1. Trang chủ
  2. » Công Nghệ Thông Tin

cissp access control part II

23 362 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 23
Dung lượng 4,15 MB

Các công cụ chuyển đổi và chỉnh sửa cho tài liệu này

Nội dung

REMEMBER: CONTROL TYPESNOT HER CORRECTIVE PREVENTIVE DETECTIVE IT’S RIGHTPHOTOSHOP REMOVED... ∗ Preventive: firewall, ips, content-filtering, anti-x, access control matrix/rights, encry

Trang 2

• 3 CONTROLS

• 6 CONTROL TYPES

• COMMON MODELS

Trang 6

∗ DAC / MAC / RBAC:

∗ DAC  based on owner  access permission

∗ MAC  based on clearance  need to know

∗ RBAC  based on role

∗ Non RBAC: user  app1, app2

∗ Limited RBAC, user  app1  roleA, user  app2

∗ Hybrid: user  roleA  app1 + app2, user  app3  role

∗ Full: user  roleA  app1 + app2 + app3.

∗ ABAC (Attribute Based Access Control) *

REMEMBER: METHOD

Trang 7

REMEMBER: CONTROL TYPES

NOT HER

CORRECTIVE

PREVENTIVE

DETECTIVE

IT’S RIGHTPHOTOSHOP

REMOVED

Trang 8

∗ Preventive: firewall, ips, content-filtering, anti-x, access control matrix/rights, encryption, baseline, locks…

∗ Detective: ids, logs, monitor, anti-x, audit, log-review, SIEM

∗ Deterrence: sign (banner: will be monitored, no entry …)

∗ Corrective: backup/restore, load-balance, DRP…

∗ Recovery: focus restore process

∗ Compensative: change to new effective control

REMEMBER CONTROL TYPE

Trang 9

∗ Access Control risks/threats

∗ Disclosure of information

∗ Discuss 

Continue in part II

Trang 10

FIRST LINE DEFENSE

Trang 11

FIRST LINE DEFENSE (Cont)

WORK

Trang 12

FIRST LINE DEFENSE

PIGGY BACK

Trang 13

FIRST LINE DEFENSE

• Registered users checking

• BYOD controls

• Logs

TRUST BUT VERIFY

Trang 14

FIRST LINE DEFENSE

usernamepassword

Check

Information Disclousureinjection

Trang 15

FIRST + A HALF LINE DEFENSE 

This ID is used to perform administrative tasks

Warning and notify Monitors and logs

Trang 16

SECOND LINE DEFENSE

MISCONFIGURE WILL BE DANGEROUS BECAUSE OF HIGHEST PRIVILEGES

Trang 17

SECOND LINE DEFENSE

Virtual, at least privileges Defined Role

REMEMBER: SEPARATION OF DUTIES AND INHERITANCE OF PREVIOUS CONFIGURE

Trang 18

SECOND LINE DEFENSE

MUST PREVENT MOBILE CODE, SPOOF

(SIGNED…)

Trang 21

Delegated Access Rights

Addition Rules

Services

Grant/Den

y

Access Control Matrix (List)

AUTHORIZATION *

• Access Control Matrix:

clearances, check permissions…

• Services Grant/Deny: control sessions grant; time to re-check

• Addition rules: check some exception or explicit rules

Trang 22

COMBINE RBAC + ABAC

Trang 23

PLEASE ASK QUESTIONS!!!

IF YOU DON’T HAVE ANY QUESTONS, I WILL RAISE MY

QUESTIONS

Ngày đăng: 04/05/2017, 15:37

Xem thêm

TỪ KHÓA LIÊN QUAN

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN