Discretionary Access Control: Means of restricting access to objects based on the indentity of subjects and/or groups to which they belong
-owner of a file can specify what permissions members in the same group can have & also what permissions all others can have
- ACLs are common mechanisms used to implement DAC
"At the users discretion"
MAC in regards to ACL
Mandatory Access Control: means of restricting access based on sensitivity(as represented by labels) of the info contained in the objects & the formal authoriazation of subjects to access info of such sensitivity.
-e.g. Secret, Top Secret
RBAC - Role
Role Based AC: Based on the user's ROLE. Permissions are granted based on terms of specific duties they must perform - not according to a security classification associated with individual objects
RBAC - Rule
Rule Based AC: Uses ACLs to determine whether access should be granted by a series of RULES.
-e.g. No employee may access payroll files on weekends
-can be used in additionto MAC & others
Hardening of the OS
Methods used to strengthen OS & to eliminate possible avenues through which attacks can be launched.
-e.g. Windows Updates
Program designed to prevent damage caused by various types of malicious software
Host - Based IDS
Host-Based Intrusion Detection Systems: Devices designed to determine whether an intruder has penetrated a computer system or network.
Authentication: The "A" of CIA-AN
An individual is who they claim to be. Expanded in Chap 1
Availability- The "A" of CIA-AN
To ensure that the data, or system itself, is available for use when the authenticated user wants it.
Integrity- The "I" of CIA-AN
Related to Confidentiality- modification of data.
-Only authenticated individuals should be able to change or delete info
Confidentiality: "C" of CIA-AN
Confidentiality: Ensures that only those indviduals who have the authority to view a piece of info may do so.
CIA of Security - CIA-AN
AN: Added due to communication such as email
DAC : Discretionary Access Control(AC)
MAC : Mandatory AC
RBAC : Role-Based AC
RBAC : Rule-Based AC
By rotating through jobs, individuals gain a better perspective of how the various parts of IT can enhance (or hinder) business.
Operational Model of Security
Protection = Prevention + (Detection + Response)
Protection = P + (D + R)
Every security technique & technology falls into @ least one of the three elements of the equation.
Focus on protecting each computer and device individually
- Bastion Hosts
- Host-Based IDS
- Hardening of the OS
Emphasis is placed on controlling access to internal computers from external entities.