Card Set Information
Three main access control methods
Mandatory Access Control
Discretionary Access Control
Role-Based Access Control
Mandatory Access Control (MAC)
-Static model that uses predefined set of access privileges for files on the system
In a MACenvironment, the System Administrator is responsible for assigning sensitivity
or security labels, users cannot share resources dynamically
Discretionary Access Control (DAC)
• In this environment, every file has an owner who has complete control of that file.
•The owner is responsible for granting access and assigning rights. Users are granted rights
•This systems uses Access Control Lists to determine who has what rights to a file, process,
Role Based Access Control (RBAC)
•This access control methodology is based on roles a user has in his organization.
•Every role is given access rights to a set of objects. A great way of providing access
control in a place where high turnover is an issue.
In this environment one cannot pass access permissions on to other users at own
discretion, its all based on the role each individual is in
•Most secure form of authentication
•Most costly method of implementing Authentication
•Identify the user by scanning unique physical attributes of a user:
Two or more authentication methods used together
•Client authenticates to server, and server authenticates to client
•Not implemented on a larger scale due to cost and complexity of having users obtaining and
Challenge Handshake Authentication protocol (CHAP)
Based on a shared secret between authenticator and user. Upon initial contact a three way handshake takes place.
Handshake constsist of
•ChallengePacket (System to User)
•Response Packet(User to System) 0
•Success or failure packet (System to User)
Guards a network with three elements