Presentation Content
Access Control
Logical Access Control
Logical Access Control Component
Logical Access Control Examples.
Physical Access Control
Purpose of Physical Access Control
Measure of Physical Access Control
Biometrics
Cross Error Rate/ Equal Error Rate
Access Control
Access is the flow of information between subject and
object.
Subject: User, Program, Process or Device.
Object: Computer, Computer program, Database File.
Access Control are collection of mechanisms that work
together to protect the information assets and resources of
an organization from an unauthorized access.
Access Control enable management to:
Specify which users can access the information and
uses the resources of an organization.
Specify what resources they can use.
Specify what operations they can perform.
Provide individual accountability.
Cont.….
Access Control
Administrative Control
Logical Control
Physical Control
Logical access control are the tools used to allow or
restricts subject access to objects on the basis:
Identification
Authentication
Authorization
Accountability
Identification
A user accessing a computer system would present credentials or identification, such as a username, user ID.
Authentication
Checking the user’s credentials to be sure that they are authentic and not fabricated, usually using a password, pin, biometric etc.
Authorization
Granting permission to take the action on certain services or applications in order to perform their duties.
Accountability
Audit logs and monitoring to track subject activities with objects
Logical Access Control
component
System Access
Network Architecture
Network Access
Encryption and
Protocols
Auditing
Type of Control Preventive Detective Corrective Recovery Compensative
ACLs
Routers
Encryption
Audit Logs
IDS
Antivirus Software
Server images
Smart cards
Dial up-Call back
Data backup
PHYSICAL ACCESS CONTROL
Physical access control is a matter of :-
- WHO
- WHERE &
- WHEN
Historically this was partially accomplished through keys and
locks.
In some cases, physical access control systems are integrated
with electronic ones
PURPOSE OF PHYSICAL ACCESS CONTROLS
These entail controlling individual access into the: facility and different departments removing unnecessary CD-ROM drives, protecting the perimeter of the facility, monitoring for the intrusion environmental controls.
MEASURES TO ACHIEVE PHYSICAL ACCESS CONTROLS
Physical access controls can be achieved by the following
means:
Humans (Guards etc)
Mechanical means (Lock and Keys)
Electronic access control
Biometrics
CCTV
BIOMETRICS
It is broken into two categories:
1. Physiological
2. Behaviorial
Two types of biometric errors:
3. Type 1 errors (False Rejection Rate)
4. Type 2 errors (False Acceptance Rate)
CROSS ERROR RATE/EQUAL ERROR RATE
This rating is rated as a percentage and represents the
point at which the false rejection rate is equal to the
false acceptance rate.
This rating is the most important measurement when
determining the system’s accuracy.
Top Related