3 Access Control Flashcards
Physical Access Control
Goals (3)
1 limit access to facilities
2 authenticate employees seeking access
3 tracking visitors and contractors who access the site
CPTED =
Crime Prevention Through Environmental Design
CPTED Goals (3)
1 Natural Surveillance (good visibility)
2 Natural Access Control (gates - funnel)
3 Natural Territory Reinforcement (obvious that an area is closed - signs)
Two-Person Integrity
requires that 2 people must be present to enter a secure area
Two-Person Control
requires concurrence from 2 people to carry out an action
Segregation of Duties
- requires that a single person can’t perform two separate actions, which when combined, might pose a business risk (edit payroll data AND issue checks)
Logical access control =
Account and Privilege Management
Managing the account lifecycle (5 stages)
1 Provisioning new user
2 assigning roles/permissions
3 modifying roles/permissions (for job changes)
4 reviewing access
5 de-provisioning (removing the access) of terminated users
Account Monitoring -things to implement/watch out for (3)
1 Inaccurate Permissions
2 User Account Audit
3 Unauthorized use of permissions
Access Policy Violations red flags (5)
1 impossible travel time logins (home and Eastern Europe)
2 logins from unusual network locations (HR on guest network)
3 unusual time-of-day logins
4 deviations from normal behavior
5 deviations in volume of data transferred
Geofencing
- alerts when a device leaves defined boundaries
2 main benefits of Least Privilege
1 minimizes the potential damage from an insider attack
2 limits the ability of an external attacker to quickly gain privileged access when compromising an employee’s account (unless its a system administrator account)
Access Control Systems/approaches (3)
1 Mandatory Access Control (MAC)
2 Discretionary Access Control (DAC)
3 Role-based Access Control (RBAC)
MAC =
- OS makes decisions by comparing user labels with resource labels
DAC =
- file owners have the discretion to configure user permissions as they see fit
