CISSP - access control
IS objectives:
Confidentiality
Integrity
Availability
Access control principles:
Policy
Separation of duties
Least privilege
Need to know
Compartmentalization
Security domain
Change control process:
Defined, approved, tested, applied, verified, deployed, audited, documented
Access control:
Categories:
Directives
Deterrent
Preventative
Detective
Corrective
Recovery
Compensating
Types:
Administrative
Technical
Physical
System access control strategies:
Identification - uniqueness
Authentication - validity
Authorization - control
Identification - user ID, badge, IP, account no, email address, MAC address
Authentication -
By knowledge - who know
By possession - who have
By characteristic - who u are
Password - by knowledge , standard word, combination word, complex word
Passphase - longer to enter, easier to remember
Possession - token, memory card, smart card
Characteristic - biometrics, voice pattern, keystroke , signature,
false reject - type I - authorized user falsely rejected.
False accept - type II - unauthorized user falsely accepted
Crossover Error Rate - CER
Data access control:
Discretionary access control - by data owner o files
Mandatory access control - by system - clearance of user and classification of data
Nondiscretionary access control - by administrator to files
Access control List (ACL) - keyword pattern + action
Access control matrix = ACL in table form
Access control ways
Rule-based - DAC
Role based - DAC or MAC
Content dependent - logical structure of data. Eg. View payroll of own staff
Constrain user interface - menus, views, encryption, physically constrained. Eg. ATM.
Capability tables - match user sujects, capabilities, system objects, ability to use the capabilities
Temporal/time-based isolation
IDS: monitoring and audit technology
detect activities, warn users, do not take action, informative by nature
IPS: access control and policy enforcement
monitor + proactive preventative action
Respond in real time, enforce policy
Problems: false positives, false negatives : operational risk
NIDS vs HIDS
Pattern matching (signature analysis) -
Only for known attacks
Changing packets slightly can skip detect
Regular updates required
Anomaly based - (behavior identification)
Multiple failed login
User logged in at strange hours
Unexplained system shutdown or restart
Attempt to access restricted files
More false positives
Can detect new attacks
Confidentiality
Integrity
Availability
Access control principles:
Policy
Separation of duties
Least privilege
Need to know
Compartmentalization
Security domain
Change control process:
Defined, approved, tested, applied, verified, deployed, audited, documented
Access control:
Categories:
Directives
Deterrent
Preventative
Detective
Corrective
Recovery
Compensating
Types:
Administrative
Technical
Physical
System access control strategies:
Identification - uniqueness
Authentication - validity
Authorization - control
Identification - user ID, badge, IP, account no, email address, MAC address
Authentication -
By knowledge - who know
By possession - who have
By characteristic - who u are
Password - by knowledge , standard word, combination word, complex word
Passphase - longer to enter, easier to remember
Possession - token, memory card, smart card
Characteristic - biometrics, voice pattern, keystroke , signature,
false reject - type I - authorized user falsely rejected.
False accept - type II - unauthorized user falsely accepted
Crossover Error Rate - CER
Data access control:
Discretionary access control - by data owner o files
Mandatory access control - by system - clearance of user and classification of data
Nondiscretionary access control - by administrator to files
Access control List (ACL) - keyword pattern + action
Access control matrix = ACL in table form
Access control ways
Rule-based - DAC
Role based - DAC or MAC
Content dependent - logical structure of data. Eg. View payroll of own staff
Constrain user interface - menus, views, encryption, physically constrained. Eg. ATM.
Capability tables - match user sujects, capabilities, system objects, ability to use the capabilities
Temporal/time-based isolation
IDS: monitoring and audit technology
detect activities, warn users, do not take action, informative by nature
IPS: access control and policy enforcement
monitor + proactive preventative action
Respond in real time, enforce policy
Problems: false positives, false negatives : operational risk
NIDS vs HIDS
Pattern matching (signature analysis) -
Only for known attacks
Changing packets slightly can skip detect
Regular updates required
Anomaly based - (behavior identification)
Multiple failed login
User logged in at strange hours
Unexplained system shutdown or restart
Attempt to access restricted files
More false positives
Can detect new attacks
Comments