SlideShare a Scribd company logo

Funsec3e ppt ch05

•
•
S
Skillspire LLC

The document discusses access controls, which are processes that protect resources by only allowing authorized users to use them. It covers physical and logical access controls and the four components of access control: identification, authentication, authorization, and accountability. Authentication methods like passwords, tokens, and biometrics are described. Formal access control models like discretionary access control and mandatory access control are also summarized.

Education
1 of 49
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Lesson 5 Access Controls
Page 2 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective(s)  Explain the role of access controls in an IT infrastructure.
Page 3 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts  Access control concepts and technologies  Formal models of access control  How identity is managed by access control  Developing and maintaining system access controls
Page 4 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Defining Access Control The process of protecting a resource so that it is used only by those allowed to Prevents unauthorized use Mitigations put into place to protect a resource from a threat
Page 5 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Four Parts of Access Control Access Control Component Description Identification Who is asking to access the asset? Authentication Can their identities be verified? Authorization What, exactly, can the requestor access? And what can they do? Accountability How are actions traced to an individual to ensure the person who makes data or system changes can be identified?
Page 6 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Policy Definition and Policy Enforcement Phases  Policy definition phase—Who has access and what systems or resources they can use • Tied to the authorization phase  Policy enforcement phase—Grants or rejects requests for access based on the authorizations defined in the first phase • Tied to identification, authentication, and accountability phases
Page 7 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Two Types of Access Controls •Controls entry into buildings, parking lots, and protected areas Physical •Controls access to a computer system or network Logical
Page 8 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Physical Access Control Smart cards are an example Programmed with ID number Used at parking lots, elevators, office doors Shared office buildings may require an additional after hours card Cards control access to physical resources
Page 9 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Logical Access Control Deciding which users can get into a system Monitoring what each user does on that system Restraining or influencing a user’s behavior on that system
Page 10 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Security Kernel Enforces access control for computer systems Central point of access control Implements the reference monitor concept
Page 11 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Enforcing Access Control
Page 12 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Access Control Policies •People who use the system or processes (subjects) Users •Protected objects in the system Resources •Activities that authorized users can perform on resources Actions •Optional conditions that exist between users and resources Relationships Four central components of access control:
Page 13 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Logical Access Control Solutions Logical Controls Solutions Biometrics • Static: Fingerprints, iris granularity, retina blood vessels, facial features, and hand geometry • Dynamic: Voice inflections, keyboard strokes, and signature motions Tokens • Synchronous or asynchronous • Smart cards and memory cards Passwords • Stringent password controls for users • Account lockout policies • Auditing logon events Single sign-on • Kerberos process • Secure European System for Applications in a Multi-Vendor Environment (SESAME)
Page 14 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authorization Policies
Page 15 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Methods and Guidelines for Identification Methods Guidelines • Username • Smart card • Biometrics • Actions • Accounting
Page 16 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authentication Types Something you know Knowledge • Something you have Ownership • Something unique to you Characteristics • Somewhere you are Location • Something you do/how you do it Action
Page 17 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authentication by Knowledge Password • Weak passwords easily cracked by brute-force or dictionary attack • Password best practices Passphrase • Stronger than a password  Account lockout policies  Audit logon events
Page 18 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authentication by Ownership  Synchronous token—Calculates a number at both the authentication server and the device • Time-based synchronization system • Event-based synchronization system • Continuous authentication  Asynchronous token • USB token • Smart card • Memory cards (magnetic stripe)
Page 19 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Asynchronous Token Challenge- Response
Page 20 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authentication by Characteristics/Biometrics
Page 21 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Concerns Surrounding Biometrics
Page 22 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 22 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Biometrics Fingerprint Palm print Hand geometry Retina scan Iris scan Facial recognition Voice pattern Keystroke dynamics Signature dynamics
Page 23 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 23 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authentication by Location and Action Location • Strong indicator of authenticity • Additional information to suggest granting or denying access to a resource Action • Stores the patterns or nuances of how you do something • Record typing patterns
Page 24 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 24 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Single Sign-On (SSO) Sign on to a computer or network once Identification and authorization credentials allow user to access all computers and systems where authorized Reduces human error Difficult to put in place
Page 25 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 25 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. SSO Processes Kerberos Secure European System for Applications in a Multi-Vendor Environment (SESAME) Lightweight Directory Access Protocol (LDAP)
Page 26 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 26 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Policies and Procedures for Accountability Log files Monitoring and reviews Data retention Media disposal Compliance requirements
Page 27 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 27 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Formal Models of Access Control Discretionary access control (DAC) Mandatory access control (MAC) Nondiscretionary access control Rule-based access control
