Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.

Published byHomer Lane Modified over 9 years ago

Similar presentations

Presentation on theme: "© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls."— Presentation transcript:

1 © ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls

2 © ITT Educational Services, Inc. All rights reserved.Page 2 IS3230 Access Security Class Agenda 10/15/15  Chapter 8  Learning Objectives  Lesson Presentation and Discussions.  Class project outline due  Lab Activities will be performed in class..  Assignments will be given in class.  Break Times. 10 Minutes break in every 1 Hour.  Note: All Assignment and labs due today.

3 © ITT Educational Services, Inc. All rights reserved.Page 3 IS3230 Access Security Learning Objective  Implement appropriate access controls for information systems within information technology (IT) infrastructures.

4 © ITT Educational Services, Inc. All rights reserved.Page 4 IS3230 Access Security Key Concepts  The three states of data  File system access control lists  User account type privilege management  Access control best practices  Organization-wide layered infrastructure access control

5 © ITT Educational Services, Inc. All rights reserved.Page 5 IS3230 Access Security EXPLORE: CONCEPTS

6 © ITT Educational Services, Inc. All rights reserved.Page 6 IS3230 Access Security The Three States of Data Stored on some device Archived records Data at Rest (DAR) Sending an e-mail Retrieving a Web page Data in Motion (DIM) Creating a new document Processing a payment Data in Process

7 © ITT Educational Services, Inc. All rights reserved.Page 7 IS3230 Access Security DAR  Discussion:  As Students to give example of  Data at rest  Data in Motion  Data in Process.

8 © ITT Educational Services, Inc. All rights reserved.Page 8 IS3230 Access Security Securing DAR  Use of access Control mechanisms  Data Encryption.  Back ups  Physical Security

9 © ITT Educational Services, Inc. All rights reserved.Page 9 IS3230 Access Security  Use encryption to protect stored data: Elements in databases Files on network and shared drives Files on portable or movable drives, Universal serial bus (USB), and flash drives Files and shared drives accessible from the Internet Personal computers (PCs), laptop hard drives, and full disk encryption Protecting DAR

10 © ITT Educational Services, Inc. All rights reserved.Page 10 IS3230 Access Security DIM Gateway Network A Gateway Network B Direct Connection Remote virtual private network (VPN) Connection

11 © ITT Educational Services, Inc. All rights reserved.Page 11 IS3230 Access Security Protecting, DIM,  Vulnerable as it travels  Less risky than DAR  Attacker will have to get access to physical connection.  Boarder protection are needed –Firewalls and IDS

12 © ITT Educational Services, Inc. All rights reserved.Page 12 IS3230 Access Security Securing DIM  Encryption mechanisms to secure communication channel  SLL  HTTPS  VPN

13 © ITT Educational Services, Inc. All rights reserved.Page 13 IS3230 Access Security Difficult to protect since it is being operated on by the central processing unit (CPU) Protecting DIP

14 © ITT Educational Services, Inc. All rights reserved.Page 14 IS3230 Access Security Object level Security  Object is an item or group of items or group of information.  As in object oriented programming.  Security rules can be set on objects to secure data at rest of in motion  Example Firewalls and Web content filters

15 © ITT Educational Services, Inc. All rights reserved.Page 15 IS3230 Access Security File System Access Controls  File system access controls will include logging of user activities on the: Files Applications Systems Access Controls at Different Levels in a System

16 © ITT Educational Services, Inc. All rights reserved.Page 16 IS3230 Access Security  Trust-Based Peer to Peer (P2P)  Workgroup  Role-Based Access  Group-Based Files Access Types of File System Access Controls

17 © ITT Educational Services, Inc. All rights reserved.Page 17 IS3230 Access Security Access Control list  Security policies assigned to objects  Access control entities  Access denied, Access allowed, System audit.

