Access Control Fundamentals
by Lenora Ford
1. Best Practices for Access Control
1.1. Separation of Duties
1.1.1. Job Rotation
1.1.1.1. Least Privilege
1.1.1.1.1. Implicit Deny
2. Access Control Models
2.1. MAC
2.1.1. DAC
2.1.1.1. RBAC
2.1.1.1.1. RBAC
2.1.1.1.2. Real World Approach
2.1.1.2. Least Restrictive
2.1.2. Lattice Model
2.1.2.1. Bell-LaPadula
2.1.3. Label
2.1.3.1. Levels
2.1.4. Most Restrictive
3. Access Control Terminology
3.1. Identification
3.1.1. Authentication
3.1.1.1. Authorization
3.1.1.1.1. Access
3.1.1.1.2. Login
3.1.1.2. Password
3.1.2. Username
4. What is Access Control
5. Authentication Services
5.1. Radius
5.2. Kerberos
5.3. TACACS
5.4. LDAP
6. Implementing Access Conrol
6.1. ACLs
6.1.1. SID
6.1.1.1. Access Mask
6.1.1.1.1. Flag
6.2. Group Policies
6.2.1. GPO
6.2.1.1. LGP
6.3. Account Restrictions
6.3.1. Time of Day Restrictions
6.3.1.1. Account Expiration