|
Access Control Lists:
They are lists of subjects that are authorized to access a specific object and they define what level of authorization is granted.
Authorization can be specified to an individual, role or group.
Content-Dependent Access Control:
Access to objects is determined by the content within the object.
Access Control Administration
Centralized:
One entity (department or individual) is responsible for granting all users access to resources.
Provides a consistent and uniform method of controlling users' access rights.
Examples of centralised access control technologies:
- Radius / Remote Authentication Dial-in User Service:
Is an authentication protocol that authenticates and authorizes users usually dial-up users.
- TACACS / Terminal Access Controller Access Control System:
Is a client/server protocol that provides the same type of functionality as Radius.
Three generations -
* TACACS - Combines authentication and authorization.
* XTACACS - Separates authentication, authorization and accounting processes.
* TACACS+ - Separates authentication, authorization and accounting processes, with extended two-factor user authentication.
Decentralized and Distributed Access Administration:
Gives control of access to the people closer to the resources.
Does not provide uniformity and fairness across the organizations.
Examples of decentralized access control administration techniques.
Security Domain -
Can be described as a realm of trust.
All subjects and objects share common security policies, procedures and rules and they are managed by the same management system.
Each security domain is different because different policies and management govern it.
Can be implemented in hierarchical structures and relationships.
Are used within operating systems and applications to ensure that rogue activities do not accidentally damage important system files or processes.
Protection of security level is done through segmenting memory spaces and addresses.
A security domain can also be described as the resources available to a user.
Hybrid:
Is a combination of the centralized and decentralized access control administration methods.
Access Control Methods
Administrative Controls:
Policy and Procedures -
Is a high level plan stating management's intent pertaining to how security should be practiced within an organization, what actions are acceptable and what level of risk the company is willing to accept. Senior management will decide if DAC, MAC or RBAC access methodology should be used and if it should be administered via centralization or decentralization.
|
|
