UNIT II : ACCESS CONTROL MODELS AND SECURITY POLICIES
Access Control Models
Access control models are used to define and enforce security policies that
determine who can access specific resources, and what actions they can perform on
those resources. There are several access control models that are commonly used in
information security:
1. Discretionary Access Control (DAC) model:
According to the Trusted Computer Evaluation Criteria, discretionary access
control is “a means of restricting access to objects based on the identity of
subjects and/or groups to which they belong. The controls are discretionary in the
sense that a subject with certain access permission is capable of passing that
permission (perhaps indirectly) on to any other subject (unless restrained by
mandatory access control)”.
DAC (discretionary access control) devices utilize user identification procedures
to identify and restrict object access. Authentication credentials such as username
and password are verified before access is granted. This type of access control is
highly flexible in terms of data control. It gives you room to customize access
policies according to each end-user. Access is read and written to each user using
a single file.
,Features of Discretionary Access Control
Some of the features of discretionary access control include:
Flexibility
Discretionary access control systems feature the ability to allow users to
customize their access policies individually. A discretionary access control
example is determining the last person that will have access to your resources or
space.
Ease of Control
All networks are connected to a central device. From this centralized device,
users generate security policies to determine entry. This security system also
allows easy monitoring of the access points. This is done using DAC devices
such as keycards to permit and monitor access into a particular position of the
organization.
Backup
For organizations that integrate access controls into their security system,
scheduled backups are vital. Discretionary access control allows organizations to
backup security policies and data to ensure effective access points. This is also
vital to hinder the loss of information from a server crash.
Usability
Discretionary access control is easy to use. It allows easy policing and granting
permissions for each access point. The complexity of access control is minimized
to achieve better management of the network's resources.
Benefits of Discretionary Access Control
Some benefits of discretionary access control include:
Data Security
, Discretionary access control minimizes security risks. It creates a firewall against
malware attacks, unauthorized access by setting up a highly encrypted security
protocol that must be bypassed before access is granted. This goes further to
increase reliability in the organization.
Minimizes Administrative Obligation
It is impossible for an organization to manually monitor every access attempt into
their network. This would be a major drain of time and money for the business or
organization. Discretionary access control automates the security surveillance
system. Access points are monitored from a centralized platform to check and
authenticate persons trying to access important files.
Customizable
The DAC access control type offers a flexible approach in authentication and
authorization. The owner of the files, computers, and resources has the option to
configure permission policies according to each user the way they prefer. This
way they can assign access rights to each user in a way that is the most effective
for their particular network.
Fast Authentication
Unlike the manual control and authentication of access, DAS authentication is
done in a matter of seconds. Manual control requires a lot of time to execute. The
DAC system automates the whole network such that it does not take more than
few seconds to assess, verify and authorize or deny access.
Efficiency
The security protocol is fail-proof. The components are structured in the most
efficient way to monitor and restrict access. DAS devices are innovative enough
to deal with attempts to override them and gain forceful entry into unauthorized
areas of an organization.
Minimizes Cost
Access Control Models
Access control models are used to define and enforce security policies that
determine who can access specific resources, and what actions they can perform on
those resources. There are several access control models that are commonly used in
information security:
1. Discretionary Access Control (DAC) model:
According to the Trusted Computer Evaluation Criteria, discretionary access
control is “a means of restricting access to objects based on the identity of
subjects and/or groups to which they belong. The controls are discretionary in the
sense that a subject with certain access permission is capable of passing that
permission (perhaps indirectly) on to any other subject (unless restrained by
mandatory access control)”.
DAC (discretionary access control) devices utilize user identification procedures
to identify and restrict object access. Authentication credentials such as username
and password are verified before access is granted. This type of access control is
highly flexible in terms of data control. It gives you room to customize access
policies according to each end-user. Access is read and written to each user using
a single file.
,Features of Discretionary Access Control
Some of the features of discretionary access control include:
Flexibility
Discretionary access control systems feature the ability to allow users to
customize their access policies individually. A discretionary access control
example is determining the last person that will have access to your resources or
space.
Ease of Control
All networks are connected to a central device. From this centralized device,
users generate security policies to determine entry. This security system also
allows easy monitoring of the access points. This is done using DAC devices
such as keycards to permit and monitor access into a particular position of the
organization.
Backup
For organizations that integrate access controls into their security system,
scheduled backups are vital. Discretionary access control allows organizations to
backup security policies and data to ensure effective access points. This is also
vital to hinder the loss of information from a server crash.
Usability
Discretionary access control is easy to use. It allows easy policing and granting
permissions for each access point. The complexity of access control is minimized
to achieve better management of the network's resources.
Benefits of Discretionary Access Control
Some benefits of discretionary access control include:
Data Security
, Discretionary access control minimizes security risks. It creates a firewall against
malware attacks, unauthorized access by setting up a highly encrypted security
protocol that must be bypassed before access is granted. This goes further to
increase reliability in the organization.
Minimizes Administrative Obligation
It is impossible for an organization to manually monitor every access attempt into
their network. This would be a major drain of time and money for the business or
organization. Discretionary access control automates the security surveillance
system. Access points are monitored from a centralized platform to check and
authenticate persons trying to access important files.
Customizable
The DAC access control type offers a flexible approach in authentication and
authorization. The owner of the files, computers, and resources has the option to
configure permission policies according to each user the way they prefer. This
way they can assign access rights to each user in a way that is the most effective
for their particular network.
Fast Authentication
Unlike the manual control and authentication of access, DAS authentication is
done in a matter of seconds. Manual control requires a lot of time to execute. The
DAC system automates the whole network such that it does not take more than
few seconds to assess, verify and authorize or deny access.
Efficiency
The security protocol is fail-proof. The components are structured in the most
efficient way to monitor and restrict access. DAS devices are innovative enough
to deal with attempts to override them and gain forceful entry into unauthorized
areas of an organization.
Minimizes Cost
