Access Control

Get Started. It's Free
or sign up with your email address
Rocket clouds
Access Control by Mind Map: Access Control

1. Mechanisms

1.1. Centralized Access Control Methodologies

1.1.1. AAA

1.1.1.1. Features

1.1.1.1.1. A Distributed security model

1.1.1.1.2. Authenticated transactions

1.1.1.1.3. Flexible authentication mechanisms

1.1.1.1.4. An Extensible Protocol

1.1.1.2. RADIUS

1.1.1.3. TACACS

1.1.1.4. DIAMETER

1.2. Decentralized Access Control Methodologies

1.2.1. Kerberos

1.2.1.1. Provides

1.2.1.1.1. Security

1.2.1.1.2. Reliability

1.2.1.1.3. Trancparency

1.2.1.1.4. Scalability

1.2.1.2. 3rd Party Authentication Product

1.2.1.3. Ticketing system

1.2.1.4. No authorisation

1.2.1.5. KDS

1.2.1.6. Not pki

1.2.1.7. (Potentials) Threats

1.2.1.7.1. SPoF

1.2.1.7.2. Replay Attacks

1.2.2. SSO

1.2.3. Additional Distributed Security Controls

1.2.3.1. Thin Clients

1.2.3.2. Security Domains

1.2.4. SESAME

1.2.4.1. Like Kerberos

1.2.4.2. A-symmetric Encryption

1.2.5. MicroSoft Specific

1.2.5.1. LMHASH

1.2.5.1.1. Limited pool

1.2.5.1.2. Doubtfull algorithm

1.2.5.2. NTHASH

1.2.5.2.1. Improved LMHASH

2. Factors of Authentication

2.1. Something you have

2.1.1. Token

2.1.2. Smartcard

2.1.3. keys

2.2. Something you are

2.2.1. Biometrics

2.2.1.1. Facial scan

2.2.1.2. Hand scan

2.2.1.3. Finger print

2.2.1.4. Voice

2.2.1.5. Iris scan

2.2.1.6. Errors

2.2.1.6.1. FRR (Type I)

2.2.1.6.2. FAR (Type II)

2.2.1.6.3. Cross-over Rate

2.3. Something you know

2.3.1. password

2.3.1.1. Attacks

2.3.1.1.1. Brute force

2.3.1.1.2. Rainbow tables

2.3.1.1.3. Social Engineering

2.3.1.1.4. Dictionary

2.3.1.1.5. Hybrid

3. Information Security Managment Access Controls

3.1. Developing security policies, procedures and guidelines

3.2. Personnel controls

3.2.1. Separation of duties

3.2.2. Rotation of Duties

3.2.3. Collusion

3.2.4. Procedures for recruiting and terminating employees

3.3. Security Awareness and training

3.4. Testing of Access controls

4. Countermesures

4.1. Intrusion Detection

4.1.1. IDS Types

4.1.1.1. Host-Based IDS

4.1.1.2. Network-Based IDS

4.1.2. IDS Analysis Methods

4.1.2.1. Rule-Based Intrusion Detection

4.1.2.2. Statistical-Based/Anomaly-Based Intrusion Detection

4.1.2.3. Signature-Based Intrusion Detection

4.1.2.4. Intrusion Response

4.1.2.5. Intrusion Alarms and Signals

4.1.3. Audit Trail Monitoring

4.1.3.1. Type of Events Recorded

4.1.3.1.1. Internet connection event data

4.1.3.1.2. System-level event data

4.1.3.1.3. Application-level event data

4.1.3.1.4. User-level event data

4.2. Penetration Testing

4.2.1. Methodology

4.2.1.1. Gather infromation

4.2.1.2. scanning

4.2.1.3. gain access

4.2.1.4. maintain access

4.2.1.5. cover tracks

4.3. Controls

4.3.1. Types

4.3.1.1. Administrative

4.3.1.2. Physical

4.3.1.3. Logical/Technical

4.3.2. Categories

4.3.2.1. Preventive

4.3.2.2. Compensating

4.3.2.3. Deterrent

4.3.2.4. Recovery

4.3.2.5. Corrective

4.3.2.6. Detective

5. Threats

5.1. Transmission Threats

5.1.1. Replay Attacks

5.1.2. Session Hijack

5.1.3. DOS Attacks

5.1.3.1. DDOS Attacks

5.1.3.2. Different DOS Attacks

5.1.3.2.1. Smurf

5.1.3.2.2. Tear Drop

5.1.3.2.3. Ping of Death

5.1.3.2.4. Land

5.1.3.2.5. SYN Flood

5.1.4. Covert Channel

5.1.4.1. Timing Channel

5.1.4.2. Storage Channel

5.1.5. Masquerading/Man-in-middle-attacks

5.1.6. Sniffing

5.2. Malicious Code Threats

5.2.1. Virus

5.2.1.1. Worms

5.2.2. Trojans

5.2.3. Logic Bombs

5.2.4. Root Kits

5.2.5. Bufferover flow attacks

5.3. Password Threats

5.3.1. Offline Attacks

5.3.2. Online Attacks

5.3.3. Pre-Imaging Attacks

5.3.4. Brute-force Attacks

5.3.5. Hybrid Attacks

5.3.6. Dictionary Attacks

5.4. CIA

5.4.1. Confidentiality

5.4.1.1. Disclosure

5.4.2. Integrity

5.4.2.1. Alteration

5.4.3. Availability

5.4.3.1. Destruction

5.5. Insider Attacks

5.5.1. Privileges Stacking

5.5.2. Data Diddling

5.5.3. Salmi Attack

6. Access control Models

6.1. Definitions

6.1.1. Non Discretionary Access Control

6.1.1.1. Role Based AC

6.1.1.2. Rule Based AC

6.1.1.3. Content Based AC

6.1.2. Lattice

6.1.3. Mandatory Access Control

6.1.3.1. Subjects - Security level

6.1.3.2. Objects - Security label

6.1.4. Discretionary Access Control

6.1.4.1. Owner decides on who gets access

6.2. Definition of Access Control

6.2.1. Identification & Authentication

6.2.2. The A-I-C Triad

6.2.3. Separation of Duties

6.2.4. Least Privilege

6.3. Access Control Types

6.3.1. Mandatory Access Control

6.3.2. Discretionay Access Control

6.3.2.1. Access Control Matrix

6.3.2.2. Access Control Lists

6.3.3. Rule-Base Acces Control

6.3.4. Role-Based Access Control

6.3.5. Content-Based Access Control