© itt educational services, inc. all rights reserved. is3230 access security unit 6 implementing...

© ITT Educational Services, Inc. All rights reserved.

IS3230 Access Security

Unit 6

Implementing Infrastructure Controls

© ITT Educational Services, Inc. All rights reserved.IS3230 Access Security

Class Agenda 10/15/15

Chapter 8 Learning Objectives Lesson Presentation and Discussions. Class project outline due Lab Activities will be performed in class.. Assignments will be given in class. Break Times. 10 Minutes break in every 1 Hour. Note: All Assignment and labs due today.


Learning Objective Implement appropriate access controls for

information systems within information technology (IT) infrastructures.


Key ConceptsThe three states of data File system access control listsUser account type privilege managementAccess control best practicesOrganization-wide layered infrastructure

access control


EXPLORE: CONCEPTS


The Three States of Data


DAR

Discussion: As Students to give example of Data at rest Data in Motion Data in Process.


Securing DAR

Use of access Control mechanismsData Encryption.Back upsPhysical Security


Use encryption to protect stored data:• Elements in databases• Files on network and shared drives• Files on portable or movable drives,

Universal serial bus (USB), and flash drives• Files and shared drives accessible from the

Internet• Personal computers (PCs), laptop hard

drives, and full disk encryption

Protecting DAR


DIM

Gateway Network A

Gateway Network A

Gateway Network B

Gateway Network B

Direct Connection

Remote virtual private network (VPN) Connection


Protecting , DIM,

Vulnerable as it travelsLess risky than DARAttacker will have to get access to physical

connection.Boarder protection are needed –Firewalls

and IDS


Securing DIM

Encryption mechanisms to secure communication channel

SLLHTTPSVPN


Difficult to protect since it is being operated on by the central processing unit (CPU)

Protecting DIP


Object level Security

Object is an item or group of items or group of information.

As in object oriented programming.Security rules can be set on objects to

secure data at rest of in motionExample Firewalls and Web content filters


File System Access Controls File system access controls will include

logging of user activities on the:• Files• Applications• Systems

Access Controls at Different Levels in a System


Trust-Based Peer to Peer (P2P) Workgroup Role-Based Access Group-Based Files Access

Types of File System Access Controls


Access Control list

Security policies assigned to objectsAccess control entitiesAccess denied , Access allowed, System

audit.


Microsoft (MS) Windows versus UNIXFile system controls in MS Windows and

UNIX are different, but used to accomplish the same objective–control access to data assets

Windows file access rights are inherited

Types of File System Access Controls (Continued)


Basic Access control rights in Windows.

Use in both Widows workstations and Servers for files and folders

Full ControlModifyRead and executeList Folder contentReadWrite


Advanced Rights for file

Full Control Traverse Folder Read Attribute Create files/Write data Write Attribute Create folder/ Append data Delete Read Permission Change permission Take ownership


Windows Administrator Rights

A domain Administer – Full control of all computers in a Domain

Supper Administrator- Build in Secret administrator.


EXPLORE: PROCESSES


UNIX and Linux

Simplify ACL is based file permission systemAccess rights are not inherited.Rights in UNIX-Read, Write and Execute.Root is a special class user in a UNIX or

LinuxAlso known as Super userSupper user do (sudo) – allow user have

privilege as a super user.


Layered Protection Through IT Infrastructure

Connection from Internet

Firewall

External Router

Border Firewall Only

Internal Network


Layered Protection Through IT Infrastructure (Continued)

Connection from Internet

RouterRouter

DMZ 2DMZ 1

Dual DMZ Configuration


EXPLORE: ROLES


Roles and Responsibilities

Role ResponsibilitiesSystem Owner Owns System

Authorizes access Performs non-technical access control review

Network Administrator

Managing host security, file permissions, backup and disaster recovery plans, file system integrity, and adding and deleting users

Troubleshoot networks, systems, and applications to identify and correct malfunctions and other operational difficulties

System Administrator Grants access to system, applications, and data Provides special access as required Creates groups and assigns users and

privileges Provides backup and recovery capabilities of

systems, applications, and data


Roles and Responsibilities (Continued)

Role ResponsibilitiesApplication Owner Grants access to applications that manipulate

data Maintains integrity of applications and processes

Data Owner Maintains data integrity Authorizes distribution to internal and external

parties

User Uses systems, applications, and data to perform functions

Creates file Assigns data classification


SummaryThree states of dataProtecting DIM and DARFile system access controlsLayered protectionRoles and responsibilities


Unit 6 Lab Activities

Lab # 6: Enhance Security Controls Leveraging Group Policy Objects

Complete the lab activities in class


Unit 6 Assignments

Unit 6 Assignment: Aligning Account Types and Privileges

A copy of the assignment will be given in class.

Reading assignment: Read Chapters 9

© itt educational services, inc. all rights reserved. is3230 access security unit 6 implementing...

Documents