CISSP Exam Note (Domain 1: Access Control) – Centralized & Decentralized, etc…

November 23, 2009 · Posted in Information Security, Information Systems 

Access Control – Centralized and Decentralized

Centralized Access Control – is a facility in which all the core functions for access such as Authentication, Authorization, and Accountability (AAA) are performed from a centralized location.

  • RADIUS – Remote Access Dial-In User Service (incorporates an AS and dynamic password)
  • TACACS – Terminal Access Controller Access Control System (for network applications, static pwd)
  • TACACS+ – Terminal Access Controller Access Control System Plus, supports token authentication

CHAP – Challenge Handshake Authentication Protocol

  • Supports encryption, protects password

Decentralized Access Control – generally require medium to large workgroups of individuals and carry higher administrative overhead accordingly. In a decentralized environment, maintaining a homogeny of equipment and services scales in increasing difficulty with proportion to the number of access control points. Changes effected on individual systems are spread locally, instead of having the wide-reaching consequences and effects of a singular centralized system.

Planning to take the CISSP Exam?

Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00.

Click the Add To Cart Button to Purchase

Click the Add To Cart Button to Purchase

Plus you will also get copies of notes from other CISSPs.

Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM.

CLICK BELOW TO MAKE YOUR PURCHASE NOW.

All Purchases are securely processed through Paypal.

IMPORTANT NOTICE:

I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECIEVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

Relational Database Security

  • Relational Database Support queries
  • Object Oriented databases do not support queries

Relational Database

  • Data structure called tables (relations)
  • Integrity rules on allowable values
  • Operators on the data in tables

Persistency – preservation of integrity through the use of non-volatile storage media

Schema

  • Description of the database
  • Defined by Data Description Layer (DDL)

Database Management System (DBMS)

  • Provides access to the database
  • Allows restriction of access

Relational Database

  • Relation (table) is the basis of a relational database – relation is represented by a table
  • Rows – Records (tuples)
  • Column – attributes

Primary Key

  • Unambigously identifies a record, points to a record (tuple)
  • Every row (record, tuple) must contain the primary key of the relation (table)

Cardinality – number of rows in a relationship (table)

Degree – number of columns in a relationship table

Candidate Key – any identifies that is unique to the record

Foreign Key – any value that matches the primary key of another relation (table)

Relational Database – best suited for text

Relational Database Operations

  • Select – based on criteria i.e. all items with value > $300.00
  • Join – join tables based on a common value
  • Union – forms a new relation (table) from two other relations
  • View – (virtual table) uses join, project, select – views can be used to restrict access (least privileges)
  • Query plan
    • Comprised of implementation procedures, lowest ost plan based on “cost”
    • Costs are CPU time, Disk Access
    • Bind – used to create plan

Data Normalization

  • Ensures that attributes in a table rely only on the primary key
  • Eliminates repeating groups
  • Eliminates redundant data
  • Eliminates attributes not dependent on the primary key

SQL – Structured Query Language

  • Select
  • Update
  • Delete
  • Insert
  • Grant – Access Privileges
  • Revoke – Access Privileges

Object Oriented Databases – OODB

  • Best suited for multi-media, graphics
  • Steep learning curve
  • High overhead

Intrusion Detection

  • Network based
  • Real time
  • Passive

Host Based

  • system and event logs
  • Limited by log capabilities

Signature Based – Knowledge Based

  • Signatures of an attack are stored and referenced
  • Failure to recognize slow attacks
  • Must have signature stored to identify

Statistical Anomaly Based (Behavior Based)

  • IDS determines “normal” usage profile using statistical samples
  • Detects anomaly from the normal profile

Access Control Issues

  • Confidentiality
  • Integrity
  • Availability
  • Accountability of users

Measures for compensating for both internal and external access violations

  • Backups
  • RAID – Redundant Array of Inexpensive Disks
  • Fault Tolerance
  • Business Continuity Planning
  • Insurance
Bookmark and Share

Business & Tech News Update

Ex-Googler Lee Backs China Companies to Foster Startup Culture

Founded by Kai-Fu Lee, former head of Google's China division, business incubator Innovation Works is funding 12 startups amid strong demand for Web technology

