Professional Documents
Culture Documents
Access Control
Objects
5
Access control list (ACL)
Ideally, one list per object showing all subjects with access
rights
object
Access Control Process
Access Control
Models
Access Control Process (conti…)
Identification
Computer or network users are identified by unique identity
such as user name.
Authentication
Checking the user’s login information to be sure that they are
authentic and not fabricated, usually using a password
Authorization or Access
Granting permission to take the action on resources (file, folder,
program)
Custodian or Administrator
The person who reviews security settings or rights
Authentication vs. Authorization
Authentication
Checking the identity of a user e.g. user name
and password
May also involves verification of IP address,
machine name, session, etc…
Determine whether a user is allowed to access
the system at all or not
Authorization
Assuming identity of user is known, determine
whether some specific action is allowed
9
Access Control Models or Policies
Many-to-many
relationship between
users and roles
Role-users and
roles-object
access matrix
Role Based Access Control (RBAC)
model
Sometimes called Non-Discretionary Access
Control
Used in Windows corporate domains
Considered a more “real world” approach than the
other models
Assigns permissions to particular roles in the
organization, such as “Manager role” and then assigns
users to that role
Objects are set to be a certain type, to which
subjects with that particular role have access
Rule based Access Control
Access to object is either granted or denied on
the base of specified predefined rules such as :-
If days between Monday to Wednesday
Time between 11:AM to 2:00 PM
Location is Pakistan
Advantages:
Very flexible & can be combined with other Models
Example: Firewalls grant access to the packet using rule based
access control policies.
Roles in Access Control
update
Best Practices for Managing of
Access Control
Separation of duties
More than one person should complete an important tasks
No Single person should control money or other essential
resources alone.
Network administrator(s) often have too much power and
responsibility
Job Rotation
Individuals should periodically moved from one job
responsibility to another
Best Practices for Access Control
Least privileges
Each user should be given only the minimal
amount of privileges necessary to perform his or
her job function
Implicit (Fully) deny
If a condition is not clearly met, access is denied
For example, Web filters typically block unrated
sites
Physical Access Control
Physical Access Control
Physical access control primarily protects computer
equipment
Designed to prevent unauthorized users from
gaining physical access to equipment in order to
use, steal, or damage it.
Physical access control includes computer security,
door security, mantraps, video surveillance, and
physical access logs
Physical Computer Security
Rack-mounted servers
A rack server, also called a rack-mounted server, is a computer dedicated to use as
a server and designed to be installed in a metal frame called a rack. The rack contains
multiple mounting slots called bays, each designed to hold a hardware unit secured in
place with screws.