Access Control Concepts Flashcards
Discretionary access controls
DACs are not very scalable; they rely on the access control decisions made by each individual object owner, and it can be difficult to find the source of access control issues when problems occur.
Types of logical controls
Biometrics
Passwords
Badge readers
Types of physical access controls
Man traps
Turnstiles
Crime Prevention Through Environmental Design (CPTED)
Biometrics
Crime Prevention through Environmental Design (CPTED)
By directing the flow of people, using passive techniques to signal who should and should not be in a space and providing visibility to otherwise hidden spaces, the likelihood that someone will commit a crime in that area decreases.
Access is based on three elements:
Subjects, Objects, and Rules
Subjects - defined as any entity that requests access to our assets. The entity requesting access may be a user, a client, a process or a program, for example. A subject is the initiator of a request for service; therefore, a subject is referred to as “active.”
A subject:
Is a user, a process, a procedure, a client (or a server), a program, a device such as an endpoint, workstation, smartphone or removable storage device with onboard firmware.
Is active: It initiates a request for access to resources or services.
Requests a service from an object.
Should have a level of clearance (permissions) that relates to its ability to successfully access services or resources.
Objects - By definition, anything that a subject attempts to access
An object:
Is a building, a computer, a file, a database, a printer or scanner, a server, a communications resource, a block of memory, an input/output port, a person, a software task, thread or process.
Is anything that provides service to a user.
Is passive.
Responds to a request.
May have a classification.
Rules - an instruction developed to allow or deny access to an object by comparing the validated identity of the subject to an access control list.
A rule can:
Compare multiple attributes to determine appropriate access.
Allow access to an object.
Define how much access is allowed.
Deny access to an object.
Apply time-based access.