Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

Published bySusan James Modified over 8 years ago

Similar presentations

Presentation on theme: "Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N."— Presentation transcript:

1 Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

2 Topic overview Introduction Two main types of access control Access control models Conclusions References

3 Introduction Access control means allowing the correct users to access the certain systems or resources while keeping out unauthorized users to gain access to the certain systems or resources. Access control is one of the fountains of the security.

4 Two types of access control:  Physical  Logical Physical access control Physical access control limits access to campuses, buildings, rooms and physical IT assets

5 Types of physical access control  Security guards  Walls  Fences  Locks and doors

6 Benefits of physical access control  Easy to maintain  Cost friendly  Reliable

7 Drawbacks of physical access control  Can be easily manipulated / damaged  Guards can be unreliable  Land scape / walls can be bad

8 Logical access control  Logical access control limits connections to computer networks, system files and data. The following are some types of logical access controls;  Biometrics systems  User identification and authentication,

9 Biometric access control systems Is the science way of identifying someone from physical characteristics. This includes technologies. Types of Biometric access controls  Finger prints  voice verification  retinal scan  palm identification

10 Biometric access control systems Benefits  Prevents unauthorised access  No need to remember passwords  Reduce the criminal act of fraud  Our human characteristics cannot be lost Disadvantages  Lack of standardization  Systems must be able to accommodate changes over a period of time due to facts such; ageing, injuries and illness.  Risk of misusing biometric systems.

11 Methods of comparing biometric system accuracy Before implementing a biometric system make sure you done following accuracy comparisons.  Type I Error : False rejection rate  Type II Error : False acceptance rate ( very dangerous make sure it mitigated),  Cross over rate

12 Identification and Authentication access control systems Identification & Authentication is the act of determining the identity of a user and of the host that they are using. The goal of authentication is to first verify that the user, either a person or system, which is attempting to interact with your system is allowed to do so. Types of identification and authentication access control  Passwords  Access cards  Pins/codes

13 Authentication & Identification Advantages  Users can choose their own passwords  Mostly passwords are not stored in the system  Access cards are portable ( can carry it around) Disadvantages  Eaves dropping  Social Engineering  passwords can be hacked & cracked using tools such; Brute force attack & dictionary attack.  Cards can be cloned

14 Methods of avoiding Authentication & Identification problems.  Protect passwords effectively  Encrypt passwords using tools such MD5 algorithm  Watch out who you socialize with  Choose complicated passwords

15 Access control models  Mandatory access control (MAC)  Discretionary access control (DAC)  Role-based access control (RBAC)  Rule –based access control (RBAC)

16 Mandatory access control Mandatory access control (MAC) is a security strategy that restricts the ability individual resources owners have to grand or deny access to resource objects in a file system.  All access capabilities are predefined  Sharing of information among users are established by system administrators and strictly enforced by OS or security kernel.] Continue….

17  Considered the most secure security model  Often used in government and military facilities where the confidentiality is a driving force E.G top secret, highly confidential.

18 Discretionary Access control This model allows users to users to share resources and information dynamically with other users.  The model offers more flexibility  All permissions in the operating systems (OS) fall within three groups: owner, group and other.  The permissions are based on the roles of users or groups

19 Role-Based access control This model approach the problem of access to a resources or information based on individual roles within an organisation or company.  This method grants access based on job responsibility and functions.  Used in the windows operating systems.

20 Rule based access control This model uses the settings in predefined security policies to make decisions, Rules can be ;  Deny all those who appears on (allow list)  Deny all those appears in the (A true deny list)

21 References  http://searchsecurity.techtarget.com/definition/access-control http://searchsecurity.techtarget.com/definition/access-control  http://resources.infosecinstitute.com/access-control-models-and- methods/ http://resources.infosecinstitute.com/access-control-models-and- methods/  http://www.slideshare.net/A619/biometrics-disadvantageshttp://www.slideshare.net/A619/biometrics-disadvantages  Jeff Smith,(2001) CISSP ITNS and CERIAS CISSP Luncheon Series: Access Control Systems & Methodology, Purdue University

22 Conclusion To conclude, access control is a broader topic it encompasses of all security measure that have to be taken for the safety and security of an organization, lot of precaution are still being proposed and in process of being tested before put into working environments.

23 End….

Download ppt "Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N."

Similar presentations

Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Access Control Methodologies

Access Control Methodologies
Biometric Authentication Andrea Blanco Binglin Li Brian Connelly.

Biometric Authentication Andrea Blanco Binglin Li Brian Connelly.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.

Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
By: Monika Achury and Shuchita Singh

By: Monika Achury and Shuchita Singh
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.

2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
The Impact of Physical Security on Network Security

The Impact of Physical Security on Network Security
GCSE ICT Viruses, Security & Hacking. Introduction to Viruses – what is a virus? Computer virus definition - Malicious code of computer programming How.

GCSE ICT Viruses, Security & Hacking. Introduction to Viruses – what is a virus? Computer virus definition - Malicious code of computer programming How.

Similar presentations

Ads by Google