Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Third Edition

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security+ Guide to Network Security Fundamentals, Third Edition"— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Third Edition
Chapter 7 Access Control Fundamentals

2 Objectives Define access control and list the four access control models Describe logical access control methods Explain the different types of physical access control Security+ Guide to Network Security Fundamentals, Third Edition

3 What Is Access Control? Access control
The process by which _____________________ ______________________________________________________________________ There are ______________ standard access control models as well as specific practices used to enforce access control See next slide for details… Security+ Guide to Network Security Fundamentals, Third Edition

4 Access Control Terminology
Identification A user ____________________________ would present _____________ or identification, such as a _____________ Authentication ___________________________ (such as _____________ or ____________ scan) to be sure that they are authentic Authorization ________________________ to take the action A computer user is granted access To ________________________________ in order to perform their duties Security+ Guide to Network Security Fundamentals, Third Edition

5 Access Control Terminology (continued)
Computer access control can be accomplished by one of ________ entities: _____________________, or a __________________ Access control can take ___________________ depending on the resources that are being protected Other terminology is used to describe how computer systems impose access control: _____________ specific _______________ _______________________________________ ______________- action taken by subject over object Security+ Guide to Network Security Fundamentals, Third Edition

6 Access Control Terminology (continued)
Different roles of individuals summarized here… = ADMINISTRATOR Security+ Guide to Network Security Fundamentals, Third Edition

7 Security+ Guide to Network Security Fundamentals, Third Edition

8 Access Control Models Access control model
Provides a ____________________ for hardware and software developers who need to implement _______________ in their devices or applications Once an access control model is applied custodians (administrators) can __________ ________________________________ set by the owner So that end users can perform their job functions _________ major Access Control models as seen in the following slides… Security+ Guide to Network Security Fundamentals, Third Edition

9 Access Control Models (continued)
1. Mandatory Access Control (_________) model The ______________________________________ any controls The ______________________ are responsible for __________________ access controls Owner defines policy Custodian implements that policy This is the most _________________ model because all controls are ______________ In the original MAC model, all objects and subjects were assigned a numeric access level but now ____ such as Secret, Classified and Confidential are used Security+ Guide to Network Security Fundamentals, Third Edition

10 Access Control Models (continued)
2. Discretionary Access Control (_________) model The ________________________ A subject has _______________ over any objects that he or she _____________ Along with the programs that are associated with those objects In the DAC model, a subject can also ______ ______________________ over objects Security+ Guide to Network Security Fundamentals, Third Edition

11 Access Control Models (continued)
DAC has _______ significant weaknesses It relies on the ____________ subject to _______ the _____________________________ A subject’s ___________ will be “_________” by any programs that the subject executes User Account Control (UAC) Vista technology Operating systems _____________________ for permission whenever software is installed Security+ Guide to Network Security Fundamentals, Third Edition

12 Access Control Models (continued) Vista technology
Three primary security restrictions implemented by UAC: Run with ________________ by default Applications run in ____________ user accounts _____________ users ____________________ Another way of controlling DAC inheritance is to _________________________________ ________________________________ Security+ Guide to Network Security Fundamentals, Third Edition

13 Access Control Models (continued)
3. _____ Based Access Control (______) model Sometimes called __________________ Access Control Considered a more “___________” approach than the other models Assigns permissions to ____________________ __________, and then _____________________ Objects are set to be a certain type, to which subjects with that particular role have access Security+ Guide to Network Security Fundamentals, Third Edition

14 Access Control Models (continued)
4. _____ Based Access Control (_____) model Also called the _________________ Access Control (RB-RBAC) model or ______________ provisioning Can ____________________________ based on a ______________________ by a custodian Each resource object contains a set of access properties based on the rules Rule Based Access Control is often used for managing user access to one or more systems Security+ Guide to Network Security Fundamentals, Third Edition

15 Access Control Models (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

16 “Best” Practices for Access Control
_____________________________ Requires that if the fraudulent application of a process could potentially result in a breach of security, then the process should be __________ ________________________________ Job rotation Instead of one person having sole responsibility for a function, individuals are _______________ ___________________________ Security+ Guide to Network Security Fundamentals, Third Edition

17 “Best” Practices for Access Control (continued)
____________________________ Each user should be given only the __________ ______________________ necessary to perform his or her job function If a condition is not explicitly met, then it is to be _____________________ Security+ Guide to Network Security Fundamentals, Third Edition

