Access Control Systems and Methodology

Access control collection of mechanisms that create security architecture that protect information systems. (( Accountability))

Identification — Unique identity — social security

Authentication — Verify someone identification — Password

Least Privilege (Need to Know)

Information Owner — maintain overall responsibility of information system

Discretionary Access Control (DAC)– Information owner decide who get permission 

Access list — which user or group can have what perimison to read or write the file

User provisioning — New User, what permission, etc.

Mandatory Access Control (MAC) — System decides who can have access to what – Top Secret, etc.

Role-Based Access Control (RBAC) — Assign common access to group of people

Apply access control techniques to meet confidentiality and integrity goals

Understand and implement the major terms and concepts related to access control and tie them to system security

Apply discretionary access controls (DAC) and mandatory access controls (MAC) techniques, as appropriate

Choose effective passwords and avoid password limitations

  • Password can be insecure
  • Password are easily broken
  • Multi Factor authentication
  • Two-Factor Authentication
  • Three-Factor Authentication
    • SYH/SYK/SYA
  • Implement password alternatives, including smart cards, password tokens, and other multifactor techniques
    • Fingerprint recognition
    • Signature dynamics
    • Iris scanning
    • Retina scanning
    • Voice prints
    • Face recognition

Benefit of biometric identification/authentication:

  • Handling network access control
  • Tracking staff time and attendance
  • Authorizing financial transactions
  • Distributing government benefits (Social Security, public assistance, and so forth)
  • Verifying identities at point of sale
  • Working in conjunction with ATM cards, credit cards, or smart cards
  • Controlling physical access to office buildings or homes
  • Protecting personal property
  • Preventing kidnapping in schools, play areas, and other locations
  • Protecting children from fatal gun accidents
  • Controlling voting, passports, visas, and immigration

Apply the goals of single sign-on concepts to business and common users (SSO):

  • Kerberos — network authentication protocol
    • client/server applications by using symmetric key cryptography
    • also encrypt all their communications to ensure privacy and data integrity
    • Kerberos works by assigning a unique key, called a ticket, to each user
    • ticket embedded in messege that permit the reciever of messege to identify the seder of the messege 

Use the techniques described to control remote user access

  • Remote Access Dial-In User Service (RADIUS)
    • Client server protocol for authentication
    • User id /password or token
  • Virtual Private Networks (VPN)
    • private tunnel between the endpoints that prevents eavesdropping or data modification