Name: Shaamim Ahmed Chapter 10: Access Control Methods & Models Part # 1
Define the following Key Terms (12 points)
Part A: Define the following terms (25 points)
1. Access control models: Know access control models such as MAC, DAC, and RBAC, plus methodologies such as implicit deny and job rotation. Demonstrate the following: o Ability to create and enforce policies. o Create a plan of action. 2. Discretionary access control (DAC) An access control policy generally determined by the owner 3. Mandatory access control (MAC) An access control policy determined by a computer system, not by a user or owner, as it is in DAC o Rule-based access control o Lattice-based access control 4. Role-based access control (RBAC) An access model that, like MAC, is controlled by the system, and unlike DAC, not by the owner of a resource 5. Implicit deny Denies all traffic to a resource unless the users generating that traffic are specifically granted access to the resource 6. Least privilege When users are given only the amount of privileges needed to do their job and not one iota more 7. Separation of duties (SoD) When more than one person is required to complete a particular task or operation 8. Job rotation When users are cycled through various assignments 9. Access control lists (ACLs) Lists of permissions attached to an object. ACLs reside on firewalls, routers, and on computers. 10. Least privilege as it applies to permissions Conduct user permission reviews to ensure that long-term users are getting the proper permissions to data. Privilege creep is when, over time, additional permissions are given to a particular user because that user needs to access certain files on a temporary basis. Mandatory vacations are enforced on many personnel to ensure that there is no kind of fraud or other illegitimate activity going on. 11. Permission inheritance and propagation
Security + Computer System Security
DCOM 258 E31 If you create a folder, the default action it takes is to inherit permissions from the parent folder, which ultimately come from the root folder. So any permissions set in the parent are inherited by the subfolder. To view an example of this, locate any folder within an NTFS volume (besides the root folder), right-click it, and select Properties, access the Security tab, and click the Advanced button.
Part B: Short answer Questions (8 points)
1. List six NTFS Permissions. I. Full control II. Modify III. Read and execute IV. List folder contents V. Read VI. Write 2. What is the Username naming convention? Username naming convention 3. List the 5 Complexity requirements for a good password. I. Contain uppercase letters II. Contain lowercase letters III. Contain numbers IV. Contain special characters (symbols) V. Should be 8-10 characters or more. Some organizations that have extremely sensitive data require 15 characters as a minimum.