18 Logical Access Control Methods
The methods to implement access control are divided into ___________ broad categories ___________ access control __________ access control Logical access control includes access control lists (_______), ___________, account __________, and ____________ More to come on each of these… Security+ Guide to Network Security Fundamentals, Third Edition

19 Access Control Lists (ACLs)
A _________________ that is attached to an object Specifies which subjects are ___________ ___________ the object and what ____________ they can __________ These lists are viewed most often in relation to files maintained by the operating system The structure behind ACL tables is a bit complex Access control entry (__________) Each ____________________ in the Microsoft Windows, Linux, and Mac OS X operating systems Security+ Guide to Network Security Fundamentals

20 Security+ Guide to Network Security Fundamentals, Third Edition

21 Access Control Lists (ACLs) (continued)
In Windows, the ACE includes four items of information: A security identifier (_________) for the user account, group account, or logon session An ____________ that _____________________ controlled by the ACE A __________ that indicates the type of ACE A set of ________ that determine whether objects can _________________ Security+ Guide to Network Security Fundamentals, Third Edition

22 Group Policies- A Windows Feature
Group Policy A feature that provides ______________ and _____________ of computers and remote users Using the Microsoft directory services known as Active Directory (______) Group Policy is usually used in __________ _____________ to __________________ that may pose a security risk Group Policy settings are stored in Group Policy Objects (_________) Security+ Guide to Network Security Fundamentals, Third Edition

23 Two common Account Restrictions:
Limit when a user can log on to a system These restrictions can be set through a Group Policy Can also be set on individual systems ___________________________ The process of setting a user’s account to _____ Orphaned accounts are user accounts that ____________________________ an organization Can be controlled using account expiration Could be a ____________________ Security+ Guide to Network Security Fundamentals, Third Edition

24 Security+ Guide to Network Security Fundamentals, Third Edition

25 Passwords ________________ A password should ____________________
The most _______________________________ Part of the identification/authentication process of access control A secret __________________________ that only the user knows Overall- provides _______________ security A password should ____________________ Must also be of a sufficient length and complexity so that an attacker _______________________ Security+ Guide to Network Security Fundamentals, Third Edition

26 Passwords (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

27 Passwords (continued)
Attacks on passwords ____________________ attack Simply trying to __________________ through combining a random combination of characters Passwords typically are stored in an encrypted form called a “___________” Attackers try to _______________________ and then ________________ the hashed passwords ________________ as noted in the next attack See next slide… Security+ Guide to Network Security Fundamentals, Third Edition

28 Passwords (continued)
Attacks on passwords (continued) _____________________ attack Begins with the attacker _______________________ _____________________________________ And ____________________ those hashed dictionary words against those in a _______________________ Use of ___________________________ Make password attacks easier by ________________ ____________________________________ from nearly every possible password combination Security+ Guide to Network Security Fundamentals, Third Edition

29 Passwords (continued)
Rainbow tables (continued) Generating a rainbow table requires a significant amount of time Many tables made freely available for download from the Internet Rainbow table _________________________ Can be _______________ for attacks on other passwords Rainbow tables are _____________ than dictionary attacks The amount of _________________ on the attacking machine is ________________________ Security+ Guide to Network Security Fundamentals, Third Edition

30 Passwords (continued)
Security+ Guide to Network Security Fundamentals, Third Edition

31 Passwords (continued)
One reason for the success of rainbow tables is how older Microsoft Windows operating systems hash passwords A ________________ against breaking encrypted passwords with rainbow tables… Hashing algorithm should include a _______________________ as input along with the ________________________________ These random bits are known as a ______________ Make brute force, dictionary, and rainbow table attacks much ____________________ Security+ Guide to Network Security Fundamentals, Third Edition

32 Passwords (continued)
A strong password policy can provide _______________ against password attacks The first password policy is to ______________________ _________________________________ What are some characteristics for strong passwords? One of the best defenses against rainbow tables is to _______________________________________ ________________________ How can we protect our operating systems and therefore our password hashes from attackers? A final ___________ is to use a _______________ to help keep track of passwords Security+ Guide to Network Security Fundamentals, Third Edition

33 Passwords (continued)
Domain password policy Setting password restrictions for a __________ ______________ can be accomplished through the Windows Domain password policy There are _________ common domain password policy settings, called password setting objects See next slide… Security+ Guide to Network Security Fundamentals, Third Edition