Page 28 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 28 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Discretionary Access Control Operating systems-based DAC policy considerations • Access control method • New user registration • Periodic review Application-based DAC Permission levels
Page 29 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 29 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Mandatory Access Control Determine the level of restriction by how sensitive the resource is (classification label) System and owner make the decision to allow access Temporal isolation/time-of-day restrictions MAC is stronger than DAC
Page 30 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 30 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Nondiscretionary Access Control  Access rules are closely managed by security administrator, not system owner or ordinary users  Sensitive files are write-protected for integrity and readable only by authorized users  More secure than discretionary access control  Ensures that system security is enforced and tamperproof
Page 31 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 31 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Rule-Based Access Control
Page 32 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 32 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Access Control Lists Linux and OS X • Read, write, execute Permissions • File owners, groups, global users Applied to
Page 33 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 33 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Access Control Lists (cont.) Windows •Full, change, read, deny Share permissions •Full, modify, list folder contents, read-execute, read, write, special, deny Security permissions
Page 34 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 34 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. An Access Control List
Page 35 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 35 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Role-Based Access Control
Page 36 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 36 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Content-Dependent Access Control
Page 37 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 37 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Constrained User Interface Methods of constraining users Menus Database views Physically constrained user interfaces Encryption
Page 38 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 38 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Other Access Control Models Bell-LaPadula model Biba integrity model Clark and Wilson integrity model Brewer and Nash integrity model
Page 39 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 39 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Brewer and Nash Integrity Model
Page 40 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 40 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Effects of Breaches in Access Control Disclosure of private information Corruption of data Loss of business intelligence Danger to facilities, staff, and systems Damage to equipment Failure of systems and business processes
Page 41 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 41 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Threats to Access Controls  Gaining physical access  Eavesdropping by observation  Bypassing security  Exploiting hardware and software  Reusing or discarding media  Electronic eavesdropping  Intercepting communication  Accessing networks  Exploiting applications
Page 42 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 42 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Effects of Access Control Violations Loss of customer confidence Loss of business opportunities New regulations imposed on the organization Bad publicity More oversight Financial penalties
Page 43 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 43 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Credential and Permissions Management Systems that provide the ability to collect, manage, and use the information associated with access control Microsoft offers Group Policy and Group Policy Objects (GPOs) to help administrators manage access controls
Page 44 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 44 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Centralized and Decentralized Access Control  Centralized authentication, authorization, and accounting (AAA) servers • RADIUS: Most popular; two configuration files • TACACS+: Internet Engineering Task Force (IETF) standard; one configuration file • DIAMETER: Base protocol and extensions • SAML: Open standard based on XML for exchanging both authentication and authorization data
Page 45 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 45 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Decentralized Access Control  Access control is in the hands of the people closest to the system users  Password Authentication Protocol (PAP)  Challenge-Handshake Authentication Protocol (CHAP)  Mobile device authentication, Initiative for Open Authentication (OATH) • HMAC-based one-time password (HOTP) • Time-based one-time password (TOTP)
Page 46 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 46 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Privacy  Communicate expectations for privacy in acceptable use policies (AUPs) and logon banners  Monitoring in the workplace includes: • Opening mail or email • Using automated software to check email • Checking phone logs or recording phone calls • Checking logs of web sites visited • Getting information from credit-reference agencies • Collecting information through point-of-sale (PoS) terminals • Recording activities on closed-circuit television (CCTV)
Page 47 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 47 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Cloud Computing Category Description Private All components are managed for a single organization. May be managed by the organization or by a third-party provider. Community Components are shared by several organizations and managed by one of the participating organizations or by a third party. Public Available for public use and managed by third-party providers. Hybrid Contains components of more than one type of cloud, including private, community, and public clouds.
Page 48 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 48 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Advantages/Disadvantages of Cloud Computing  No need to maintain a data center  No need to maintain a disaster recovery site  Outsourced responsibility for performance and connectivity  On-demand provisioning  More difficult to keep private data secure  Greater danger of private data leakage  Demand for constant network access  Client needs to trust the outside vendor Advantages Disadvantages
Page 49 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 49 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary  Access control concepts and technologies  Formal models of access control  How identity is managed by access control  Developing and maintaining system access controls

