This website uses cookies to ensure you have the best experience. Learn more

Access Control Policy Essay

1684 words - 7 pages

Associate Level Material
Appendix F

Access Control Policy

Student Name: Charles Williams

University of Phoenix

IT/244 Intro to IT Security

Instructor’s Name: Tarik Lles

Date: December 4, 2011

Access Control Policy

Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems

Access control is used to restrict operations, which authorized users can perform. Access control does exactly what it says, it controls what access an authorized user can have. A reference monitor is used for access control and follows instructions from an authorization database. These authorizations are controlled and ...view middle of the document...

Single sign on, or SSO refers to the ability of a user to only be authenticated once and to be provided authorization to multiple services. This authentication process permits a user to enter one name and password to be able to access all applications he or she has been given rights to and eliminates any further prompts when switching applications during a session. Biometrics is another modern form of authentication. Biometrics uses biological factors of authentication, such as retinal scans, fingerprints, photo-comparison technologies, etc. to authenticate someone. Biometric identification and authentication is considered the most secured. Multifactor authentication is exactly how it sounds. Multifactor authentication refers to using more than one factor to authenticate a user. This form of authentication is more secure than single factor authentication in most cases, and requires a user to be authenticated by using at least two forms of authentication. This may include a password and a fingerprint, or a smart card and a retinal scan. Multifactor authentication usually combines biometrics and another form of authentication.

2 Access control strategy

1 Discretionary access control

Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information.

Discretionary Access Control (DAC) allows each user to control access to his or her own data. Every resource object on a DAC based system has an Access Control List (ACL) associated with it. The ACL contains users and groups who the user has permitted access, along with the level of access for each user or group. As an example, user HY may provide read-only access on one on the files to user J, read and write access on the same file to user L, and full control to any user belonging to group two. Using DAC, a user can only set access permissions for resources he or she already own, so user A cannot change the access control for a file owned by user F, but user A can set access permissions on a file that he or she owns. It is also possible under some operating systems for the network or system administrator to dictate which permissions users are allowed to set in the ACL’s of the resources. Discretionary Access Control has a more flexible environment than Mandatory Access Control, but also increases the risk that data will be made accessible to users who should not gain access. Understanding permissions about the security of file servers on the network will increase network security (Bushmiller, 2011).

2 Mandatory access control

Describe how and why mandatory access control will be used.

Mandatory Access Control (MAC) uses a hierarchy approach to control access to resources, such as data files. The system...

Other Papers Like Access Control Policy

Unit 4 Assignment 1: Enhance an Existing It Security Policy Framework

698 words - 3 pages connection options, including how to order or disconnect service, cost comparisons, troubleshooting, etc., go to the Remote Access Services website. 4.1 Requirements 4.1.1 Secure remote access must be strictly controlled. Control will be enforced via one-time password authentication or public/private keys with strong pass-phrases. For information on creating a strong pass-phrase see the Password Policy. 4.1.2 At no time should any Richman

Access Control Methods for Companies Essay

614 words - 3 pages control mechanism for most desktop operating systems. Which is appropriate for the company because they are desktop dependant. This allows for enforcement of a good security policy. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones. For this scenario I would implement Role Based/ Software controls. With software controls you can determine who has the

Let1

333 words - 2 pages After examining the incident, there are some key things that stick out as major risks, these include: • Accounts existed before EHR system was deployed. • Accounts were undocumented. • Non Authorized remote users had access to the EHR application. • Undocumented account was created/added to a new system. • Method or Vulnerability to gain privilege escalation outside of change control policy. This led me to propose three policies

Whatever Works

956 words - 4 pages Kevin Cromer Unit 3 Assignment 1 Richmond Corporate Remote Access Policy 1.0 Purpose The purpose of this policy is to define standards for connecting to the Richmond corporate network from any remote host. These standards are designed to minimize the potential exposure to the Corporation from damages which may result from unauthorized use

Unit 6 Assignment 6.3

602 words - 3 pages securing data, the first step is to apply an access control policy by creating an access control list (ACL) to help control and manage rights of the data and audits to data access. Using Active Directory in the MS server environment is ideal because a company could easily manage these ACLs that define access for a particular user, group, or system. Within the ACL there are a collection of access control entities (ACE), the three main types are access

Is3230 Lab 1

674 words - 3 pages passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)". 2. Why would you add permissions into a group instead of the individual? What policy definition do you think is required to support this type of access control implementation? Adding permissions in a group is a lot more resourceful and less time consuming via individually. Group Policies 3. List the 5 different access

Is404 Week 1 Lab

1109 words - 5 pages Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong

Access Control

1625 words - 7 pages control policy? 2) What are the access methods (such as LAN, wireless, or VPN) I want to protect? 3) How will this integrate with my existing infrastructure? Once you answer these questions, you can begin to gather test lab resources, such as servers (for policy definition points), laptops or desktops (for network access requestors), and switches, access points, and VPN servers (for policy enforcement points). Getting Started with Network Access

Nt2580 Unit 4

746 words - 3 pages . Acceptable Use Policy 4. For additional information regarding Richman investments's remote access connection options, including how to order or disconnect service, cost comparisons, troubleshooting, etc., go to the Remote Access Services website. 3.2 Requirements Secure remote access must be strictly controlled. Control will be enforced via one-time password authentication or public/private keys with strong pass-phrases. For information on creating

Domain Structure

636 words - 3 pages well. It has a universal level of control that share data with every domain on the network. The Active Directory administrator can manage the groups as well as single user accounts by the Group Policy that is a tool of Active Directory. The group policy determines whom and how much permission of resources access is given to a group or individual user. These policies are used to administer terminals and servers on a certain network. The user and

Title Is Awesome

1179 words - 5 pages      Access Control Policy Definition      Business Continuity—Business Impact Analysis (BIA) Policy Definition      Business Continuity & Disaster Recovery Policy Definition      Data Classification Standard & Encryption Policy Definition      Internet Ingress/Egress Traffic Policy Definition      Mandated Security Awareness Training Policy Definition      Production Data Backup Policy Definition      Remote Access Policy Definition

Related Essays

Access Control Policy Essay

542 words - 3 pages Associate Level Material Appendix F Access Control Policy Student Name: Christopher Waller University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Romel Llarena Date: May 13, 2012 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems 1 Authentication Describe how and why

Remote Access Control Policy Essay

912 words - 4 pages Remote Access Control Policy Definition What is remote access? Remote access is the ability to log onto a network from a distant location. What that means that a computer, a modem, and some kind of remote access software is required to connect to the network. But remote control refers to actually taking control of another computer, whereas remote access means that the remote computer has the ability to become a hot on the network. When you use

It255 Assignment 3

299 words - 2 pages Melissa Burkhardt IT255 Unit 3 Assignment To begin designing a remote access control policy for The Richman Company, several configurations must take place. The Richman corp. uses In a Windows Server 2003-based native-mode domain, you can use the following three types of remote access policies: Explicit allow, the remote access policy is set to "Grant remote access permission" and the connection attempt matches the policy conditions,The

Is4550 Week 5 Lab Essay

1642 words - 7 pages tunneling between remote computer and ingress/egress router | Remote Access Policy | WLAN access points are needed for LAN connectivity within a warehouse | Access Control Policy | Need to prevent rogue users from unauthorized WLAN access | Access Control Policy | For each identified gap, insert a recommendation for an IT security policy to help mitigate the risk, threat or vulnerability: Define a policy statement (2 or 3 sentences max