Access Control

Access Control

Type of controls
1. Administrative Control o Management control
  Attachments:
  - Administrative Control o Management control
2. Logical control o Tecnical Control
3. Physical control
4. Operational Control
Classes of controls
1. Preventive
2. Corrective
3. Detective
4. Deterrent
5. Compensating
False Positives/False Negatives
1. False Positives
2. False Negatives
Implicit Deny
Least Privilege
Separation of Duties
Job Rotation
Other Account Practices
1. Onboarding
2. Offboarding
3. Recertification
4. Standard naming convention
5. Account maintenance
6. Location-based policies
Access Control Models
1. Discretionary Access Control
2. Mandatory Access Control
  1. Nivel de autorización (Usuarios o grupos)
    1. Top secret
    2. Secret
    3. Confidential
    4. Restricted
    5. Unclassified
  2. Etiquetas (Fichero)
    1. Confidential
    2. Private
    3. Sensitive
    4. Public
3. Role-Based Access Control (RBAC)
4. Rule-Based Access Control (RBAC)
5. Group-Based Access Control (GBAC)
6. Attribute-Based Access Control (ABAC)
7. User Account Types
  1. User account:
  2. Shared and generic accounts
  3. Guest accounts
  4. Service accounts
  5. Privileged accounts:
8. Using Security Groups
9. Rights and Privileges
  1. Access this computer from the network
  2. Allow log on locally
  3. Back up files and directories
  4. Change the system time
  5. Take ownership of files or other objects
10. NTFS Permissions
  1. Read
  2. Modify
  3. Full Control
11. Linux Permissions
  1. Read (R): 4
  2. Write (W): 2
  3. Execute (X): 1
12. Access Control Lists (ACLs)
  1. Cisco Standard Access Lists
  2. Cisco Extended Access Lists
13. Group Policies
  1. Install software
  2. Configure password policies
  3. Configure auditing
  4. Configure user rights
  5. Restricted groups
  6. Disable services and configure event logs
  7. File system permissions
  8. Software restrictions:
  9. Lock down the system by disabling features
14. Different types of group policies
  1. 1º - Local
  2. 2º - Site:
  3. 3º - Domain
  4. 4º - Organization unit (OU)
15. Database Security
  1. Roles
  2. Permissions
  3. Encryption
  4. Auditing
16. Account Restrictions
  1. Account Expiration
  2. Time-of-Day Restrictions:
  3. Account Lockout:
    1. Account lockout threshold
    2. Account lockout duration
    3. Reset account lockout counter after
  4. Account Disablement:
  5. View Account Details:
17. Account Policy Enforcement
  1. Shared accounts
  2. Credential management
  3. Group policy
  4. Password complexity:
  5. Expiration
  6. Recovery
  7. Disablement
  8. Lockout
  9. Password history
  10. Password reuse
  11. Password length
  12. Generic account prohibition
18. Monitoring Account Access
  1. Group-based privileges
  2. User-assigned privileges
  3. User access reviews
  4. Continuous monitoring

Next up

Description

Resource summary

Similar

	Created by Rafael Jiménez Rey almost 6 years ago