Scribd
Upload
48 views

Access Control Overview ..211: A. Know Definitions of Access, Subject, Object ..211

This document provides an overview of access control and identity management. It discusses definitions, security principles, identification and authentication methods, access control models, techniques and technologies, administration, methods, practices, monitoring, threats and countermeasures. Key areas covered include directories, password management, biometrics, access control lists, single sign-on, Kerberos, RADIUS, intrusion detection systems, and spoofing/phishing attacks.

Uploaded by

Paul Warren
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
48 views

Access Control Overview ..211: A. Know Definitions of Access, Subject, Object ..211

This document provides an overview of access control and identity management. It discusses definitions, security principles, identification and authentication methods, access control models, techniques and technologies, administration, methods, practices, monitoring, threats and countermeasures. Key areas covered include directories, password management, biometrics, access control lists, single sign-on, Kerberos, RADIUS, intrusion detection systems, and spoofing/phishing attacks.

Uploaded by

Paul Warren
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

1. Access Control Overview…..

211
A. Know Definitions of Access, Subject, Object…..211

2. Security Principles…..212
A. Availability…..213

B. Integrity…..213

C. Confidentiality…..213-14

3. Identification, Authentication, Authorization, &


Accountability…..214
A. Identification & Authentication…..216
1. Identity Management…..218

A. Directories…..221-3

The Directories’ Role in Identity Management….223

B. Web Access Management…..224-7

C. Password Management…..227-9

1. Password Synchronization…..227-8

2. Self-Service Password Reset…..228

3. Assisted Password Reset…..228-9

D. Legacy Single Sign-on…..229

E. Account Management…..229-30

F. Provisioning…..230-2

G. Profile Update…..232
H. Federation…..233-4

2. Access Control and Markup Languages…..235-7

3. Biometrics…..237-

A. Fingerprint…..240

B. Palm Scan…..240

C. Hand Geometry…..240

D. Retina Scan…..240

E. Iris Scan…..240

F. Signature Dynamics…..241

G. Keystroke Dynamics…..241

H. Voice Print…..241

I. Facial Scan…..241

J. Hand Topography…..241

4. Passwords…..242

A. Password Management…..242-4

B. Password Checkers…..244

C. Password Hashing and Encryption

D. Password Aging…..244

E. Limit Logon Attempts…..244

5. Cognitive Password…..245

6. One-Time Password…..245
A. The Token Device…..245

B. Synchronous…..245

C. Asynchronous…..246

7. Cryptographic Keys…..248

8. Passphrase…..248

9. Memory Cards…..248-9

10. Smart Card…..249

A. Smart Card Attacks…..251

B. Authorization…..252
1. Access Criteria…..253-4

2. Default to No Access…..254

3. Need to Know…..254-6

4. Single Sign-On…..256-8

5. Kerberos…..258

A. Main Components in Kerberos…..259

B. The Kerberos Authentication Process…..260-2

C. Weaknesses of Kerberos…..262-3

6. SESAME…..2634

7. Security Domains…..264-6

8. Directory Services…..267

9. Thin Clients…..267
4. Access Control Models…..268
A. Discretionary Access (DAC)…..268-9

B. Mandatory Access Control (MAC)…..269


1. Sensitivity Labels…..270-1

C. Role-Based (nondiscretionary) Access Control…..271


1. Core RBAC…..272-3

2. Hierarchical RBAC…..273

3. Ways in which RBAC can be managed…..274

A. Non-RBAC

B. Limited RBAC

C. Hybrid RBAC

D. Full RBAC

5. Access Control Techniques & Technologies…..274


A. Rule-Based Access Control…..274-5

B. Constrained User Interfaces…..276

C. Access Control Matrix (DAC model)


1. Capability Tables…..276-7

2. Access Control Lists…..277

D. Content-Dependent Access Control…..278

E. Context-Dependent Access Control…..278-9

6. Access Control Administration…..279


A. Centralized Access Control Administration
1. RADIUS…..280-1

2. TACACS…..281-4

3. Diameter…..284-6

B. Decentralized Access Control Administration…..287

7. Access Control Methods…..287


A. Access Control Layers…..288

B. Administrative Controls…..288
1. Personnel Controls…..289

2. Supervisory Structure…..289

3. Security-Awareness Training…..289

4. Testing…..289

C. Physical Controls…..290
1. Network Segregation…..290

2. Perimeter Security…..290

3. Computer Controls…..290-1

4. Work Area Separation…..291

5. Cabling…..291

6. Control Zone…..291

D. Technical Controls…..291
1. System Access…..292
2. Network Architecture…..292

3. Network Access…..292-4

4. Encryption and Protocols…..294

5. Auditing…..294

8. Access Control Types…..294


A. Preventive: Administrative…..296

B. Preventive: Physical…..297

C. Preventive: Technical…..297

9. Accountability…..300
A. Review of Audit information…..302

B. Keystroke Monitoring…..302-3

C. Protecting Audit Data and Log Information…..303

10. Access Control Practices…..303


A. Unauthorized Disclosure of Information…..304
1. Object Reuse…..304-5

2. Emanation Security…..305

A. TEMPEST…..305-6

B. White Noise…..306

C. Control Zone…..306

11. Access Control Monitoring…...306


A. Intrusion Detection…..307
1. Network-Based IDSs…..307

2. Host-Based IDSs…..307-8

3. Knowledge-or Signature-Based Intrusion Detection…..308

4. State-Base IDSs…..309

5. Statistical Anomaly-Based IDS…..309-11

6. Protocol Anomaly-Based IDS…..311-12

7. Traffic Anomaly-Based IDS…..312

8. Rule-Based IDS…..312-13

9. IDS Sensors…..314

10. Network Traffic…..316

B. Intrusion Prevention Systems…..316


1. Honeypot…..317

2. Network Sniffers…..318

12. Threats to Access Control…..318


A. Dictionary Attack…..319
1. Countermeasures….319

B. Brute Force
1. Countermeasures…..320

C. Spoofing at Logon…..320
1. Phishing…..321

2. Identity Theft…..323

You might also like