© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing...
-
Upload
homer-lane -
Category
Documents
-
view
214 -
download
0
Transcript of © ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing...
© ITT Educational Services, Inc. All rights reserved.
IS3230 Access Security
Unit 6
Implementing Infrastructure Controls
© ITT Educational Services, Inc. All rights reserved.Page 2IS3230 Access Security
Class Agenda 10/15/15
Chapter 8 Learning Objectives Lesson Presentation and Discussions. Class project outline due Lab Activities will be performed in class.. Assignments will be given in class. Break Times. 10 Minutes break in every 1 Hour. Note: All Assignment and labs due today.
© ITT Educational Services, Inc. All rights reserved.Page 3IS3230 Access Security
Learning Objective Implement appropriate access controls for
information systems within information technology (IT) infrastructures.
© ITT Educational Services, Inc. All rights reserved.Page 4IS3230 Access Security
Key ConceptsThe three states of data File system access control listsUser account type privilege managementAccess control best practicesOrganization-wide layered infrastructure
access control
© ITT Educational Services, Inc. All rights reserved.Page 5IS3230 Access Security
EXPLORE: CONCEPTS
© ITT Educational Services, Inc. All rights reserved.Page 6IS3230 Access Security
The Three States of Data
© ITT Educational Services, Inc. All rights reserved.Page 7IS3230 Access Security
DAR
Discussion: As Students to give example of Data at rest Data in Motion Data in Process.
© ITT Educational Services, Inc. All rights reserved.Page 8IS3230 Access Security
Securing DAR
Use of access Control mechanismsData Encryption.Back upsPhysical Security
© ITT Educational Services, Inc. All rights reserved.Page 9IS3230 Access Security
Use encryption to protect stored data:• Elements in databases• Files on network and shared drives• Files on portable or movable drives,
Universal serial bus (USB), and flash drives• Files and shared drives accessible from the
Internet• Personal computers (PCs), laptop hard
drives, and full disk encryption
Protecting DAR
© ITT Educational Services, Inc. All rights reserved.Page 10IS3230 Access Security
DIM
Gateway Network A
Gateway Network A
Gateway Network B
Gateway Network B
Direct Connection
Remote virtual private network (VPN) Connection
© ITT Educational Services, Inc. All rights reserved.Page 11IS3230 Access Security
Protecting , DIM,
Vulnerable as it travelsLess risky than DARAttacker will have to get access to physical
connection.Boarder protection are needed –Firewalls
and IDS
© ITT Educational Services, Inc. All rights reserved.Page 12IS3230 Access Security
Securing DIM
Encryption mechanisms to secure communication channel
SLLHTTPSVPN
© ITT Educational Services, Inc. All rights reserved.Page 13IS3230 Access Security
Difficult to protect since it is being operated on by the central processing unit (CPU)
Protecting DIP
© ITT Educational Services, Inc. All rights reserved.Page 14IS3230 Access Security
Object level Security
Object is an item or group of items or group of information.
As in object oriented programming.Security rules can be set on objects to
secure data at rest of in motionExample Firewalls and Web content filters
© ITT Educational Services, Inc. All rights reserved.Page 15IS3230 Access Security
File System Access Controls File system access controls will include
logging of user activities on the:• Files• Applications• Systems
Access Controls at Different Levels in a System
© ITT Educational Services, Inc. All rights reserved.Page 16IS3230 Access Security
Trust-Based Peer to Peer (P2P) Workgroup Role-Based Access Group-Based Files Access
Types of File System Access Controls
© ITT Educational Services, Inc. All rights reserved.Page 17IS3230 Access Security
Access Control list
Security policies assigned to objectsAccess control entitiesAccess denied , Access allowed, System
audit.
© ITT Educational Services, Inc. All rights reserved.Page 18IS3230 Access Security
Microsoft (MS) Windows versus UNIXFile system controls in MS Windows and
UNIX are different, but used to accomplish the same objective–control access to data assets
Windows file access rights are inherited
Types of File System Access Controls (Continued)
© ITT Educational Services, Inc. All rights reserved.Page 19IS3230 Access Security
Basic Access control rights in Windows.
Use in both Widows workstations and Servers for files and folders
Full ControlModifyRead and executeList Folder contentReadWrite
© ITT Educational Services, Inc. All rights reserved.Page 20IS3230 Access Security
Advanced Rights for file
Full Control Traverse Folder Read Attribute Create files/Write data Write Attribute Create folder/ Append data Delete Read Permission Change permission Take ownership
© ITT Educational Services, Inc. All rights reserved.Page 21IS3230 Access Security
Windows Administrator Rights
A domain Administer – Full control of all computers in a Domain
Supper Administrator- Build in Secret administrator.
© ITT Educational Services, Inc. All rights reserved.Page 22IS3230 Access Security
EXPLORE: PROCESSES
© ITT Educational Services, Inc. All rights reserved.Page 23IS3230 Access Security
UNIX and Linux
Simplify ACL is based file permission systemAccess rights are not inherited.Rights in UNIX-Read, Write and Execute.Root is a special class user in a UNIX or
LinuxAlso known as Super userSupper user do (sudo) – allow user have
privilege as a super user.
© ITT Educational Services, Inc. All rights reserved.Page 24IS3230 Access Security
Layered Protection Through IT Infrastructure
Connection from Internet
Firewall
External Router
Border Firewall Only
Internal Network
© ITT Educational Services, Inc. All rights reserved.Page 25IS3230 Access Security
Layered Protection Through IT Infrastructure (Continued)
Connection from Internet
RouterRouter
DMZ 2DMZ 1
Dual DMZ Configuration
© ITT Educational Services, Inc. All rights reserved.Page 26IS3230 Access Security
EXPLORE: ROLES
© ITT Educational Services, Inc. All rights reserved.Page 27IS3230 Access Security
Roles and Responsibilities
Role ResponsibilitiesSystem Owner Owns System
Authorizes access Performs non-technical access control review
Network Administrator
Managing host security, file permissions, backup and disaster recovery plans, file system integrity, and adding and deleting users
Troubleshoot networks, systems, and applications to identify and correct malfunctions and other operational difficulties
System Administrator Grants access to system, applications, and data Provides special access as required Creates groups and assigns users and
privileges Provides backup and recovery capabilities of
systems, applications, and data
© ITT Educational Services, Inc. All rights reserved.Page 28IS3230 Access Security
Roles and Responsibilities (Continued)
Role ResponsibilitiesApplication Owner Grants access to applications that manipulate
data Maintains integrity of applications and processes
Data Owner Maintains data integrity Authorizes distribution to internal and external
parties
User Uses systems, applications, and data to perform functions
Creates file Assigns data classification
© ITT Educational Services, Inc. All rights reserved.Page 29IS3230 Access Security
SummaryThree states of dataProtecting DIM and DARFile system access controlsLayered protectionRoles and responsibilities
© ITT Educational Services, Inc. All rights reserved.Page 30IS3230 Access Security
Unit 6 Lab Activities
Lab # 6: Enhance Security Controls Leveraging Group Policy Objects
Complete the lab activities in class
© ITT Educational Services, Inc. All rights reserved.Page 31IS3230 Access Security
Unit 6 Assignments
Unit 6 Assignment: Aligning Account Types and Privileges
A copy of the assignment will be given in class.
Reading assignment: Read Chapters 9