Presentation Content

Access Control Logical Access Control Logical Access Control Component Logical Access Control Examples.

Physical Access Control

Purpose of Physical Access Control Measure of Physical Access Control Biometrics Cross Error Rate/ Equal Error Rate

Access Control

Access is the flow of information between subject and object.

Subject: User, Program, Process or Device.

Object: Computer, Computer program, Database File.

Access Control are collection of mechanisms that work

together to protect the information assets and resources of

an organization from an unauthorized access.

Cont..

Access Control enable management to: Specify which users can access the information and uses the resources of an organization.

Specify what resources they can use. Specify what operations they can perform. Provide individual accountability.

Administrative Control

Access Control Physical Control Logical Control

Logical access control are the tools used to allow or restricts subject access to objects on the basis:

Identification Authentication Authorization Accountability

Identification A user
accessing a computer system would present credentials or identification, such as a username, user ID.

Authentication Checking the users credentials to be sure that they are authentic and not fabricated, usually using a password, pin, biometric etc.

Authorization Granting permission to take the action on certain services or applications in order to perform their duties.

Accountability

Audit logs and monitoring to track subject activities with objects

System Access

Auditing

Network Architecture

Logical Access Control component

Encryption and Protocols

Network Access

Type of Control

Preventive Detective

Corrective

Recovery

Compensative

ACLs Routers Encryption Audit Logs

IDS Antivirus Software Server images Smart cards Dial up-Call back Data backup

PHYSICAL ACCESS CONTROL

Physical access control is a matter of :- WHO - WHERE &

- WHEN

Historically this was partially accomplished through keys and locks. In some cases, physical access control systems are integrated with electronic ones

PURPOSE OF PHYSICAL ACCESS CONTROLS

These entail controlling individual access into the: facility and different departments removing unnecessary CD-ROM drives, protecting the perimeter of the facility, monitoring for the intrusion environmental controls.

MEASURES TO ACHIEVE PHYSICAL ACCESS CONTROLS

Physical access controls can be achieved by the following
means:

Humans (Guards etc) Mechanical means (Lock and Keys) Electronic access control Biometrics CCTV

BIOMETRICS
It is broken into two categories:
1. 2.

Physiological Behaviorial

Two types of biometric errors:

1. 2.

Type 1 errors (False Rejection Rate) Type 2 errors (False Acceptance Rate)

CROSS ERROR RATE/EQUAL ERROR RATE

This rating is rated as a percentage and represents the point at which the false rejection rate is equal to the false acceptance rate.

This rating is the most important measurement when determining the systems accuracy.