Authentication vs Authorization
Authentication: You are who you say you are
Authorization: You have permission to do what you are attempting
Discretionary Access Control
The creator of a file assigns permissions to specific users and groups
-DACL: Discretionary Access Control List
Mandatory Access Control
More complex then other models, not often used.
Files are assigned a label (Public, Secret, Top Secret)
Users are assigned access levels (1, 2, 3)
Certain access levels can modify certain labels
ie; a User with Level 1 Access can access Public, Secret, and Top Secret files
a user with Level 2 Access can only access Public and Secret files
Role Based Access Control
A policy is created defining roles and the access level within those roles
Users are then assigned to a given role
ie: the Marketing Role has access to Marketing Resources, HR to HR Resources, etc.
Rule Based Access Control
Administrator configures rules and actions
Think of a firewall using if/then/else logic
-
Security Control Categories6
-
Security Control Types8
-
Principals of Security7
-
Authentication Factors2
-
Authorization and Access Control Models5
-
Authentication, Authorization, Accounting7
-
Principals of Zero Trust6
-
Deception and Disruption Technologies2
-
Business Processes and Security Operations8
-
Encryption Solutions9
-
Public Key Infrastructure (PKI)7
-
Examining Digital Certificates10
