Unlock the full potential of your projects.
フルマップを表示
マップをコピーして編集する コピー

Access Control

MT
Mark Thomsen
登録は簡単!. 無料です
または 登録 あなたのEメールアドレスで登録
類似のマインドマップ マインドマップの概要
Access Control により Mind Map: Access Control

1. Models

1.1. Mandatory Access Control (MAC)

1.1.1. Models

1.1.1.1. Lattice Model

1.1.1.2. Bell-LaPudula (BLP) Model

1.1.1.2.1. "No Read Up, No Write Down"

1.1.1.2.2. Multi-Level Security

1.1.2. Elements

1.1.2.1. Labels

1.1.2.2. Levels

1.1.3. Implementations

1.1.3.1. SELinux

1.1.3.2. Solaris Trusted Extensions

1.1.3.3. Oracle Databases

1.2. Discretionary Access Control (DAC)

1.2.1. Weaknesses

1.2.1.1. End-User sets security policy on objects/data for which they do not own or have ultimate responsibility to protect

1.2.1.2. Subject's rights are inherited by executed programs

1.3. Role Based Access Control (RBAC)

1.3.1. Examples

1.3.1.1. Business Analyst can submit request for business change

1.3.1.2. Only BUSINESS PROCESS OWNER can approve business process change

1.4. Rule-Based Role-Based Access Control (RB-RBAC)

1.4.1. Examples

1.4.1.1. Time-Based Login Rules

1.4.2. Proxy Server

1.4.3. Firewalls

2. Terminology

2.1. Identification

2.1.1. "I am Mark"

2.2. Authentication

2.2.1. My password is "password" proving I'm Mark

2.3. Authorization

2.3.1. Password accepted; you're authorized to login. You're access rights are ...

2.4. Access

2.5. Subject / Operation / Object

2.6. Roles

2.6.1. Owner

2.6.2. Custodian

2.6.3. End-User

3. Best Practices

3.1. Seperation of Duties

3.1.1. Casino

3.1.2. Classifying Information

3.2. Job Rotation

3.3. Least Privileged

3.4. Implicity Deny

3.5. Mandatory Vacations

4. Implementation

4.1. Access Control List

4.1.1. Access Control Entry

4.2. Group Policy

4.2.1. Local Group Policy

4.3. Account Restrictions

4.3.1. Time of Day

4.3.2. Account Expiration

4.3.2.1. Orphaned accnts

4.3.2.2. Dormant accnts

5. Authentication Services

5.1. Kerberos

5.1.1. Ticket Granting Service

5.1.2. Used By Windows Active Directory

5.2. RADIUS

5.2.1. "Remote Authentication Dial In User Service"

5.2.2. 802.1x

5.2.2.1. supplicant

5.2.2.2. authenticator

5.2.2.3. RADIUS server

5.2.2.4. User database

5.3. TACACS

5.3.1. "Terminal Access Control Access Control System"

5.4. LDAP

5.4.1. "Lightweight Directory Access Protocol"

6. Critical Thinking

6.1. How do we control access to meet security objectives

6.2. Assumptions

6.2.1. Clarity of access policies

6.2.2. Access cannot be soley restricted by technological mechanisms

7. Teaching

7.1. 1. Terminology

7.1.1. Speak the language

7.2. 2. Four standard models

7.3. 3. Best Practices

7.4. 4. Implementation

7.5. 5. Authentication Services

8. Extras

8.1. 800-53 Access Controls

8.1.1. AC-1 Access Control Policy and Procedures

8.1.2. AC-2 Account Management