3Par's Venture Backers Win Big By Holding Shares

Menlo Ventures and the other early venture investors in 3Par reaped a $560 million windfall amid the HP-Dell bidding war

Intel Wants to Be Inside Everything

Intel is counting on its Atom embedded processors to help break its dependence on the slowing PC market

Tags: , , , , , , , , , ,

Comments

Leave a Reply




  • Your Shopping Cart

    Your cart is empty

  • Calendar

    November 2009
    M T W T F S S
    « Oct   Dec »
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

  • RSS e-Business News from eCommerceTimes

    • Building a Cloud Businesses Will Actually Want to Use
      We've assembled a panel to examine the business impact of cloud computing, to explore practical implementations of cloud models, and to move beyond the hype and into gaining business paybacks from successful cloud adoption. Coming to you from The Open Group Conference in Boston, the panel tackles such issues as what stands in the way of cloud use, safe […]
    • HP's Wallet-Busting Win
      The insane tug-of-war between Dell and HP for enterprise storage company 3Par has finally drawn to a close. We have a winner, if you want to call it that -- the final sale price is more than double the figure Dell initially put forward when it announced its intentions to buy 3Par a couple weeks ago, so who knows how much of that is real value and how much is […]
    • Making Change Happen Every Day: Q&A With GSA's David McClure
      The U.S. government spends $80 billion annually on information technology. The U.S. General Services Administration is directly involved in nearly 25 percent of federal IT procurement activities through its Schedule 70 acquisition program, including nearly $9 billion directly for information technology investments. GSA has emerged as a leader in guiding fede […]
    • Marketers, Let's Get Personal
      On Aug. 13, IBM and Unica Corporation announced they had entered into a definitive agreement for IBM to acquire Unica, a leading provider of marketing software solutions that focuses on streamlining marketing program development, execution and management to achieve improved marketing effectiveness. […]
    • 3Par Sale Frenzy Ends With HP the Presumed Winner
      HP has won the bidding war it waged with Dell for data-storage company 3Par, whose shares were trading at $9.65 when Dell first tried to acquire it in mid-August. Dell decided not to match HP's $2.4 billion ($33 per share) offer, which topped Dell's bid of $32 per share. Dell first tried to acquire 3Par with an $18 per share offer on August 16, whi […]
    • In iTunes, All App Reviews Are Not Created Equal
      I like walled gardens. They are safe and, for the most part, keep out the predators. However, when one sneaks over the wall, the results can be ugly, to say the least. With the iTunes App Store, one of the key supposed advantages for end-users is that it is a walled garden, and Apple is providing a safe, secure environment you can trust in. […]
    • Do E-Readers Spell the End of Print Media?
      Recently, library chief Helen Josephine of Stanford University's Engineering Library said that the students' search through volumes of books to get to a formula that they want is basically at an end because "with books being digitized and available through full text search capabilities, they can find that formula quite easily." […]
    • Intel, Infineon and the Winds of Change
      Intel has focused solely on the computer business for so long, we forget it can pursue other avenues of growth as well. Tomorrow, all our devices will be connected and talk to each other and share information. In that new world, Intel has been looking around for another business to acquire to help expand its reach, and it chose Infineon. […]
    • How to Build a Better Business Blog
      About the easiest way for companies to dip their toes into the social media waters is the blog. There are few technical burdens to setting them up, the time needed to create posts can flex with the workloads of the assigned writers, and they can become a conduit for customer conversations through the comments section. So every business is leaping eagerly int […]
    • Sony's New Touchscreen Readers Unlikely to Shake Up Market
      Sony has updated its e-reader family of devices: the Reader Pocket, Reader Touch and Reader Daily. The new Readers offer touchscreen functionality based on infrared sensors that read taps made by a finger or a stylus. They are smaller and lighter, and have redesigned user interfaces. […]

  • RSS From the National Vulnerability Database

    • An error has occurred; the feed is probably down. Try again later.
Get Adobe Flash playerPlugin by wpburn.com wordpress themes
My Highlights powered by RoohIt (for WordPress)