4.6 Access Controls

0.0(0)
studied byStudied by 0 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/7

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

8 Terms

1
New cards

Access Control

The enforcement of rules that determine what resources a user can access after authentication.

  • Are based on organizational policies and can apply to individuals or groups.

  • IT teams translate these policies into system-level permissions, ensuring users can only access the data necessary for their job.

Specific permissions granted depend on the access control model used, which varies based on business needs or mission requirements.

2
New cards

Least Privilege

A security best practice that ensures users are granted only the rights and permissions needed to perform their job.

  • Are not given extra access, especially not administrative privileges.

  • Limits a user's interaction with the operating system, and if malicious software runs under their account, it will be confined to those limited permissions

3
New cards

Mandatory Access Control (MAC)

Assigns labels to resources like "confidential," "secret," or "top secret," and only users with matching clearance can access them.

  • Used in highly secure environments

  • Only users with matching clearance can access them.

  • Are strictly defined by the system administrator

4
New cards

Discretionary Access Control (DAC)

Allows the data creator to decide who can access their data and with what permissions.

  • For example, if you make a file, you can choose who can read or edit it.

  • Gives users flexibility but is less secure

  • Depends on individuals to set proper access controls for everything they create.

5
New cards

Role-based Access Control (RBAC)

Assigns permissions based on job roles rather than individuals.

  • Administrators create groups for different roles like managers or directors, assign permissions to those groups, and then add users to them.

  • Users automatically inherit the permissions of their assigned role without needing individual permission setups.

  • In systems like Windows, this is done using groups

6
New cards

Rule-Based Access Control (RuBAC)

Uses predefined rules set by administrators to determine access.

  • When a user tries to access an object, the system checks these rules to decide whether to grant or deny access.

  • Access decisions are based on conditions like time, location, or system state.

  • For example, a rule may allow access to lab data only between 9:00 AM and 5:00 PM.

7
New cards

Attribute-Based Access Control (ABAC)

A flexible and modern access control model that uses multiple attributes to decide access.

  • These attributes can include user details (like role or department), resource type, IP address, time of day, requested action (read/write), and the user’s relationship to the data.

  • Allows for dynamic, context-aware decisions.

  • You can think of this as a next generation of an authorization model.

8
New cards

Time-of-Day Restrictions

Limit user access to specific resources based on the time.

  • Can configure systems to only allow access during certain hours, such as business hours, and block it outside those times.

  • Often includes time zone considerations to ensure accuracy.

  • For example, access to a training room network might be blocked from midnight to 6:00 AM