Access Controls

Supervised by: Dr.Lo’ai Tawalbeh

Prepared by: Abeer Saif

Introduction:

Access Controls: The security features that control how users and systems communicate and interact with one another.

Access: The flow of information between subject and object.

Subject: An active entity that requests access to an object or the data in an object. Such as a user, program, or process that accesses an object to accomplish a task.

Introduction:

Object: A passive entity that contains information. Such as: a computer, database, file, computer program, directory, or field in a table in a database, etc.

Introduction:

Access controls are extremely important because they are one of the first lines of defense used to fight against unauthorized access to systems and network resources.

Access controls give organizations the ability to control, restrict, monitor, and protect resource availability, integrity, and confidentiality.

Access Control Administration:

Two Basic forms: Centralized: One entity is responsible for

overseeing access to all corporate resources.

Provides a consistent and uniform method of controlling access rights.

Decentralized: Gives control of access to the people who are closer to the resources.

Has no methods for consistent control, lacks proper consistency.

Centralized & Decentralized access:

Access Control methods:

Access controls can be implemented at various layers of an organization, network, and individual systems.

Three broad categories: Administrative Physical Technical (aka Logical)

Access Controls

ISA 2004Internet Security & Acceleration Server 2004

ISA 2004 overview:

ISA 2004 overview:

ISA Server 2004 main roles: Firewall.

Packet inspection & filtering. Stateful inspection & filtering. Application layer inspection & filtering.

VPN server. Unified firewall & VPN Server.

Proxy and Caching server. Forward cache. Backward cache.

ISA 2004 overview:

ISA Server 2004 as a VPN server: VPN (Virtual Private Network): is a secure

network connection created through a public network such as the Internet.

Types of VPN connections: VPN clients. Site-Site VPN. Quarantine Control.

ISA 2004 overview:

Why use VPN connections: Availability. Cost.

Internet Protocol security (IPSec): A set of industry-standard, cryptography based protection services and protocols. IPSec protects all protocols in the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite and Internet communications.

ISA 2004 overview:

Protocols supported by ISA Server 2004: Point-Point tunneling protocol (PPTP):

Uses Microsoft’s encryption (MPPE). Less Complex to set than IPsec.

Layer two tunneling protocol (L2TP): More secure than PPTP. IPsec concepts more complex.

ISA 2004 overview:

References:

CISSP All-in-One Exam Guide. Installing, Configuring, and Administering

Microsoft Windows XP Professional.MCSA/MCSE Self-Paced Training Kit (Exam 70-270).

Implementing Microsoft Internet Security and Acceleration Server 2004. MCSA/MCSE Self-Paced Training Kit (Exam 70-350).