Access Control Models

1731 Words7 Pages
ACCESS CONTROL MODELS An access control model is a framework that dictates how subjects access objects. There are three main types of access control model mandatory access control, discretionary access control and role-based access control. Discretionary (DAC) The creator of a file is the ‘owner’ and can grant ownership to others. Access control is at the discretion of the owner. Most common implementation is through access control lists. Discretionary access control is required for the Orange Book “C” Level. Mandatory (MAC) Much more structured. Is based on security labels and classifications. Access decisions are based on clearance level of the data and clearance level of the user, and, classification of the object. Rules are made…show more content…
Network architecture – Logical controls can provide segregation and protection of an environment. I/P address ranges, subnets, routing between networks, etc. Network Access – Logical network access controls – routers, switches, NICs, bridges. Encryption and Protocols Control Zone – Technical and physical control. Surrounds and protects network devices that emit electrical signals. TEMPEST related. Access Control Types Each control method can also perform different functionality. The functionality types are Preventative Detective Corrective Deterrent Recovery Compensating For example Preventative-Administrative Policies and procedures, effective hiring practices, background checks, data classification, security awareness training. Preventative-Physical Biometrics, badges, swipe cards, guards, dogs, motion detectors, fences, mantraps, locks and alarms. Preventative-Technical Passwords, biometrics, smart cards, encryption, call-back systems, database views, antivirus software, ACLs, firewalls, IDS Auditing Accountability Auditing capabilities ensure that users are held accountable for their actions, verify that policies are enforced, deter improper actions and are an investigative tool. There are 3 main types of audit tool Audit reduction Variance detection Attack-signature detection Audit data must be protected from unauthorized viewing and
Open Document