Access Control and Security
par Claude Johanson
1. Implementation Process
1.1. Access Control Models
1.2. Access Control Policies - Group Policy, Account Restrictions, Time of Day Restrictions, Account Expirations
2. Authentication Services
2.1. Authentication of Networked Users - Kerberos implementation, RADIUS Authentication systems for apple Mac, Lynux and Windows. TACACS Authentication Services for Unix systems, Directory Access Control Protocols, eg. LDAP (Lightweight directory Access Protocol)
2.2. RADIUS SERVER (Remote Authentication dial in User Service) for Wireless Access or AP (Access Point) Protection against
2.3. Outsource Security Guards and Security ID and Personal ID authentication.
3. Plan
3.1. Protection of Systems, Clients and Data
3.1.1. Hardware Security
3.1.2. Software security
3.2. Identify Facility Vulnerabilities
3.3. Prioritize Securing Areas of vulnerabilities
3.4. Access control Models
3.4.1. Access Control Models - MAC, DAC, RBAC (Role based) and RBAC (Rule based)
3.4.2. Access control Lists - ACLs
3.4.3. Access Control Entries - ACEs
3.4.4. Access Control Practices for Administrators - Separation of duties, Job Rotation, Least Privilege, Implicit Deny and Mandatory Vacations.
3.5. Review Security Practices
3.6. Identify Different points of Access
4. Facility Vulnerability
4.1. Vulnerability of Physical Malicious damage or Loss of equipmnt
4.2. Remote Unauthorized Access
4.3. vulnerability from In house unauthorized access to sensitive data
5. What is Access Control???
5.1. Concept
5.1.1. Why?
5.1.2. How?