34 Security+ Guide to Network Security Fundamentals, Third Edition

35 Physical Access Control
Physical access control primarily protects __________________________ And is designed to ______________________ from ____________________________ to equipment in order to use, steal, or vandalize it Physical access control includes computer security, door security, mantraps, video surveillance, and physical access logs More to come on each of these… Security+ Guide to Network Security Fundamentals, Third Edition

36 Computer Security The most fundamental step in physical security is to ________________________ Good idea to _____________________ such as USB ports or DVD drives Prevents attacker from installing programs or stealing sensitive data ___________________________ in an organization is important Security+ Guide to Network Security Fundamentals, Third Edition

37 Door Security _________________________ __________ lock
The easiest to use because it requires only a key for unlocking the door from the outside Security provided by a preset lock is ________ _____________ lock Extends a solid metal bar into the door frame for ________________________ Is much more ________________ than preset locks Requires that the key be used to both open and lock the door Security+ Guide to Network Security Fundamentals, Third Edition

38 Door Security (continued)
Door access systems _________ lock Combination locks that _____________ that must be pushed in the proper sequence to open the door __________________ to allow only the code of certain individuals to be valid on specific dates and times Cipher locks also __________________ of when the door was opened and by which code Cipher locks are typically connected to a _____________ ___________________________________ Can be monitored and controlled from one central location Security+ Guide to Network Security Fundamentals, Third Edition

39 Security+ Guide to Network Security Fundamentals, Third Edition

40 Door Security (continued)
Door access systems (continued) Cipher lock ____________________ Basic models can cost several hundred dollars while advanced models can be even more _______________ Users must be careful to conceal which buttons they push to ______________________ or photographing the __________________________ Security+ Guide to Network Security Fundamentals, Third Edition

41 Door Security (continued)
Door access systems (continued) _________________________ Use multiple _____________ that are aimed across a doorway and positioned so that as a ____________ _________________ the doorway… Some beams are activated and then other beams are activated a short time later Can detect if a second person walks through the beam array _________________ (“tailgates”) the first person Security+ Guide to Network Security Fundamentals, Third Edition

42 Door Security (continued)
Physical _________________ Objects to _____________________ ____________________ The ________________ types of physical tokens Contains magnetic strip or barcode to id user Today, ID badges can be fitted with tiny radio frequency identification (____________) tags Can be read by an ________________ as the user walks through the door with the badge in her pocket __________________ since emitted signal can be picked up by anyone Security+ Guide to Network Security Fundamentals, Third Edition

43 Mantraps A security device that monitors and controls two _____________________________ (a vestibule) that separates a non-secured area from a secured area Only __________ door can be opened at a time Mantraps are used at _______________ where only authorized persons are allowed to enter Security+ Guide to Network Security Fundamentals, Third Edition

44 Video Surveillance Closed circuit television (_________)
Using _______________ to transmit a signal to a specific and limited set of receivers Some CCTV cameras are fixed in a single position pointed at a door or a hallway Other cameras resemble a small dome and allow the security technician to move the camera 360 degrees for a full panoramic view Security+ Guide to Network Security Fundamentals, Third Edition

45 Physical Access Log A _______________________________ ____________________, the time that they entered, and the time they left the area Can also identify if unauthorized personnel have accessed a secure area Security+ Guide to Network Security Fundamentals, Third Edition

46 Summary Access control is the process by which resources or services are denied or granted Best practices for implementing access control include separation of duties, job rotation, using the principle of least privilege, and using implicit deny Logical access control methods include using access control lists (ACLs), which are provisions attached to an object Security+ Guide to Network Security Fundamentals, Third Edition

47 Summary (continued) Passwords, sometimes known as logical tokens, are a secret combination of letters and numbers that only the user should know Physical access control attempts to limit access to computer equipment by unauthorized users Security+ Guide to Network Security Fundamentals, Third Edition

Download ppt "Security+ Guide to Network Security Fundamentals, Third Edition"

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Access Control Methodologies

Access Control Methodologies
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Database Security Managing Users and Security Models.

Database Security Managing Users and Security Models.
.  Access Control Models  Authentication Models  Logging Procedures  Conducting Security Audits  Redundancy Planning  Disaster Recovery Procedures.

.  Access Control Models  Authentication Models  Logging Procedures  Conducting Security Audits  Redundancy Planning  Disaster Recovery Procedures.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Similar presentations

Ads by Google