Access Control

Get Started. It's Free
or sign up with your email address
Rocket clouds
Access Control by Mind Map: Access Control

1. Models

1.1. Mandatory Access Control (MAC)

1.1.1. Models

1.1.1.1. Lattice Model

1.1.1.2. Bell-LaPudula (BLP) Model

1.1.1.2.1. "No Read Up, No Write Down"

1.1.1.2.2. Multi-Level Security

1.1.2. Elements

1.1.2.1. Labels

1.1.2.2. Levels

1.1.3. Implementations

1.1.3.1. SELinux

1.1.3.2. Solaris Trusted Extensions

1.1.3.3. Oracle Databases

1.2. Discretionary Access Control (DAC)

1.2.1. Weaknesses

1.2.1.1. End-User sets security policy on objects/data for which they do not own or have ultimate responsibility to protect

1.2.1.2. Subject's rights are inherited by executed programs

1.3. Role Based Access Control (RBAC)

1.3.1. Examples

1.3.1.1. Business Analyst can submit request for business change

1.3.1.2. Only BUSINESS PROCESS OWNER can approve business process change

1.4. Rule-Based Role-Based Access Control (RB-RBAC)

1.4.1. Examples

1.4.1.1. Time-Based Login Rules

1.4.2. Proxy Server

1.4.3. Firewalls

2. Critical Thinking

2.1. How do we control access to meet security objectives

2.2. Assumptions

2.2.1. Clarity of access policies

2.2.2. Access cannot be soley restricted by technological mechanisms

3. Teaching

3.1. 1. Terminology

3.1.1. Speak the language

3.2. 2. Four standard models

3.3. 3. Best Practices

3.4. 4. Implementation

3.5. 5. Authentication Services

4. Terminology

4.1. Identification

4.1.1. "I am Mark"

4.2. Authentication

4.2.1. My password is "password" proving I'm Mark

4.3. Authorization

4.3.1. Password accepted; you're authorized to login. You're access rights are ...

4.4. Access

4.5. Subject / Operation / Object

4.6. Roles

4.6.1. Owner

4.6.2. Custodian

4.6.3. End-User

5. Best Practices

5.1. Seperation of Duties

5.1.1. Casino

5.1.2. Classifying Information

5.2. Job Rotation

5.3. Least Privileged

5.4. Implicity Deny

5.5. Mandatory Vacations

6. Extras

6.1. 800-53 Access Controls

6.1.1. AC-1 Access Control Policy and Procedures

6.1.2. AC-2 Account Management

7. Implementation

7.1. Access Control List

7.1.1. Access Control Entry

7.2. Group Policy

7.2.1. Local Group Policy

7.3. Account Restrictions

7.3.1. Time of Day

7.3.2. Account Expiration

7.3.2.1. Orphaned accnts

7.3.2.2. Dormant accnts

8. Authentication Services

8.1. Kerberos

8.1.1. Ticket Granting Service

8.1.2. Used By Windows Active Directory

8.2. RADIUS

8.2.1. "Remote Authentication Dial In User Service"

8.2.2. 802.1x

8.2.2.1. supplicant

8.2.2.2. authenticator

8.2.2.3. RADIUS server

8.2.2.4. User database

8.3. TACACS

8.3.1. "Terminal Access Control Access Control System"

8.4. LDAP

8.4.1. "Lightweight Directory Access Protocol"