tailieunhanh - Chapter 19 – Privilege Management

An important part if systems and network protection is determining who has access to what. This is call “privilege management or access control” There are 4 major types of “access control” that we will discuss in the next slides User Based – DAC based Group Based – DAC based Role Based – system based roles Rule Based – system based rules | Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki Privilege Management An important part if systems and network protection is determining who has access to what. This is call “privilege management or access control” There are 4 major types of “access control” that we will discuss in the next slides User Based – DAC based Group Based – DAC based Role Based – system based roles Rule Based – system based rules User Based User Based – every user is assigned a unique ID. Permissions are granted to each individual user. If a user has permissions to a resource They can access it. Advantages? Problems? Group Based Groups are created. Users are placed in Groups. Permissions are given to groups. If a user is in a group that has permission to a resource Then that user has permission to the resource Advantages? Problems? Combination of Access When you have user and group based access control, often groups AND users both are assigned permissions to resources. . | Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki Privilege Management An important part if systems and network protection is determining who has access to what. This is call “privilege management or access control” There are 4 major types of “access control” that we will discuss in the next slides User Based – DAC based Group Based – DAC based Role Based – system based roles Rule Based – system based rules User Based User Based – every user is assigned a unique ID. Permissions are granted to each individual user. If a user has permissions to a resource They can access it. Advantages? Problems? Group Based Groups are created. Users are placed in Groups. Permissions are given to groups. If a user is in a group that has permission to a resource Then that user has permission to the resource Advantages? Problems? Combination of Access When you have user and group based access control, often groups AND users both are assigned permissions to resources. And the total combination of permissions are your effective permissions. Example: John has Read access to John is a member of managers, which has write access to Johns effective access is: read + write No Access There is usually a special permission called “No Access”. No access is a permission that you simply cannot shake, and strips all your other permissions away. Example: John is a member of managers which has read + write to John is under investigation, as such he has been directly assigned No Access to Johns effective permissions for = No Access Role Based Like Groups, Roles are special groups that is synonymous with a job or set of function. With role based access control, permissions are assigned to roles. Users are put in roles and receive the access that is relevant to that role. Advantages: Centralized management Good for places that have a lot of job changes or turnover Fight “authorization creep” .