topic. In addition to the minimum sources" for essential current events information relevant to your topic. These may include academic sources that are not peer-reviewed (position papers), newspaper articles, magazine articles, and other quality or...

  • Have you ever considered how we come to understand the world around us? Think about that question for a minute. What is...

    Have you ever considered how we come to understand the world around us? Think about that question for a minute. What is science, and how do we use it to solve real-world problems? In our first discussion, I want to delve into thinking about the nature of biology. This includes what it is, the major themes, and how we come to form claims or knowledge. You should spend approximately 3 hours on this assignment. Instructions Use the text readings and...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT