Access Control Models
Assignment 5: Name of the Organization
Question No. 1 for Assignment 5
Generally speaking, there are four types of access control models: mandatory access control (MAC), discretionary access control (DAC), role-based access control (RBAC), and rule-based access control (RBAC) (RBAC). Users do not have access control to settings that can be adjusted to grant access privileges to anyone under the MAC model, as only the owner and custodial management are granted such control. The Biba model, for example, is a type of MAC model that is often used in business and is concerned with information security and integrity. Biba enables lower-level clearance users to read information from higher-level clearance users, and higher-level clearance users to write for users with lower-level clearance through the use of a standardized interface (Mudarri et al., 2015). Access control is granted or denied according to one’s position in the organization under the Role-Based Access Control concept. For example, everyone who fills the post of security manager instantly receives access control because the role has been assigned access control by the company. The third model is Discretionary Access Authority, which gives individuals complete control over the assets they own as well as the programs that are connected with those objects. This model is most commonly used in government. The final access control paradigm is Rule-Based Access Control, which involves employees being allocated roles dynamically based on criteria defined by the system administrator. This approach is most commonly used in corporate environments. The Rule-Based Access Control model specifies the time period as well as the files that can be accessed by a user.
Knowledge factors, sometimes known as “something the user knows,” are among the factors that can be employed in authentication, as discussed in Question #2. A personal identification number (PIN), a password combination, and the solution to a secret security question are all examples of knowledge factors. It is also referred to as “something the user is” in some circles. The usage of biometric data from the user to perform authentication is considered to be the inherence factor, which is the second component to be considered in the authentication process. Fingerprints, voice analysis, hand geometry, facial pattern, and eye retinas, often known as an eye iris scan, are examples of the inherence factor that are commonly employed (Donegan, 2019). The possession factor, also known as “something the user possesses,” is the third factor employed in authentication and is also known as “something the user possesses.” The possession factor is based on the thing that the user possesses and which serves as a security token or key to security for the user. Smart cards, which serve as a security key as well as a means of identifying the possessor, are examples of the possession factor. When a one-time password or personal identification number (PIN) is accepted, mobile devices are also considered possession factors and used as security tokens.
Question number three:
RADIUS, for example, is a centralized access control administration system that is used to authenticate and authorize users who access resources from a remote location. The credentials of the users are saved in a RADIUS server in the form of two configuration files, which are stored in a separate directory. The configuration files consist of two files: the client file, which contains the address of the client and authentication, and the user file, which contains the user identification, authentication, connection, and authorization parameters. The client file contains the address of the client and authentication. In addition to the TACACS protocol, which employs a single configuration file to govern user authentication and authorization as well as define users and attribute/value (AV) pairs, another type of centralized access control administration is the CASB protocol. The DIAMETER protocol is capable of operating in both TACACS and RADIUS networks, and it also has the capability of dealing with the robust networks that exist today. It is the protocol’s responsibility to conduct specific authentication and authorisation that are defined based on the message’s format, transport method, error reporting mechanism, or security service. The advantage of decentralized administration is that it allows the administrator to grant privileges to users, which improves the system’s ability to conduct updates or make any other necessary changes in a shorter amount of time. During the changes, however, there is a possibility that certain users would overstep their boundaries or acquire privileges that are outside their scope. Another problem is that other users may take advantage of the possibility to change or modify the information of other users.
References
Donegan, K., and Donegan, K. (2019). Authentication Factors You Should Be Aware Of TechTarget. It may be found at: https://searchsecurity.techtarget.com/feature/5–common–authentication–factors–to–know
Mudarri, T., Al-Rabeei, S., and Abdo, S. Mudarri, T., Al-Rabeei, S., and Abdo, S. (2015). Access Control Models are a fundamental part of information security. A new journal, International Journal of Interdisciplinarity in Theory and Practice, has been launched. https://www.researchgate.net/publication/282219117 SECURITY FUNDAMENTALS ACCESS CONTROL MODELS
Stackpole, B., and Stackpole, B. (2000). Data Security Management: Authentication Services Provided by a Centralized System (RADIUS, TACACS, DIAMETER). Originally published by Auerbach Publications. Retrieved from http://www.ittoday.info/AIMS/DSM/83-10-32.pdf

Published by
Essays
View all posts