Case Study 10-3: Understanding Access ccess control can deal with a lot of diffe
ID: 3857373 • Letter: C
Question
Case Study 10-3: Understanding Access ccess control can deal with a lot of different things, but in technology what we are most con cerned with is the access to data and how it is controlled Use the Internet to research the three main types of access control, and in Table 10-4 grive a description of each and an example of technology environments for each. Table 10-4 Example Access Control Model DAC MAC RBAC Description Case Study 10-4: Configuring User and Group Permissions Scenario: You are required to configure permissions for users on your network. To simplify the process, also create user groups that will allow you to group the users together (most likely by the department of your organization) and apply permissions to multiple users within the group at one time. Using this book and the Internet, research how you would apply permissions to users, and how you can create groups on a Windows computer.Explanation / Answer
Answer:
DAC:
Discretionary access control (DAC) is a type of security access control that grants or restricts object access via an access policy determined by an object's owner group and/or subjects. DAC mechanism controls are defined by user identification with supplied credentials during authentication, such as username and password. DACs are discretionary because the subject (owner) can transfer authenticated objects or information access to other users. In other words, the owner determines object access privileges.
Example:
A typical example of DAC is Unix file mode, which defines the read, write and execute permissions in each of the three bits for each user, group and others.
MAC:
Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system. MAC criteria are defined by the system administrator, strictly enforced by the operating system (OS) or security kernel, and are unable to be altered by end users.
Example:
Often employed in government and military facilities, mandatory access control works by assigning a classification label to each file system object. Classifications include confidential, secret and top secret. Each user and device on the system is assigned a similar classification and clearance level. When a person or device tries to access a specific resource, the OS or security kernel will check the entity's credentials to determine whether access will be granted. While it is the most secure access control setting available, MAC requires careful planning and continuous monitoring to keep all resource objects' and users' classifications up to date.
As the highest level of access control, MAC can be contrasted with lower-level discretionary access control (DAC), which allows individual resource owners to make their own policies and assign security control
RBAC:
Role-based access control (RBAC) is a method of access security that is based on a person’s role within a business. Role-based access control is a way to provide security because it only allows employees to access information they need to do their jobs, while preventing them from accessing additional information that is not relevant to them. An employee's role determines the permissions he or she is granted and ensures that lower level employees are not able to access sensitive information or perform high-level tasks.
Example:
All access is controlled through roles that people are given, which is a set of permissions. An employee's role determines what permissions he or she is granted. For example, a CEO will be given the role of CEO and have any permissions associated with that role, while network administrators will be given the role of network administrator and will have all the permissions associated with that role.
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.