Access Control Principles, Terminologies, and Models PDF
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Related
Summary
This document explains the concept of access control, introducing principles, terminologies, and models. It describes how access control manages user access to resources within a network. The document is relevant to cybersecurity topics, and is suitable for a professional audience.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization Module Flow 0O Discuss Access Control Principles, Terminologies, and Models ! 0,0 l \ L Discuss Identity and Access Management (IAIM) Copyright © by EC-{ L All Rights Reserved. Reproduction is Strictly P...
Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization Module Flow 0O Discuss Access Control Principles, Terminologies, and Models ! 0,0 l \ L Discuss Identity and Access Management (IAIM) Copyright © by EC-{ L All Rights Reserved. Reproduction is Strictly Prohibited Discuss Access Control Principles, Terminologies, and Models The objective of this section is to explain the concept of access control by introducing the principles of access control, the terminologies used, and the different models that describe how access control helps in controlling the access of users to specific resources in a network. Module 04 Page 450 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization Access Control O Access control is the selective restriction of access to an asset or a system/network resource O It protects the information assets by determining who can access what O Access control mechanism uses user identification, authentication, and authorization to restrict or grant access to a specific asset/resource Grrrraassassssnsannrnninn - Authorization Database Administrator ‘ Authentication :. Authentication Function |..... aeeenap 5 Access Control v iz Control emction Sesscsnansvnnsl » A A System Resources Copyright © by EC L All Rights Reserved, Reproduction is Strictly Prohibited Access Control Access control is a method of limiting the access of an organization’s resources for the users. A crucial aspect of implementing an access control is to maintain the integrity, confidentiality, and availability of the information. An access control function uses identification, authentication, and mechanisms to identify, authenticate, and authorize the user requesting access to a specific resource. The access permissions determine the approvals or permissions provided to a user for accessing a system and other resources. The general steps involved in the access control mechanism are as follows: = Step 1: A user provides their credentials/identification while logging into the system. = Step 2: The system validates the user with the database on the basis of the provided credentials/identification such as a password, fingerprint, etc. = Step 3: Once the identification is successful, the system provides the user access to use the system. = Step 4: The system then allows the user to perform only those operations or access only those resources for which the user has been authorized. Module 04 Page 451 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Identification, Authentication, and Authorization ,‘. s gpessssssssssnssnsssssssssnad Authorization Database A H Authentication 3 ‘.‘.....'." j ) ment'non Function ' '......:......’: 5 r ,Amss Contl’ol Fction User Access Control :.’"""':’""I’ [ENER A s. Administrator SE=s System Resources Figure 4.1: Access Control Mechanism Module 04 Page 452 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Identification, Authentication, and Authorization Exam 212-82 Access Control Terminologies This refers to a particular user or process that wants to access a resource This refers to a specific resource that the user wants to access such as a file or a hardware device It checks the access control rule for specific restrictions It represents an action taken by a subject on an object.... A)I Authentication Reference Monitor | Authorization Copyright © by EC cll All Rights Reserved. Reproduction is Strictly Prohibited Access Control Terminologies The following terminologies are used to define the access control on specific resources: Subject A subject can be defined as a user or a process that attempts to access the objects. The subjects are those entities that perform certain actions on the system. Object An object is an explicit resource on which an access restriction is imposed. The access controls implemented on the objects further control the actions performed by the user. Examples of an object are a file or a hardware device. Reference Monitor A reference monitor monitors the restrictions imposed on the basis of certain access control rules. It implements a set of rules on the ability of the subject to perform certain actions on the object. Operation An operation is an action performed by a subject on an object. A user trying to delete a file is an example of an operation. Here, the user is the subject, the action of deleting refers to the operation, and the file is the object. Module 04 Page 453 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Identification, Authentication, and Authorization m Request Exam 212-82 A R ce Monitor [eeeeeeeninasd Authentication goquest A Authorization Figure 4.2: Access Control Terminologies Module 04 Page 454 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.