Recommended

Hacking3e ppt ch04
Hacking3e ppt ch04Hacking3e ppt ch04
Hacking3e ppt ch04Skillspire LLC
 
Hacking3e ppt ch11
Hacking3e ppt ch11Hacking3e ppt ch11
Hacking3e ppt ch11Skillspire LLC
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03Skillspire LLC
 
Hacking3e ppt ch01
Hacking3e ppt ch01Hacking3e ppt ch01
Hacking3e ppt ch01Skillspire LLC
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10Skillspire LLC
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15Skillspire LLC
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09Skillspire LLC
 
Hacking3e ppt ch13
Hacking3e ppt ch13Hacking3e ppt ch13
Hacking3e ppt ch13Skillspire LLC
 

Recommended

Hacking3e ppt ch04
Hacking3e ppt ch04Hacking3e ppt ch04
Hacking3e ppt ch04Skillspire LLC
 
Hacking3e ppt ch11
Hacking3e ppt ch11Hacking3e ppt ch11
Hacking3e ppt ch11Skillspire LLC
 
Funsec3e ppt ch03
Funsec3e ppt ch03Funsec3e ppt ch03
Funsec3e ppt ch03Skillspire LLC
 
Hacking3e ppt ch01
Hacking3e ppt ch01Hacking3e ppt ch01
Hacking3e ppt ch01Skillspire LLC
 
Hacking3e ppt ch10
Hacking3e ppt ch10Hacking3e ppt ch10
Hacking3e ppt ch10Skillspire LLC
 
Hacking3e ppt ch15
Hacking3e ppt ch15Hacking3e ppt ch15
Hacking3e ppt ch15Skillspire LLC
 
Hacking3e ppt ch09
Hacking3e ppt ch09Hacking3e ppt ch09
Hacking3e ppt ch09Skillspire LLC
 
Hacking3e ppt ch13
Hacking3e ppt ch13Hacking3e ppt ch13
Hacking3e ppt ch13Skillspire LLC
 
Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02Skillspire LLC
 
Hacking3e ppt ch06
Hacking3e ppt ch06Hacking3e ppt ch06
Hacking3e ppt ch06Skillspire LLC
 
Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14Skillspire LLC
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03Skillspire LLC
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch10
Funsec3e ppt ch10Funsec3e ppt ch10
Funsec3e ppt ch10Skillspire LLC
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06Skillspire LLC
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
Forensic3e ppt ch07
Forensic3e ppt ch07Forensic3e ppt ch07
Forensic3e ppt ch07Skillspire LLC
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch13
Funsec3e ppt ch13Funsec3e ppt ch13
Funsec3e ppt ch13Skillspire LLC
 
Funsec3e ppt ch07
Funsec3e ppt ch07Funsec3e ppt ch07
Funsec3e ppt ch07Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Dr. Ahmed Al Zaidy
 
cryptography.pptx
cryptography.pptxcryptography.pptx
cryptography.pptxMhndHTaani
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Dr. Ahmed Al Zaidy
 

More Related Content

What's hot

Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02Skillspire LLC
 
Hacking3e ppt ch06
Hacking3e ppt ch06Hacking3e ppt ch06
Hacking3e ppt ch06Skillspire LLC
 
Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14Skillspire LLC
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03Skillspire LLC
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch10
Funsec3e ppt ch10Funsec3e ppt ch10
Funsec3e ppt ch10Skillspire LLC
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06Skillspire LLC
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
Forensic3e ppt ch07
Forensic3e ppt ch07Forensic3e ppt ch07
Forensic3e ppt ch07Skillspire LLC
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch13
Funsec3e ppt ch13Funsec3e ppt ch13
Funsec3e ppt ch13Skillspire LLC
 
Funsec3e ppt ch07
Funsec3e ppt ch07Funsec3e ppt ch07
Funsec3e ppt ch07Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Dr. Ahmed Al Zaidy
 

What's hot (20)

Hacking3e ppt ch02
Hacking3e ppt ch02Hacking3e ppt ch02
Hacking3e ppt ch02
 
Hacking3e ppt ch06
Hacking3e ppt ch06Hacking3e ppt ch06
Hacking3e ppt ch06
 
Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
 
Funsec3e ppt ch10
Funsec3e ppt ch10Funsec3e ppt ch10
Funsec3e ppt ch10
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 Aitp
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
 
