Assignment 5
Question #1
There are four main Access Control Models: Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role-Based Access Control, and Rule-Based Access Control (RBAC). The MAC model allows access control to only the owner and custodian management, with end-users lacking access control to settings that can be altered to provide access privileges to anyone. An example of the MAC model is the Biba, which is commonly utilized in business and focuses on information integrity. Biba allows lower-level clearance users to read information of high level and the higher-level clearance users to write for users with lower-level clearance (Mudarri et al., 2015). Role-Based Access Control model, on its side, offers access control based on the position one holds in the organization. For instance, any person that fills the security manager position automatically gains access control as the position is assigned access control. The third model is the Discretionary Access Control, which provides individuals with complete access control over objects they possess along with the programs that are associated with the objects. The last access control model is the Rule-Based Access Control, which involves individuals being assigned roles dynamically based on the criteria delineated by the system administrator. The Rule-Based Access Control model provides the period, and the files one is allowed to access.
Question #2
Factors that can be used in authentication include a knowledge factor, also referred to as “something the user knows.” Examples of knowledge factor include a personal identification number (PIN), a password combination, and an answer to a secrete security question. The second factor used in authentication is the inherence factor, also identified as “something the user is.” The inherence factor involves the use of the user biometric data in the accomplishment of the authentication. Examples of the inherence factor commonly used include fingerprints, voice analysis, hand geometry, facial pattern, and eye retinas, or eye iris scan (Donegan, 2019). The third factor used in authentication is the possession factor, also identified as “something the user has.” The possession factor is based on the user’s item that acts as a security token or key to security. Examples of the possession factor include smart cards, which act as a security key and to identify the holder. Mobile devices are also possession factors used as security tokens when used in accepting a one-time password or PIN.
Question #3
Forms of centralized access control administration include RADIUS, which is used to authenticate and authorize users that use remote access. The credentials of the users are saved in a RADIUS server in the form of two configuration files. The configuration files include the client file, which holds the address of the client and authentication, and the user file, which contains the user identification, authentication, connection, and authorization parameters. Another form of centralized access control administration is the TACACS protocol, which uses a single configuration file in controlling user authentication, authorization, and defining users and attribute/value (AV) pairs. DIAMETER protocol operates in both TACACS and RADIUS but contains the ability to handling robust networks that exist today. The protocol conducts specific authentication and authorization that are defined based on the format of the message, transport, error reporting, or security service. The advantage of decentralized administration is that it enables the administrator to provide rights to users, enhancing the ability to conduct updates or any required changes in the system faster. However, the risks of some users overstepping or acquiring privileges beyond their bounds can occur during the updates. Another disadvantage is that other users may take an opportunity to change or alter other users’ information.
References
Donegan, K. (2019). Common Authentication Factors to Know. TechTarget. Retrieved from https://searchsecurity.techtarget.com/feature/5-common-authentication-factors-to-know
Mudarri, T., Al-Rabeei, S., Abdo, S. (2015). Security Fundamentals: Access Control Models. International Journal of Interdisciplinarity in Theory and Practice. https://www.researchgate.net/publication/282219117_SECURITY_FUNDAMENTALS_ACCESS_CONTROL_MODELS
Stackpole, B. (2000). Data Security Management: Centralized Authentication Services (RADIUS, TACACS, DIAMETER). Auerbach Publications. Retrieved from http://www.ittoday.info/AIMS/DSM/83-10-32.pdf