Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

Similar presentations


Presentation on theme: "Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N."— Presentation transcript:

1 Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

2 Topic overview Introduction Two main types of access control Access control models Conclusions References

3 Introduction Access control means allowing the correct users to access the certain systems or resources while keeping out unauthorized users to gain access to the certain systems or resources. Access control is one of the fountains of the security.

4 Two types of access control:  Physical  Logical Physical access control Physical access control limits access to campuses, buildings, rooms and physical IT assets

5 Types of physical access control  Security guards  Walls  Fences  Locks and doors

6 Benefits of physical access control  Easy to maintain  Cost friendly  Reliable

7 Drawbacks of physical access control  Can be easily manipulated / damaged  Guards can be unreliable  Land scape / walls can be bad

8 Logical access control  Logical access control limits connections to computer networks, system files and data. The following are some types of logical access controls;  Biometrics systems  User identification and authentication,

9 Biometric access control systems Is the science way of identifying someone from physical characteristics. This includes technologies. Types of Biometric access controls  Finger prints  voice verification  retinal scan  palm identification

10 Biometric access control systems Benefits  Prevents unauthorised access  No need to remember passwords  Reduce the criminal act of fraud  Our human characteristics cannot be lost Disadvantages  Lack of standardization  Systems must be able to accommodate changes over a period of time due to facts such; ageing, injuries and illness.  Risk of misusing biometric systems.

11 Methods of comparing biometric system accuracy Before implementing a biometric system make sure you done following accuracy comparisons.  Type I Error : False rejection rate  Type II Error : False acceptance rate ( very dangerous make sure it mitigated),  Cross over rate

12 Identification and Authentication access control systems Identification & Authentication is the act of determining the identity of a user and of the host that they are using. The goal of authentication is to first verify that the user, either a person or system, which is attempting to interact with your system is allowed to do so. Types of identification and authentication access control  Passwords  Access cards  Pins/codes

13 Authentication & Identification Advantages  Users can choose their own passwords  Mostly passwords are not stored in the system  Access cards are portable ( can carry it around) Disadvantages  Eaves dropping  Social Engineering  passwords can be hacked & cracked using tools such; Brute force attack & dictionary attack.  Cards can be cloned

14 Methods of avoiding Authentication & Identification problems.  Protect passwords effectively  Encrypt passwords using tools such MD5 algorithm  Watch out who you socialize with  Choose complicated passwords

15 Access control models  Mandatory access control (MAC)  Discretionary access control (DAC)  Role-based access control (RBAC)  Rule –based access control (RBAC)

16 Mandatory access control Mandatory access control (MAC) is a security strategy that restricts the ability individual resources owners have to grand or deny access to resource objects in a file system.  All access capabilities are predefined  Sharing of information among users are established by system administrators and strictly enforced by OS or security kernel.] Continue….

17  Considered the most secure security model  Often used in government and military facilities where the confidentiality is a driving force E.G top secret, highly confidential.

18 Discretionary Access control This model allows users to users to share resources and information dynamically with other users.  The model offers more flexibility  All permissions in the operating systems (OS) fall within three groups: owner, group and other.  The permissions are based on the roles of users or groups

19 Role-Based access control This model approach the problem of access to a resources or information based on individual roles within an organisation or company.  This method grants access based on job responsibility and functions.  Used in the windows operating systems.

20 Rule based access control This model uses the settings in predefined security policies to make decisions, Rules can be ;  Deny all those who appears on (allow list)  Deny all those appears in the (A true deny list)

21 References  http://searchsecurity.techtarget.com/definition/access-control http://searchsecurity.techtarget.com/definition/access-control  http://resources.infosecinstitute.com/access-control-models-and- methods/ http://resources.infosecinstitute.com/access-control-models-and- methods/  http://www.slideshare.net/A619/biometrics-disadvantageshttp://www.slideshare.net/A619/biometrics-disadvantages  Jeff Smith,(2001) CISSP ITNS and CERIAS CISSP Luncheon Series: Access Control Systems & Methodology, Purdue University

22 Conclusion To conclude, access control is a broader topic it encompasses of all security measure that have to be taken for the safety and security of an organization, lot of precaution are still being proposed and in process of being tested before put into working environments.

23 End….


Download ppt "Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N."

Similar presentations


Ads by Google