Access Control

Get Started. It's Free
or sign up with your email address
Rocket clouds
Access Control by Mind Map: Access Control

1. Mechanisms

1.1. Centralized Access Control Methodologies

1.1.1. AAA Features A Distributed security model Authenticated transactions Flexible authentication mechanisms An Extensible Protocol RADIUS TACACS DIAMETER

1.2. Decentralized Access Control Methodologies

1.2.1. Kerberos Provides Security Reliability Trancparency Scalability 3rd Party Authentication Product Ticketing system No authorisation KDS Not pki (Potentials) Threats SPoF Replay Attacks

1.2.2. SSO

1.2.3. Additional Distributed Security Controls Thin Clients Security Domains

1.2.4. SESAME Like Kerberos A-symmetric Encryption

1.2.5. MicroSoft Specific LMHASH Limited pool Doubtfull algorithm NTHASH Improved LMHASH

2. Factors of Authentication

2.1. Something you have

2.1.1. Token

2.1.2. Smartcard

2.1.3. keys

2.2. Something you are

2.2.1. Biometrics Facial scan Hand scan Finger print Voice Iris scan Errors FRR (Type I) FAR (Type II) Cross-over Rate

2.3. Something you know

2.3.1. password Attacks Brute force Rainbow tables Social Engineering Dictionary Hybrid

3. Information Security Managment Access Controls

3.1. Developing security policies, procedures and guidelines

3.2. Personnel controls

3.2.1. Separation of duties

3.2.2. Rotation of Duties

3.2.3. Collusion

3.2.4. Procedures for recruiting and terminating employees

3.3. Security Awareness and training

3.4. Testing of Access controls

4. Countermesures

4.1. Intrusion Detection

4.1.1. IDS Types Host-Based IDS Network-Based IDS

4.1.2. IDS Analysis Methods Rule-Based Intrusion Detection Statistical-Based/Anomaly-Based Intrusion Detection Signature-Based Intrusion Detection Intrusion Response Intrusion Alarms and Signals

4.1.3. Audit Trail Monitoring Type of Events Recorded Internet connection event data System-level event data Application-level event data User-level event data

4.2. Penetration Testing

4.2.1. Methodology Gather infromation scanning gain access maintain access cover tracks

4.3. Controls

4.3.1. Types Administrative Physical Logical/Technical

4.3.2. Categories Preventive Compensating Deterrent Recovery Corrective Detective

5. Threats

5.1. Transmission Threats

5.1.1. Replay Attacks

5.1.2. Session Hijack

5.1.3. DOS Attacks DDOS Attacks Different DOS Attacks Smurf Tear Drop Ping of Death Land SYN Flood

5.1.4. Covert Channel Timing Channel Storage Channel

5.1.5. Masquerading/Man-in-middle-attacks

5.1.6. Sniffing

5.2. Malicious Code Threats

5.2.1. Virus Worms

5.2.2. Trojans

5.2.3. Logic Bombs

5.2.4. Root Kits

5.2.5. Bufferover flow attacks

5.3. Password Threats

5.3.1. Offline Attacks

5.3.2. Online Attacks

5.3.3. Pre-Imaging Attacks

5.3.4. Brute-force Attacks

5.3.5. Hybrid Attacks

5.3.6. Dictionary Attacks

5.4. CIA

5.4.1. Confidentiality Disclosure

5.4.2. Integrity Alteration

5.4.3. Availability Destruction

5.5. Insider Attacks

5.5.1. Privileges Stacking

5.5.2. Data Diddling

5.5.3. Salmi Attack

6. Access control Models

6.1. Definitions

6.1.1. Non Discretionary Access Control Role Based AC Rule Based AC Content Based AC

6.1.2. Lattice

6.1.3. Mandatory Access Control Subjects - Security level Objects - Security label

6.1.4. Discretionary Access Control Owner decides on who gets access

6.2. Definition of Access Control

6.2.1. Identification & Authentication

6.2.2. The A-I-C Triad

6.2.3. Separation of Duties

6.2.4. Least Privilege

6.3. Access Control Types

6.3.1. Mandatory Access Control

6.3.2. Discretionay Access Control Access Control Matrix Access Control Lists

6.3.3. Rule-Base Acces Control

6.3.4. Role-Based Access Control

6.3.5. Content-Based Access Control