Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

Access Control by Mind Map: Access Control
0.0 stars - 0 reviews range from 0 to 5

Access Control

Mechanisms

Centralized Access Control Methodologies

AAA, Features, A Distributed security model, Authenticated transactions, Flexible authentication mechanisms, An Extensible Protocol, RADIUS, TACACS, DIAMETER

Decentralized Access Control Methodologies

Kerberos, Provides, Security, Reliability, Trancparency, Scalability, 3rd Party Authentication Product, Ticketing system, No authorisation, KDS, Not pki, (Potentials) Threats, SPoF, Replay Attacks

SSO

Additional Distributed Security Controls, Thin Clients, Security Domains

SESAME, Like Kerberos, A-symmetric Encryption

MicroSoft Specific, LMHASH, Limited pool, All character capitilized, Doubtfull algorithm, 14 split in two equal parts (size=7), Padding with 0's, NTHASH, Improved LMHASH

Factors of Authentication

Something you have

Token

Smartcard

keys

Something you are

Biometrics, Facial scan, Hand scan, Finger print, Voice, Iris scan, Errors, FRR (Type I), FAR (Type II), Cross-over Rate

Something you know

password, Attacks, Brute force, Rainbow tables, Social Engineering, Dictionary, Hybrid

Information Security Managment Access Controls

Developing security policies, procedures and guidelines

Personnel controls

Separation of duties

Rotation of Duties

Collusion

Procedures for recruiting and terminating employees

Security Awareness and training

Testing of Access controls

Countermesures

Intrusion Detection

IDS Types, Host-Based IDS, Network-Based IDS

IDS Analysis Methods, Rule-Based Intrusion Detection, Statistical-Based/Anomaly-Based Intrusion Detection, Signature-Based Intrusion Detection, Intrusion Response, Intrusion Alarms and Signals

Audit Trail Monitoring, Type of Events Recorded, Internet connection event data, System-level event data, Application-level event data, User-level event data

Penetration Testing

Methodology, Gather infromation, scanning, gain access, maintain access, cover tracks

Controls

Types, Administrative, Physical, Logical/Technical

Categories, Preventive, Compensating, Deterrent, Recovery, Corrective, Detective

Threats

Transmission Threats

Replay Attacks

Session Hijack

DOS Attacks, DDOS Attacks, Different DOS Attacks, Smurf, Fraggle, Tear Drop, No Name Attack, Ping of Death, Land, SYN Flood

Covert Channel, Timing Channel, Storage Channel

Masquerading/Man-in-middle-attacks

Sniffing

Malicious Code Threats

Virus, Worms

Trojans

Logic Bombs

Root Kits

Bufferover flow attacks

Password Threats

Offline Attacks

Online Attacks

Pre-Imaging Attacks

Brute-force Attacks

Hybrid Attacks

Dictionary Attacks

CIA

Confidentiality, Disclosure

Integrity, Alteration

Availability, Destruction

Insider Attacks

Privileges Stacking

Data Diddling

Salmi Attack

Access control Models

Definitions

Non Discretionary Access Control, Role Based AC, Rule Based AC, Content Based AC

Lattice

Mandatory Access Control, Subjects - Security level, Objects - Security label

Discretionary Access Control, Owner decides on who gets access

Definition of Access Control

Identification & Authentication

The A-I-C Triad

Separation of Duties

Least Privilege

Access Control Types

Mandatory Access Control

Discretionay Access Control, Access Control Matrix, Access Control Lists

Rule-Base Acces Control

Role-Based Access Control

Content-Based Access Control