18 © ITT Educational Services, Inc. All rights reserved.Page 18 IS3230 Access Security  Microsoft (MS) Windows versus UNIX  File system controls in MS Windows and UNIX are different, but used to accomplish the same objective–control access to data assets  Windows file access rights are inherited Types of File System Access Controls (Continued)

19 © ITT Educational Services, Inc. All rights reserved.Page 19 IS3230 Access Security Basic Access control rights in Windows.  Use in both Widows workstations and Servers for files and folders  Full Control  Modify  Read and execute  List Folder content  Read  Write

20 © ITT Educational Services, Inc. All rights reserved.Page 20 IS3230 Access Security Advanced Rights for file  Full Control  Traverse Folder  Read Attribute  Create files/Write data  Write Attribute  Create folder/ Append data  Delete  Read Permission  Change permission  Take ownership

21 © ITT Educational Services, Inc. All rights reserved.Page 21 IS3230 Access Security Windows Administrator Rights  A domain Administer – Full control of all computers in a Domain  Supper Administrator- Build in Secret administrator.

22 © ITT Educational Services, Inc. All rights reserved.Page 22 IS3230 Access Security EXPLORE: PROCESSES

23 © ITT Educational Services, Inc. All rights reserved.Page 23 IS3230 Access Security UNIX and Linux  Simplify ACL is based file permission system  Access rights are not inherited.  Rights in UNIX-Read, Write and Execute.  Root is a special class user in a UNIX or Linux  Also known as Super user  Supper user do (sudo) – allow user have privilege as a super user.

24 © ITT Educational Services, Inc. All rights reserved.Page 24 IS3230 Access Security Layered Protection Through IT Infrastructure

25 © ITT Educational Services, Inc. All rights reserved.Page 25 IS3230 Access Security Layered Protection Through IT Infrastructure (Continued) DMZ 2 DMZ 1 Dual DMZ Configuration

26 © ITT Educational Services, Inc. All rights reserved.Page 26 IS3230 Access Security EXPLORE: ROLES

27 © ITT Educational Services, Inc. All rights reserved.Page 27 IS3230 Access Security Roles and Responsibilities RoleResponsibilities System Owner  Owns System  Authorizes access  Performs non-technical access control review Network Administrator  Managing host security, file permissions, backup and disaster recovery plans, file system integrity, and adding and deleting users  Troubleshoot networks, systems, and applications to identify and correct malfunctions and other operational difficulties System Administrator  Grants access to system, applications, and data  Provides special access as required  Creates groups and assigns users and privileges  Provides backup and recovery capabilities of systems, applications, and data

28 © ITT Educational Services, Inc. All rights reserved.Page 28 IS3230 Access Security Roles and Responsibilities (Continued) RoleResponsibilities Application Owner  Grants access to applications that manipulate data  Maintains integrity of applications and processes Data Owner  Maintains data integrity  Authorizes distribution to internal and external parties User  Uses systems, applications, and data to perform functions  Creates file  Assigns data classification

29 © ITT Educational Services, Inc. All rights reserved.Page 29 IS3230 Access Security Summary  Three states of data  Protecting DIM and DAR  File system access controls  Layered protection  Roles and responsibilities

30 © ITT Educational Services, Inc. All rights reserved.Page 30 IS3230 Access Security Unit 6 Lab Activities  Lab # 6: Enhance Security Controls Leveraging Group Policy Objects  Complete the lab activities in class

31 © ITT Educational Services, Inc. All rights reserved.Page 31 IS3230 Access Security Unit 6 Assignments  Unit 6 Assignment: Aligning Account Types and Privileges  A copy of the assignment will be given in class.  Reading assignment: Read Chapters 9

Download ppt "© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls."

Similar presentations

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Chapter 5 Managing a Server. Overview  Server management  Examine networking models  Learn how users are authenticated  Manage users and groups 

Chapter 5 Managing a Server. Overview  Server management  Examine networking models  Learn how users are authenticated  Manage users and groups 
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.

Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
Understanding Active Directory

Understanding Active Directory
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Similar presentations

Ads by Google