Chap 10

Chapter

10

Access Control Systems and Methodology

Chapter Objectives

After reading this chapter and completing the exercises, you will be able to do the following:

■ ■ ■ ■ ■ ■ ■

Apply access control techniques to meet confidentiality and integrity goals. Implement the major terms and concepts related to access control and relate them to system security. Apply discretionary access controls (DAC) and mandatory access controls (MAC) techniques as appropriate. Choose effective passwords and avoid password limitations. Implement password alternatives including smart cards, password tokens, and other multifactor techniques. Apply the goals of single sign-on concepts to business and common users. Use the techniques described to control remote user access.

Introduction

Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of an information system. One of the goals of access control is personal accountability, which is the mechanism that proves someone performed a computer activity at a specific point in time.

ISBN: 0-536-60322-7

205

Information Security: Principles and Practices, by Mark Merkow and Jim Breithaupt. Published by Prentice Hall. Copyright © 2006 by Pearson Education, Inc.

206

CHAPTER 10 | Access Control Systems and Methodology

This chapter will cover terminology and principles of authentication that are used in the Access Control Systems and Methodology domain, along with some of the more popular techniques and protocols used in commercial software to control access. It will also cover single sign-on techniques and the methods commonly used to permit remote access to corporate and back-office systems (office networks and servers that front-office personnel access to do their jobs).

Terms and Concepts

Access control is the heart of an information technology (IT) security system and is needed to meet the major objectives of InfoSec: confidentiality and...