Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control. Assignment Review  Current  Next 6/23/2016 Access Control 2.

Published byBritney Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "Access Control. Assignment Review  Current  Next 6/23/2016 Access Control 2."— Presentation transcript:

1 Access Control

2 Assignment Review  Current  Next 6/23/2016 Access Control 2

3 6/23/2016 Access Control 3 Traditional AAA  Authentication  Access Control  Auditing

4 6/23/2016 Access Control 4  Discretionary Access Control  Mandatory Access Control  Role Based Access Control  ACL

5 6/23/2016 Access Control 5 Discretionary Access Control  Owner Decides  Default mode for may mobile, home devices

6 6/23/2016 Access Control 6 Mandatory Access Control (MAC)  Hierarchical  Top Secret  Secret  Confidential

7 Bell LaPadula is model for MAC  Objects have sensitivity label  Users have clearance level  Access granted if clearance=>label  Can write up but not down and can read down but not up (* property)  Does not consider compartmentalization or need to know 6/23/2016 Intro Computer Security 7

8 Biba Integrity Model  Can read at their highest integrity level  Can write at or lower then their integrity level 6/23/2016 Intro Computer Security 8

9 Clark-Wilson  Focus on “well ordered transactions” to raise integrity levels  Separation of Duties also key to preserve integrity 6/23/2016 Intro Computer Security 9

10 6/23/2016 Access Control 10 Role Based Access Control  What you can do depends on what job you have  Popular in active directory environments  Typically pushes assignment of rights to resource to owner of resource

11 6/23/2016 Access Control 11 ACL  Specific list  Often matrix of User, resource, rights generated by the system  Often seen in routers, firewalls, personnel access

12 6/23/2016 Access Control 12 Auditing  Two senses  Log watch  Auditing for Compliance

13 Logs  Critical to monitor  Organization will generate tons of logs  Must use tools to monitor for exceptions 6/23/2016 Access Control 13

14 Auditing for Compliance  Should verify you comply with appropriate laws  Especially prior to review/audit 6/23/2016 Access Control 14

15 Some Fundamentals 6/23/2016 Intro Computer Security 15

16 Three types of Security Controls  Classical –Physical –Administrative –Technical  Popular –Preventative–Preventative –Detective–Detective –Responsive–Responsive 6/23/2016 Intro Computer Security 16

17 Other Controls  In the course we will refer to controls not by category but more specifically: –AV –IDS –Policy 6/23/2016 Intro Computer Security 17

18 Information Security Principles of Success 6/23/2016 Intro Computer Security 18

19 Defense in Depth Critical 6/23/2016 Intro Computer Security 19

20 People Make Bad Security Decisions 6/23/2016 Intro Computer Security 20

21 Security Depends on –Functional Requirements –Assurance Requirements 6/23/2016 Intro Computer Security 21

22 Security Through Obscurity 6/23/2016 Intro Computer Security 22

23 Security is Risk Management 6/23/2016 Intro Computer Security 23

24 Complexity is the Enemy of Security 6/23/2016 Intro Computer Security 24

25 FUD Doesn't Work –Long term anyway 6/23/2016 Intro Computer Security 25

26 People, Process & Technology are all needed 6/23/2016 Intro Computer Security 26

27 Open Disclosure is Good for Security 6/23/2016 Intro Computer Security 27

28 No Absolute Security 6/23/2016 Intro Computer Security 28

29 Non-repudiation  You cannot deny having done a particular action  No shared IDs or passwords 6/23/2016 Intro Computer Security 29

30 Separation of Duties 6/23/2016 Intro Computer Security 30

31 Principle of Least Privilege 6/23/2016 Intro Computer Security 31

32 Need to know 6/23/2016 Intro Computer Security 32

33 Defense in Depth 6/23/2016 Intro Computer Security 33

34 Complexity is the enemy of security 6/23/2016 Intro Computer Security 34

35 Industry best practices is only the lowest common denominator 6/23/2016 Intro Computer Security 35

36 6/23/2016 Intro Computer Security 36 Why Study InfoSEC?  Increasing Threat Spectrum  Compliance  Business Enabler

37 6/23/2016 Intro Computer Security 37 The InfoSEC Professional  Old Guys  The New folks

38 6/23/2016 Intro Computer Security 38 Other InfoSEC terms  IA  Computer Security  Information Security

39 Professional Development

40 6/23/2016 Intro Computer Security 40 Certifying Organizations  Establishment of certifying organizations key step to security as a profession

41 6/23/2016 Intro Computer Security 41 Some Organizations  ISC2  ISACA  CompTIA  ASIS  Other key security organizations –NIST - U.S., but a leading organization –ISO - world wide

42 6/23/2016 Intro Computer Security 42 Certification Programs  ISC2 Common Body of Knowledge  Not universal, ISC2 adds several specialized domains –The most Widely Accepted  DHS has another view as does SANS and CompTIA

43 6/23/2016 Intro Computer Security 43 ISC2 CBK often used in Educational Environments  10 Domains are good intro coverage

44 Question for you  What did you find most interesting in the reading so far?  Any war stories where one of these went wrong? Weren’t in place? 6/23/2016 Intro Computer Security 44

45 6/23/2016 Access Control 45 Questions ?

Download ppt "Access Control. Assignment Review  Current  Next 6/23/2016 Access Control 2."

Similar presentations

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies

Access Control Methodologies
CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 12 Jonathan Katz.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.

Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.

Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Security Fall 2009McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
User Domain Policies.

User Domain Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
Lecture 7 Access Control

Lecture 7 Access Control
Protection and Security An overview of basic principles CS5204 – Operating Systems1.

Protection and Security An overview of basic principles CS5204 – Operating Systems1.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Security Certification

Security Certification

Similar presentations

Ads by Google