Forensic3e ppt ch07
Forensic3e ppt ch07Forensic3e ppt ch07
Forensic3e ppt ch07
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
Funsec3e ppt ch13
Funsec3e ppt ch13Funsec3e ppt ch13
Funsec3e ppt ch13
 
Funsec3e ppt ch07
Funsec3e ppt ch07Funsec3e ppt ch07
Funsec3e ppt ch07
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
 

Similar to Funsec3e ppt ch05

cryptography.pptx
cryptography.pptxcryptography.pptx
cryptography.pptxMhndHTaani
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Dr. Ahmed Al Zaidy
 
info-sys-security3.pptx
info-sys-security3.pptxinfo-sys-security3.pptx
info-sys-security3.pptxMhndHTaani
 
Dr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptxDr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptxMhndHTaani
 
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Dr. Ahmed Al Zaidy
 
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Leinylson Fontinele
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionMike Wons
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Dr. Ahmed Al Zaidy
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
Access Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxAccess Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxdaniahendric
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
 
info-sys-security.pptx
info-sys-security.pptxinfo-sys-security.pptx
info-sys-security.pptxMhndHTaani
 
PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfHajeJanKamps
 
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Dr. Ahmed Al Zaidy
 
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxdaniahendric
 
2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy managementTrustArc
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 

Similar to Funsec3e ppt ch05 (20)

cryptography.pptx
cryptography.pptxcryptography.pptx
cryptography.pptx
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
 
info-sys-security3.pptx
info-sys-security3.pptxinfo-sys-security3.pptx
info-sys-security3.pptx
 
Dr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptxDr_Kamal_ch01.pptx
Dr_Kamal_ch01.pptx
 
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
 
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso...
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Access Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxAccess Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docx
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
 
info-sys-security.pptx
info-sys-security.pptxinfo-sys-security.pptx
info-sys-security.pptx
 
PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdf
 
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
 
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
 
2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management2019 09-26 leveraging the power of automated intelligence for privacy management
2019 09-26 leveraging the power of automated intelligence for privacy management
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 

More from Skillspire LLC

Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analyticsSkillspire LLC
 
Review version 4
Review version 4Review version 4
Review version 4Skillspire LLC
 
Review version 3
Review version 3Review version 3
Review version 3Skillspire LLC
 
Review version 2
Review version 2Review version 2
Review version 2Skillspire LLC
 

More from Skillspire LLC (20)

Logistics
LogisticsLogistics
Logistics
 
Introduction to analytics
Introduction to analyticsIntroduction to analytics
Introduction to analytics
 
Lecture 31
Lecture 31Lecture 31
Lecture 31
 
Lecture 30
Lecture 30Lecture 30
Lecture 30
 
Lecture 29
Lecture 29Lecture 29
Lecture 29
 
Review
ReviewReview
Review
 
Review version 4
Review version 4Review version 4
Review version 4
 
Review version 3
Review version 3Review version 3
Review version 3
 
Review version 2
Review version 2Review version 2
Review version 2
 
Lecture 25
Lecture 25Lecture 25
Lecture 25
 
Lecture 24
Lecture 24Lecture 24
Lecture 24
 
Lecture 23 p1
Lecture 23 p1Lecture 23 p1
Lecture 23 p1
 
Lecture 21
Lecture 21Lecture 21
Lecture 21
 
Lecture 17
Lecture 17Lecture 17
Lecture 17
 
Lecture 16
Lecture 16Lecture 16
Lecture 16
 
Lecture 15
Lecture 15Lecture 15
Lecture 15
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Lecture 14
Lecture 14Lecture 14
Lecture 14
 
Lecture 13
Lecture 13Lecture 13
Lecture 13
 
Lecture 12
Lecture 12Lecture 12
Lecture 12
 

Recently uploaded

Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 

Recently uploaded (20)

Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 

Funsec3e ppt ch05

  • 1. © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security Lesson 5 Access Controls
  • 2. Page 2 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective(s)  Explain the role of access controls in an IT infrastructure.
  • 3. Page 3 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts  Access control concepts and technologies  Formal models of access control  How identity is managed by access control  Developing and maintaining system access controls
  • 4. Page 4 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Defining Access Control The process of protecting a resource so that it is used only by those allowed to Prevents unauthorized use Mitigations put into place to protect a resource from a threat
  • 5. Page 5 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Four Parts of Access Control Access Control Component Description Identification Who is asking to access the asset? Authentication Can their identities be verified? Authorization What, exactly, can the requestor access? And what can they do? Accountability How are actions traced to an individual to ensure the person who makes data or system changes can be identified?
  • 6. Page 6 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Policy Definition and Policy Enforcement Phases  Policy definition phase—Who has access and what systems or resources they can use • Tied to the authorization phase  Policy enforcement phase—Grants or rejects requests for access based on the authorizations defined in the first phase • Tied to identification, authentication, and accountability phases
  • 7. Page 7 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Two Types of Access Controls •Controls entry into buildings, parking lots, and protected areas Physical •Controls access to a computer system or network Logical
  • 8. Page 8 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Physical Access Control Smart cards are an example Programmed with ID number Used at parking lots, elevators, office doors Shared office buildings may require an additional after hours card Cards control access to physical resources
  • 9. Page 9 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Logical Access Control Deciding which users can get into a system Monitoring what each user does on that system Restraining or influencing a user’s behavior on that system
  • 10. Page 10 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Security Kernel Enforces access control for computer systems Central point of access control Implements the reference monitor concept
  • 11. Page 11 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Enforcing Access Control
  • 12. Page 12 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Access Control Policies •People who use the system or processes (subjects) Users •Protected objects in the system Resources •Activities that authorized users can perform on resources Actions •Optional conditions that exist between users and resources Relationships Four central components of access control:
  • 13. Page 13 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Logical Access Control Solutions Logical Controls Solutions Biometrics • Static: Fingerprints, iris granularity, retina blood vessels, facial features, and hand geometry • Dynamic: Voice inflections, keyboard strokes, and signature motions Tokens • Synchronous or asynchronous • Smart cards and memory cards Passwords • Stringent password controls for users • Account lockout policies • Auditing logon events Single sign-on • Kerberos process • Secure European System for Applications in a Multi-Vendor Environment (SESAME)
  • 14. Page 14 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authorization Policies
  • 15. Page 15 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Methods and Guidelines for Identification Methods Guidelines • Username • Smart card • Biometrics • Actions • Accounting
  • 16. Page 16 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authentication Types ď‚•Something you know Knowledge • Something you have Ownership • Something unique to you Characteristics • Somewhere you are Location • Something you do/how you do it Action
  • 17. Page 17 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authentication by Knowledge Password • Weak passwords easily cracked by brute-force or dictionary attack • Password best practices Passphrase • Stronger than a password  Account lockout policies  Audit logon events
  • 18. Page 18 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authentication by Ownership  Synchronous token—Calculates a number at both the authentication server and the device • Time-based synchronization system • Event-based synchronization system • Continuous authentication  Asynchronous token • USB token • Smart card • Memory cards (magnetic stripe)
  • 19. Page 19 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Asynchronous Token Challenge- Response
  • 20. Page 20 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authentication by Characteristics/Biometrics
  • 21. Page 21 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Concerns Surrounding Biometrics
  • 22. Page 22 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 22 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Biometrics Fingerprint Palm print Hand geometry Retina scan Iris scan Facial recognition Voice pattern Keystroke dynamics Signature dynamics
  • 23. Page 23 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 23 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Authentication by Location and Action Location • Strong indicator of authenticity • Additional information to suggest granting or denying access to a resource Action • Stores the patterns or nuances of how you do something • Record typing patterns
  • 24. Page 24 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 24 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Single Sign-On (SSO) Sign on to a computer or network once Identification and authorization credentials allow user to access all computers and systems where authorized Reduces human error Difficult to put in place
  • 25. Page 25 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 25 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. SSO Processes Kerberos Secure European System for Applications in a Multi-Vendor Environment (SESAME) Lightweight Directory Access Protocol (LDAP)
  • 26. Page 26 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 26 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Policies and Procedures for Accountability Log files Monitoring and reviews Data retention Media disposal Compliance requirements
  • 27. Page 27 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 27 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Formal Models of Access Control Discretionary access control (DAC) Mandatory access control (MAC) Nondiscretionary access control Rule-based access control
  • 28. Page 28 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 28 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Discretionary Access Control Operating systems-based DAC policy considerations • Access control method • New user registration • Periodic review Application-based DAC Permission levels
