资源描述:
《CISSP 笔记 Access Control》由会员上传分享,免费在线阅读,更多相关内容在行业资料-天天文库。
1、AccessControlsOverviewAccesscontrolsaresecurityfeaturesthatcontrolhow usersandsystems communicateandinteractwithother systemsandresources.Accesscontrolisa broadterm thatcoversseveraldifferenttypesofmechanismsthatenforceaccesscontrolfeaturesoncomputersystems,networks,andinformationSecurityPrinci
2、plesAICIdentification,Authentication,Authorization,andAccountabilityIdentification describesamethodofensuringthatasubject(user,program,orprocess)istheentityitclaimstobe.Tobeproperly authenticated, thesubjectisusuallyrequiredtoprovideasecondpiecetothecredentialsetLogicalaccesscontrolsaretechnica
3、ltoolsusedforidentification,authentication,authorization,andaccountability.IdentificationandAuthenticationThreegeneralfactorscanbeusedforauthentication: somethingapersonknows,somethingaperson has,andsomethingapersonis. Strongauthentication containstwooutofthesethreemethods:somethingapersonknows
4、,has,oris.Thisisalsoreferredtoastwo-factorauthentication.Creatingorissuingsecureidentitiesshouldinclude threekeyaspects: uniqueness,nondescriptive,andissuanceIdentityManagementIdentitymanagementisabroadandloadedtermthatencompasses theuseofdifferentproductstoidentify,authenticate,andauthorizeuse
5、rsthroughautomatedmeansthetermalsoincludesuseraccountmanagement,accesscontrol,passwordmanagement,singlesign-onfunctionality,managingrightsandpermissionsforuseraccounts,andauditingandmonitoringalloftheseitemsFortheCISSPexam,thefollowingarethetypesoftechnologiesyoushouldbeawareof:•Directories•Web
6、accessmanagement•Passwordmanagement•Legacysinglesign-on•Accountmanagement•Profileupdate·Directories Theobjectswithinthedirectoryaremanagedbyadirectoryservice.The directoryservice allowsanadministratortoconfigureandmanagehowidentification,authentication,authorization,andaccesscontrol takeplacewi
7、thinthenetworkandonindividualsystems. Ina Windowsenvironment,whenyoulogin,youareloggingintoa domaincontroller (DC),whichhasahierarchicaldirectoryinitsdatabase.Thedatabaseisrunningadirectoryservice(ActiveDirectory),whichorganizesth
