Presentation is loading. Please wait.

Presentation is loading. Please wait.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Similar presentations


Presentation on theme: "7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA."— Presentation transcript:

1 7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA

2 Access Control Process by which resources are ganted or denied on a network. Basic steps: –Identification – review of credentials –Authentication – Validate credentials as genuine –Authorization – Permission granted to network –Access – right given to access specific resources Physical Access control, Hardware control, software control, policy control

3 Security+ Guide to Network Security Fundamentals, Third Edition3 Access Control Terminology (continued)

4 Access Control models Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role Based Access Control (RBAC) Rule Bases Access Control (RBAC)

5 Mandatory Access Control – used in defense and military. Most restrictive Owner/Administrator responsible for managing access controls. Owner defines a policy about users or user groups who can operate objects. Administrator implements the policy. Users can’t modify the policy If numbers are assigned to users and objects, user number had to be higher than object number to have access to that object.

6 Security+ Guide to Network Security Fundamentals, Third Edition6 Access Control Terminology (continued)

7 Discretionary Access Control Least restrictive Users can manipulate any objects and End user sets the level of security – it is a major weakness User’s permission will be inherited by any programs that the subject executes. Operating systems are now beginning to ask users for permission when installing a software (User Account Control or UAC).

8 UAC Primary restrictions implemented by UAC: –Run with limited privileges by default for administrators. Gives Windows needs your permission to continue popup. Software can’t secretly install itself. –Standard user account can run allowed applications without having administrator privileges. –Standard users can perform common tasks such as installing new fonts or adding a printer. without having administrative privileges.

9 Security+ Guide to Network Security Fundamentals, Third Edition Access Control Models (continued) 9

10 Role Based Access Control Instead of setting permission for each user or group, RBAC model assigns permission to particular roles in the organization then assigns users to that role. User can only belong to one role. Users can’t be given permissions beyond the role.

11 Security+ Guide to Network Security Fundamentals, Third Edition Access Control Models (continued) 11

12 Rule Based Access Control Each resource object contains a set of access properties based on the rules. This is good when a user needs to access several systems.

13 Practices for Access Control Separation of duties: Prevent too much control by just one person. Owner and administrator should be two different individuals. Job rotation: responsibilities should be rotated. Requires cross training. Lease privilege: Give minimum required privilege. Implicit Deny: Deny all, except allowed ones.

14 Logical Access Control Methods: Access Control lists (ACLs), group policies, account restrictions and passwords. –ACL – set of permissions attached to an object. Unix rwx Windows: full, modify, read&execute, read write, special permissions.

15 Security+ Guide to Network Security Fundamentals, Third Edition15 Access Control Lists (ACLs) (continued)

16 Security+ Guide to Network Security Fundamentals, Third Edition16

17 Group Policies Microsoft windows feature that provides centralized management of –Configuration of computers –Remote users Uses active directory Used in enterprise environments to restrict user actions that may pose a security risk Group policy can control logging in scripts, folder redirection, internet explorer settings and windows registry settings. Group policy settings are stored in group policy objects which may in turn me linked to multiple domains.

18 Account restrictions Time of day restrictions Account expiration Password policy: Password expiration, used passwords can’t reused, strong passwords: required Uppercase, lower case and numbers, and length of characters.

19 Security+ Guide to Network Security Fundamentals, Third Edition19

20 Attacks on passwords Brute force attack. Simply guessing passwords such as first name, family members name, birthdates, cities, etc. Dictionary attack. Regular words and hashed words. Hashed words are encrypted passwords of dictionary words. Stolen password files from the computer will be hashed. Hashed words can be compared to these words in hashed files to discover the real passwords.

21 Security+ Guide to Network Security Fundamentals, Third Edition21 Passwords (continued)

22 Security+ Guide to Network Security Fundamentals, Third Edition22

23 Physical access control Secure the system Remove or disable hardware that can provide access to computer such as USB ports and DVD drives Rack mounted servers are preferred. Several such servers will have one keyboard and mouse (KVM swiches, with username and password security) Door Security – Lock or door access system (either key pad or physical tokens such as IDbadge with RFID) Video surveillance Physical Access log

24

25 Security+ Guide to Network Security Fundamentals, Third Edition25

26 Security+ Guide to Network Security Fundamentals, Third Edition Video Surveillance Closed circuit television (CCTV) –Using video cameras to transmit a signal to a specific and limited set of receivers Some CCTV cameras are fixed in a single position pointed at a door or a hallway Other cameras resemble a small dome and allow the security technician to move the camera 360 degrees for a full panoramic view 26

27

28 Security+ Guide to Network Security Fundamentals, Third Edition Physical Access Log Physical access log –A record or list of individuals who entered a secure area, the time that they entered, and the time they left the area –Can also identify if unauthorized personnel have accessed a secure area Physical access logs originally were paper documents –Today, door access systems and physical tokens can generate electronic log documents 28


Download ppt "7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA."

Similar presentations


Ads by Google