NT2580
Introduction to Information Security
Unit 3 (June 30, 2016)
Appropriate Access Controls for Systems, Applications, and Data Access
Learning Objective
- Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
Key Concepts
- The authorization policies applying access control to systems, application, and data
- The role of identification in granting access to information systems
- The role of authentication in granting access to information systems
- The authentication factor types and the need for two- or three-factor authentication
- The pros and cons of the formal models used for access controls
Reading
- Kim and Solomon, Chapter 5: Access Controls.
- SC Magazine: District Court Judge Rules that FBI's Hacking Trick Does Not Require Warrant
- SC Magazine: US v. Mattish Warrant Ruling (PDF)
Keywords
- Biometrics
- Content Dependent Access Control
- Decentralized Access Control
- Discretionary Access Control
- Kerberos
- Mandatory Access Control
- Remote Authentication Dial In User Service (Radius)
- Role-Based Access Control
- Security Controls
- Secure European System for Applications in a Multi-Vendor Environment (SESAME)
- Single Sign-on
- Terminal Access Controller Access-Control System (TACACS)
Assignments and Study Materials
- Unit 3 Lecture Slides
- Lab 3.1: Enabling Windows Active Directory and User Access Controls
- Discussion 3.2: Access Control Models
- Assignment 3.3: Remote Access Control Policy Definition
Questions and Feedback
Use the form below to ask questions or provide feedback about the concepts covered during Unit 3's session of class: