Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control Jeff Wicklund Computer Security Fall 2013.

Published byNicholas Owen Bennett Modified over 8 years ago

Similar presentations

Presentation on theme: "Access Control Jeff Wicklund Computer Security Fall 2013."— Presentation transcript:

1 Access Control Jeff Wicklund Computer Security Fall 2013

2 Access Control  Introduction  A firm must develop a security plan for each sensitive resource within the company  Part of this security plan has to focus on access control  Companies need to plan, implement, and respond when the controls fail to provide high security

3 Access Control  Definition of Access Control  Access control is the policy driven control of access to systems, data and dialogues  Many ways to control access  Physical barriers  Passwords  Biometrics  The use of cryptography protection is used sometimes in access control

4 Access Control  Policy  Policy is the key concept of security  All security begins with the development of security policies for different devices  Ex- Network devices, door controllers  Policies coordinate and guide the implementation of devices within the company

5 Access Control  Three Functions of Access Control  Authentication  Process of assessing the identity of each individual claiming to have permission to use a resource within the company  The person or process requesting access is the supplicant  The person or process providing admission is the verifier  The Supplicant authenticates to the verifier by sending the credential's to the device requiring access

6 Access Control  Three functions of Access Control cont.  Authorization  Specific permissions that a particular authenticated user should have in order to access a device or file  Ex – Bob may have permission to read a file but not edit that file or delete it but another user named carol may not even have permission to see the file on the network

7 Access Control  Three functions of Access Control cont.  Auditing  Consists of collecting information about the activates of each individual in log files to review immediately or later for analysis.  Without auditing, violations of authentication and authorizations policies are likely to be uncontrolled within the company

8 Access Control  Authentication  Authentication is the most complex part of the three types of access controls.  To be authenticated you must show a verifier credentials that are based on one of the following  What you know (a password or a private key)  What you have (a physical key or a smart card)  Who you are (your fingerprint), or  What you do (how you specifically pronounce a passphrase)

9 Access Control  Passwords  At one point simple passwords were sufficient for most authentication needs  Today companies need many types of authentication technologies like  Access Cards  Tokens  Biometric Authentication  Cryptographic Authentication  The different types allow a company to choose the strength of authentication needed for the device

10 Access Control  Two factor Authentication  Use of two different forms used for access  Better security defense than one form of access  Multifactor Authentication  Use of more than two different forms of access control  Provides higher security defense than one and two

11 Access Control  Individual and Role-Based Access Control  Firms use what your role in the company to determine their access to company resources  They create these groups to cut down on individualizing each user within the firm  This lessens the number of opportunities of errors in assigning access  Easier to move users from one group to another for promotions

12 Access Control  Physical Access and Security  Many attacks do happen over the network but attacks do happen physically  Physical access is very important in access control for a firm in order to protect the firm  Even within the building certain areas of the firm should not be accessed by regular employees and must be secured

13 Access Control  Risk Analysis  Firms must analyze the weak points and high risk points within the firm  They also must determine parts of the building that need to be more secure than others

14 Access Control  Physical Security Perimeter  Security professionals need to worry about physical security just as much as securing the network  They must control the buildings entry points with security  There should be only one single point of entry  The buildings walls should be strong with no gaps  Buildings will have emergency exits that must be alarmed when opened to alert others of an open door along with being monitored by video surveillance

15 Access Control  Physical Entry Controls  All physical access must be authorized and monitored  Access authorizations should be reviewed and updated frequently  Visitors entering and exiting the building should be logged and supervised at all times while in the building wearing visitor badges

16 Access Control  Public Access, Delivery and loading Area’s  Highly sensitive zones in a building  Internal people should have limited access to delivery and loading areas  Delivery and pick up personal should have no access to the internal part of the building  All incoming shipments should be inspected and logged

17 Access Control  Securing offices, rooms, and facilities  Certain areas of a building will be especially sensitive  These areas should be given extra security  These areas should have locks with keys, access cards or other limited entry mechanisms  Secure areas should be located away from public access

18 Access Control  Equipment Security  Sensitive equipment should be placed in secure areas to minimize access  These areas should not be subject to damage from smoke, water supply failure, vandalism or other threats  Equipment should be positioned so that unauthorized people cannot read information on screens

19 Access Control  Supporting Utilities  Quality HVAC systems should be in place for highly sensitive areas  Electrical supply should be sufficient along with a UPS in the case of loss of power during an outage.  UPS only supply a short time in which a electrical generator should be in place to back up the UPS in the event of an outage

20 Access Control  Cabling Security  Cables should be secured in walls, underground or in conduits and away from public areas  Wiring closets also should be locked and monitored on who has access to these areas  Security of equipment off premises  This equipment must be logged when taken off the property and never left unintended

21 Access Control  Monitoring Equipment  Remote sensors connected to the central security center that alerts the uniformed guards if the sensor is activated  CCTV  CCTV is also used to monitor the premises to allow the security staff to view the area remotely  High image resolution is necessary to view the personal and/or intruder for prosecution in the event of wrongdoing

22 Access Control  CCTV cont.  Video monitoring systems should be placed strategically within the firm to cover high risk areas  Access control to doors can be intergraded together in order to give real time video footage of the point of access  CCTV systems have come a long way with image resolution and storage capacity at a lower cost

23 Access Control  Access Cards and Tokens  Access cards are used to gain entry to a door or a computer system by placing the card into the reader  There are different types of cards  Magnetic stripe card  Smart cards  Tokens

24 Access Control  Proximity Access Tokens  Contain a radio frequency id to each token  Easier to maintain than physical keys  If lost or stolen the user can be deleted from the system without replacing locks  Access control systems can be networked together to maintain easier when assigning access to certain areas of the building with centralizing it on one system

25 Works Cited  Benantar, Messaoud. Access Control Systems. [New York]: Springer Science Business Media, 2006. Print.  Kartalopoulos, Stamatios V. Security of Information and Communication Networks. Hoboken, NJ: Wiley, 2009. Print.  Kruegle, Herman. CCTV Surveillance: Video Practices and Technology. Oxford: Butterworth-Heinemann, 2005. Print.  Panko, Raymond R. Access Control. Boston: Pearson Learning Solutions, 2010. Print.

Download ppt "Access Control Jeff Wicklund Computer Security Fall 2013."

Similar presentations

C-TPAT SECURITY AWARENESS TRAINING

C-TPAT SECURITY AWARENESS TRAINING
GCSE ICT Networks & Security..

GCSE ICT Networks & Security..
Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
Presentation Retail Security Key Holding Mobile Patrols Access Control Systems Manned Security www.expresssecurities.co.uk Receptionist CCTV Monitoring.

Presentation Retail Security Key Holding Mobile Patrols Access Control Systems Manned Security Receptionist CCTV Monitoring.
Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Protection of personal mobile computer devices Information Security Isaac Fernandes, mci12009 Sofia Nunes, mci12014.

Protection of personal mobile computer devices Information Security Isaac Fernandes, mci12009 Sofia Nunes, mci12014.
Access Control Methodologies

Access Control Methodologies
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.

EC4019PA Intrusion & Access Control Technology (IACT) Chapter 4- CAMS Prepared by Sandy Tay.
Administrative Practices Outcome 1

Administrative Practices Outcome 1
Physical Security SAND No. 2005-3288 C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States.

Physical Security SAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Similar presentations

Ads by Google