-
Three main access control methods
- Mandatory Access Control
- Discretionary Access Control
- Role-Based Access Control
-
Mandatory Access Control (MAC)
-Static model that uses predefined set of access privileges for files on the system
- -In a MACenvironment, the System Administrator is responsible for assigning sensitivity
- or security labels, users cannot share resources dynamically
-
Discretionary Access Control (DAC)
• In this environment, every file has an owner who has complete control of that file.
- •The owner is responsible for granting access and assigning rights. Users are granted rights
- explicitly.
- •This systems uses Access Control Lists to determine who has what rights to a file, process,
- and/or system.
-
Role Based Access Control (RBAC)
•This access control methodology is based on roles a user has in his organization.
- •Every role is given access rights to a set of objects. A great way of providing access
- control in a place where high turnover is an issue.
- In this environment one cannot pass access permissions on to other users at own
- discretion, its all based on the role each individual is in
-
Biometrics
•Most secure form of authentication
•Most costly method of implementing Authentication
- •Identify the user by scanning unique physical attributes of a user:
- Ex.
- •Fingerprint
•Retina Scan
•Palm Scan
-
Multifactor
Two or more authentication methods used together
-
Mutual
•Client authenticates to server, and server authenticates to client
- •Not implemented on a larger scale due to cost and complexity of having users obtaining and
- using certificates
-
Challenge Handshake Authentication protocol (CHAP)
Based on a shared secret between authenticator and user. Upon initial contact a three way handshake takes place.
- Handshake constsist of
- •ChallengePacket (System to User)
- •Response Packet(User to System) 0
- •Success or failure packet (System to User)
-
Kerberos
- Guards a network with three elements
- Authentication
- Accounting
- Auditing
|
|
