7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Slides:



Advertisements
Similar presentations
Managing User, Computer and Group Accounts
Advertisements

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Access Control Chapter 3 Part 3 Pages 209 to 227.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies
Security+ Guide to Network Security Fundamentals, Fourth Edition
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Security+ Guide to Network Security Fundamentals, Third Edition
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
.  Access Control Models  Authentication Models  Logging Procedures  Conducting Security Audits  Redundancy Planning  Disaster Recovery Procedures.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Module 8: Implementing Administrative Templates and Audit Policy.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Working with Workgroups and Domains
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Managing Windows Server 2008 R2 Lesson 2. Objectives.
Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Chapter Six Windows XP Security and Access Controls.
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Security Planning and Administrative Delegation Lesson 6.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
Security+ Guide to Network Security Fundamentals, Third Edition
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Chapter 10: Rights, User, and Group Administration.
Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.
File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
Ch 17 Securing the File System. Three Ways to Protect Files NTFS Permissions Encrypting File Service BitLocker full-disk encryption – BitLocker ToGo.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Page 1 NTFS and Share Permissions Lecture 6 Hassan Shuja 10/26/2004.
Security Planning and Administrative Delegation Lesson 6.
Module 4 Planning for Group Policy. Module Overview Planning Group Policy Application Planning Group Policy Processing Planning the Management of Group.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Understand Permissions LESSON Security Fundamentals.
Privilege Management Chapter 22.
CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.
Computer Security: Principles and Practice
Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
Understanding Security Policies Lesson 3. Objectives.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Guide to Operating Systems, 5th Edition
Configuring Windows Firewall with Advanced Security
Active Directory Administration
CompTIA Security+ Study Guide (SY0-401)
OS Access Control Mauricio Sifontes.
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA

Access Control Process by which resources are ganted or denied on a network. Basic steps: –Identification – review of credentials –Authentication – Validate credentials as genuine –Authorization – Permission granted to network –Access – right given to access specific resources Physical Access control, Hardware control, software control, policy control

Security+ Guide to Network Security Fundamentals, Third Edition3 Access Control Terminology (continued)

Access Control models Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Based Access Control (RBAC) Rule Bases Access Control (RBAC)

Mandatory Access Control – used in defense and military. Most restrictive Owner/Administrator responsible for managing access controls. Owner defines a policy about users or user groups who can operate objects. Administrator implements the policy. Users can’t modify the policy If numbers are assigned to users and objects, user number had to be higher than object number to have access to that object.

Security+ Guide to Network Security Fundamentals, Third Edition6 Access Control Terminology (continued)

Discretionary Access Control Least restrictive Users can manipulate any objects and End user sets the level of security – it is a major weakness User’s permission will be inherited by any programs that the subject executes. Operating systems are now beginning to ask users for permission when installing a software (User Account Control or UAC).

UAC Primary restrictions implemented by UAC: –Run with limited privileges by default for administrators. Gives Windows needs your permission to continue popup. Software can’t secretly install itself. –Standard user account can run allowed applications without having administrator privileges. –Standard users can perform common tasks such as installing new fonts or adding a printer. without having administrative privileges.

Security+ Guide to Network Security Fundamentals, Third Edition Access Control Models (continued) 9

Role Based Access Control Instead of setting permission for each user or group, RBAC model assigns permission to particular roles in the organization then assigns users to that role. User can only belong to one role. Users can’t be given permissions beyond the role.

Security+ Guide to Network Security Fundamentals, Third Edition Access Control Models (continued) 11

Rule Based Access Control Each resource object contains a set of access properties based on the rules. This is good when a user needs to access several systems.

Practices for Access Control Separation of duties: Prevent too much control by just one person. Owner and administrator should be two different individuals. Job rotation: responsibilities should be rotated. Requires cross training. Lease privilege: Give minimum required privilege. Implicit Deny: Deny all, except allowed ones.

Logical Access Control Methods: Access Control lists (ACLs), group policies, account restrictions and passwords. –ACL – set of permissions attached to an object. Unix rwx Windows: full, modify, read&execute, read write, special permissions.

Security+ Guide to Network Security Fundamentals, Third Edition15 Access Control Lists (ACLs) (continued)

Security+ Guide to Network Security Fundamentals, Third Edition16

Group Policies Microsoft windows feature that provides centralized management of –Configuration of computers –Remote users Uses active directory Used in enterprise environments to restrict user actions that may pose a security risk Group policy can control logging in scripts, folder redirection, internet explorer settings and windows registry settings. Group policy settings are stored in group policy objects which may in turn me linked to multiple domains.

Account restrictions Time of day restrictions Account expiration Password policy: Password expiration, used passwords can’t reused, strong passwords: required Uppercase, lower case and numbers, and length of characters.

Security+ Guide to Network Security Fundamentals, Third Edition19

Attacks on passwords Brute force attack. Simply guessing passwords such as first name, family members name, birthdates, cities, etc. Dictionary attack. Regular words and hashed words. Hashed words are encrypted passwords of dictionary words. Stolen password files from the computer will be hashed. Hashed words can be compared to these words in hashed files to discover the real passwords.

Security+ Guide to Network Security Fundamentals, Third Edition21 Passwords (continued)

Security+ Guide to Network Security Fundamentals, Third Edition22

Physical access control Secure the system Remove or disable hardware that can provide access to computer such as USB ports and DVD drives Rack mounted servers are preferred. Several such servers will have one keyboard and mouse (KVM swiches, with username and password security) Door Security – Lock or door access system (either key pad or physical tokens such as IDbadge with RFID) Video surveillance Physical Access log

Security+ Guide to Network Security Fundamentals, Third Edition25

Security+ Guide to Network Security Fundamentals, Third Edition Video Surveillance Closed circuit television (CCTV) –Using video cameras to transmit a signal to a specific and limited set of receivers Some CCTV cameras are fixed in a single position pointed at a door or a hallway Other cameras resemble a small dome and allow the security technician to move the camera 360 degrees for a full panoramic view 26

Security+ Guide to Network Security Fundamentals, Third Edition Physical Access Log Physical access log –A record or list of individuals who entered a secure area, the time that they entered, and the time they left the area –Can also identify if unauthorized personnel have accessed a secure area Physical access logs originally were paper documents –Today, door access systems and physical tokens can generate electronic log documents 28