  • 29. Page 29 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 29 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Mandatory Access Control Determine the level of restriction by how sensitive the resource is (classification label) System and owner make the decision to allow access Temporal isolation/time-of-day restrictions MAC is stronger than DAC
  • 30. Page 30 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 30 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Nondiscretionary Access Control  Access rules are closely managed by security administrator, not system owner or ordinary users  Sensitive files are write-protected for integrity and readable only by authorized users  More secure than discretionary access control  Ensures that system security is enforced and tamperproof
  • 31. Page 31 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 31 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Rule-Based Access Control
  • 32. Page 32 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 32 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Access Control Lists Linux and OS X • Read, write, execute Permissions • File owners, groups, global users Applied to
  • 33. Page 33 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 33 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Access Control Lists (cont.) Windows •Full, change, read, deny Share permissions •Full, modify, list folder contents, read-execute, read, write, special, deny Security permissions
  • 34. Page 34 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 34 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. An Access Control List
  • 35. Page 35 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 35 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Role-Based Access Control
  • 36. Page 36 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 36 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Content-Dependent Access Control
  • 37. Page 37 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 37 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Constrained User Interface Methods of constraining users Menus Database views Physically constrained user interfaces Encryption
  • 38. Page 38 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 38 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Other Access Control Models Bell-LaPadula model Biba integrity model Clark and Wilson integrity model Brewer and Nash integrity model
  • 39. Page 39 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 39 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Brewer and Nash Integrity Model
  • 40. Page 40 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 40 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Effects of Breaches in Access Control Disclosure of private information Corruption of data Loss of business intelligence Danger to facilities, staff, and systems Damage to equipment Failure of systems and business processes
  • 41. Page 41 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 41 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Threats to Access Controls  Gaining physical access  Eavesdropping by observation  Bypassing security  Exploiting hardware and software  Reusing or discarding media  Electronic eavesdropping  Intercepting communication  Accessing networks  Exploiting applications
  • 42. Page 42 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 42 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Effects of Access Control Violations Loss of customer confidence Loss of business opportunities New regulations imposed on the organization Bad publicity More oversight Financial penalties
  • 43. Page 43 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 43 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Credential and Permissions Management Systems that provide the ability to collect, manage, and use the information associated with access control Microsoft offers Group Policy and Group Policy Objects (GPOs) to help administrators manage access controls
  • 44. Page 44 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 44 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Centralized and Decentralized Access Control  Centralized authentication, authorization, and accounting (AAA) servers • RADIUS: Most popular; two configuration files • TACACS+: Internet Engineering Task Force (IETF) standard; one configuration file • DIAMETER: Base protocol and extensions • SAML: Open standard based on XML for exchanging both authentication and authorization data
  • 45. Page 45 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 45 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Decentralized Access Control  Access control is in the hands of the people closest to the system users  Password Authentication Protocol (PAP)  Challenge-Handshake Authentication Protocol (CHAP)  Mobile device authentication, Initiative for Open Authentication (OATH) • HMAC-based one-time password (HOTP) • Time-based one-time password (TOTP)
  • 46. Page 46 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 46 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Privacy  Communicate expectations for privacy in acceptable use policies (AUPs) and logon banners  Monitoring in the workplace includes: • Opening mail or email • Using automated software to check email • Checking phone logs or recording phone calls • Checking logs of web sites visited • Getting information from credit-reference agencies • Collecting information through point-of-sale (PoS) terminals • Recording activities on closed-circuit television (CCTV)
  • 47. Page 47 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 47 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Cloud Computing Category Description Private All components are managed for a single organization. May be managed by the organization or by a third-party provider. Community Components are shared by several organizations and managed by one of the participating organizations or by a third party. Public Available for public use and managed by third-party providers. Hybrid Contains components of more than one type of cloud, including private, community, and public clouds.
  • 48. Page 48 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 48 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Advantages/Disadvantages of Cloud Computing  No need to maintain a data center  No need to maintain a disaster recovery site  Outsourced responsibility for performance and connectivity  On-demand provisioning  More difficult to keep private data secure  Greater danger of private data leakage  Demand for constant network access  Client needs to trust the outside vendor Advantages Disadvantages
  • 49. Page 49 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 49 Fundamentals of Information Systems Security © 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary  Access control concepts and technologies  Formal models of access control  How identity is managed by access control  Developing and maintaining system access controls