Submitted by: Submitted by im1sadpanda
Views: 428
Words: 7198
Pages: 29
Category: Science and Technology
Date Submitted: 01/22/2012 09:56 PM
Chapter
10
Access Control Systems and Methodology
Chapter Objectives
After reading this chapter and completing the exercises, you will be able to do the following:
■ ■ ■ ■ ■ ■ ■
Apply access control techniques to meet confidentiality and integrity goals. Implement the major terms and concepts related to access control and relate them to system security. Apply discretionary access controls (DAC) and mandatory access controls (MAC) techniques as appropriate. Choose effective passwords and avoid password limitations. Implement password alternatives including smart cards, password tokens, and other multifactor techniques. Apply the goals of single sign-on concepts to business and common users. Use the techniques described to control remote user access.
Introduction
Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of an information system. One of the goals of access control is personal accountability, which is the mechanism that proves someone performed a computer activity at a specific point in time.
ISBN: 0-536-60322-7
205
Information Security: Principles and Practices, by Mark Merkow and Jim Breithaupt. Published by Prentice Hall. Copyright © 2006 by Pearson Education, Inc.
206
CHAPTER 10 | Access Control Systems and Methodology
This chapter will cover terminology and principles of authentication that are used in the Access Control Systems and Methodology domain, along with some of the more popular techniques and protocols used in commercial software to control access. It will also cover single sign-on techniques and the methods commonly used to permit remote access to corporate and back-office systems (office networks and servers that front-office personnel access to do their jobs).
Terms and Concepts
Access control is the heart of an information technology (IT) security system and is needed to meet the major objectives of InfoSec: confidentiality and...