Académique Documents
Professionnel Documents
Culture Documents
4/10/12
Authentication controls
focuses on verifying the identity of the person or device attempting to access the system objected to ensure that only legitimate users can access the system users can be authenticated by verifying : 4/10/12
Authorization controls
resticts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform this controls are implemented by creating an access control matrix, a table specifying which portions of the system users are permitted and what actions they can perform
4/10/12
compatibility test : matches the users authentication credentials against the access control matrix this test is used to determine whether that employee should be allowed to access that resource and perform the requested action.
4/10/12
Codes for File Access Code for Program Access 0 = No Access 0 = No Access 1 = Read/display only 1 = Execute 2 = Read/display and update 3 = Read/display, update, create, and delete
4/10/12
Training
- Social engineering attacks : using of a deception to obtain unauthorized access to information resources
4/10/12
4/10/12
border route connects an organizations information system to the internet firewall is a special purpose hardware/software running on a general purpose computer DMZ (demilitarized zone) is a separate network that permits 4/10/12
Transmission control protocol specifies the procedures for dividing files and documents into packets to be sent over the internet and the methods for reassembly the original file in the destination Internet protocol specifies the structure of those packets and how to route them to the proper destination 4/10/12
Filtering packets
Access control list (ACL) determines which packets are allowed entry and which are dropped Static packet filtering screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header Stateful packet filtering maintains a 4/10/12 table that lists all established
The process on which the firewall examines the data in the body of an IP packet in effective way IPS/ intrusion prevention systems are designed to identify and drop packets that are part of an attack. It becomes the heart deep packet inspection of a new type filter
4/10/12
Defense-in-depth
How to achieve: integrate physical and remote access control systems. This would identify situations likely to represent security breaches
4/10/12
Dial-up Connections
RADIUS = Remote Authentication Dial-In User Service ; is a standard method for doing the verification of users identity attempting to obtain dial-in access
4/10/12