CS 232

ACCESS CONTROLS

Access Controls
- selective restriction of access to an asset or a system/network resource
- protects information assets

Categories:
1. Physical : actual barriers to prevent unauthorized access.
a) Ex. Fences, Guards, Motion Detectors, Alarms, Cards, Biometrics,
Video Cams.
2. Logical : hardware & software solutions used to manage access to resources and systems.
3. Administrative : policies and procedures defined by organizations to implement and enforce
all aspects of unauthorized access.
Strategies:
1. Mandatory Access Control (MAC)
: restricts actions that a subject can perform on an object
: different levels of security classifications exist
2. Discretionary Access Control (DAC) : grants or restricts object access determined by the
objects owner.
3. Role-Based Access Control
: depends on the role of the subject
: can work in combination with DAC/MAC by enforcing the policies of
either one.
: helps implement security administration
: uses Access Control List (ACL’s) - contains series of rules
: based on job functions
Identification - enforces the rules established by the authorization policy
Identification Controls - sensitivity of information and information systems
Federated Identity Management - uses same identification credentials to gain access.

1. AUTHENTICATION
2. AUTHORIZATION
3. ACCOUNTABILITY

Types of Access Controls

1. Preventive - stop unwanted or unauthorized activity
2. Deterrent - limit/mitigate an action or behavior but do not stop them
3. Detective - alert system operators of potential unauthorized access.
4. Corrective - restore system back to a state of confidentiality, integrity and availability ; can
also restore systems to normal
5. Recovery - return to a normal state after violation of security policy
6. Compensative - make up for something ; provide options