ACCESS-CONTROL SYSTEMS AND METHODOLOGY

  1. Identification (the process of claiming to be a certain person), authentication (the process of determining the legitimacy of a user or process), and authorization (granting access to a subject or an object after the object has been properly identified and authenticated) are access-control methods.

  2. Authentication is typically verified through the use of a password, tokens, or biometrics.

  3. Biometric systems include

    FRR The False Rejection Rate or Type I Error is the percentage of valid users who are falsely rejected.

    FAR The False Acceptance Rate or Type II Error is the percentage of invalid users who are falsely accepted.

    CER The Crossover Error Rate is the point at which the False Rejection Rate equals the False Acceptance Rate.

  4. One-time passwords are used only once and are valid for only a short period of time; they are usually provided by a token device.

  5. Single sign-on allows a user to enter credentials one time to access all resources.

  6. Kerberos and SESAME are two examples of single sign-on systems.

  7. Centralized access control such as RADIUS, TACACS, and DIAMETER can be used to maintain user IDs, rights, and permissions in one central location.

  8. Attacks on access control can come in the form of DoS attacks.

    Ping of death Employs an oversize IP packet

    Smurf Sends a message to the broadcast address of a subnet or network so that every node on the network produces one or more response packets

    Syn flood Sends TCP connection requests faster than a machine can process them

    Trinoo A DDoS tool that can launch UDP flood attacks from various channels on a network

  9. Data access controls are established to control how subjects can access data. Common types include the following:

    The DAC model is so titled because the user controls who has access to the system he maintains.

    The MAC model uses the system rather than the user to who has access. The MAC model is typically used by organizations that handle highly sensitive data.

    RBAC models place users into groups to maintain access. These are used extensively by banks and other organizations.

Related

Категории