Online Mind Mapping and Brainstorming

Create your own awesome maps

Online Mind Mapping and Brainstorming

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account? Log In

Access Control by Mind Map: Access Control
0.0 stars - 0 reviews range from 0 to 5

Access Control


Centralized Access Control Methodologies

AAA, Features, A Distributed security model, Authenticated transactions, Flexible authentication mechanisms, An Extensible Protocol, RADIUS, TACACS, DIAMETER

Decentralized Access Control Methodologies

Kerberos, Provides, Security, Reliability, Trancparency, Scalability, 3rd Party Authentication Product, Ticketing system, No authorisation, KDS, Not pki, (Potentials) Threats, SPoF, Replay Attacks


Additional Distributed Security Controls, Thin Clients, Security Domains

SESAME, Like Kerberos, A-symmetric Encryption

MicroSoft Specific, LMHASH, Limited pool, All character capitilized, Doubtfull algorithm, 14 split in two equal parts (size=7), Padding with 0's, NTHASH, Improved LMHASH

Factors of Authentication

Something you have




Something you are

Biometrics, Facial scan, Hand scan, Finger print, Voice, Iris scan, Errors, FRR (Type I), FAR (Type II), Cross-over Rate

Something you know

password, Attacks, Brute force, Rainbow tables, Social Engineering, Dictionary, Hybrid

Information Security Managment Access Controls

Developing security policies, procedures and guidelines

Personnel controls

Separation of duties

Rotation of Duties


Procedures for recruiting and terminating employees

Security Awareness and training

Testing of Access controls


Intrusion Detection

IDS Types, Host-Based IDS, Network-Based IDS

IDS Analysis Methods, Rule-Based Intrusion Detection, Statistical-Based/Anomaly-Based Intrusion Detection, Signature-Based Intrusion Detection, Intrusion Response, Intrusion Alarms and Signals

Audit Trail Monitoring, Type of Events Recorded, Internet connection event data, System-level event data, Application-level event data, User-level event data

Penetration Testing

Methodology, Gather infromation, scanning, gain access, maintain access, cover tracks


Types, Administrative, Physical, Logical/Technical

Categories, Preventive, Compensating, Deterrent, Recovery, Corrective, Detective


Transmission Threats

Replay Attacks

Session Hijack

DOS Attacks, DDOS Attacks, Different DOS Attacks, Smurf, Fraggle, Tear Drop, No Name Attack, Ping of Death, Land, SYN Flood

Covert Channel, Timing Channel, Storage Channel



Malicious Code Threats

Virus, Worms


Logic Bombs

Root Kits

Bufferover flow attacks

Password Threats

Offline Attacks

Online Attacks

Pre-Imaging Attacks

Brute-force Attacks

Hybrid Attacks

Dictionary Attacks


Confidentiality, Disclosure

Integrity, Alteration

Availability, Destruction

Insider Attacks

Privileges Stacking

Data Diddling

Salmi Attack

Access control Models


Non Discretionary Access Control, Role Based AC, Rule Based AC, Content Based AC


Mandatory Access Control, Subjects - Security level, Objects - Security label

Discretionary Access Control, Owner decides on who gets access

Definition of Access Control

Identification & Authentication

The A-I-C Triad

Separation of Duties

Least Privilege

Access Control Types

Mandatory Access Control

Discretionay Access Control, Access Control Matrix, Access Control Lists

Rule-Base Acces Control

Role-Based Access Control

Content-Based Access Control