...Network Access Control, no matter what architecture you select, you definitely want to start by building a small interoperability lab. In this white paper, we’ll give you some advice on what to think about before you get started, and outline what resources you’ll need to have in place in order to begin testing. Any NAC deployment must start by answering three critical questions: 1) What is my access control policy? 2) What are the access methods (such as LAN, wireless, or VPN) I want to protect? 3) How will this integrate with my existing infrastructure? Once you answer these questions, you can begin to gather test lab resources, such as servers (for policy definition points), laptops or desktops (for network access requestors), and switches, access points, and VPN servers (for policy enforcement points). Getting Started with Network Access Control What is my access control policy? NAC is a generic concept that deals with defining access controls based on user authentication, end-point security assessment, and network environmental information. That’s too big for most network managers to bite off in a single chunk, so many NAC deployments hone in on a subset of these goals and expand over time. You’d be wise to do the same---trying to do too much too early in the lifecycle of this emerging group of products will lead to undue frustration and unnecessary complexity. To start, you should define a simple network access control policy. It is important to define your access control...
Words: 1611 - Pages: 7
...Access controls can be applied in various forms, levels of restriction, and at different places within a computing system. A combination of access controls can provide a system with layered defense-in-depth protection. Instructions: For the scenarios that follow, identify the data that would need to be protected. Recommend how you would implement one or more of the access controls (listed after the scenarios) for the given scenario and justify your recommendation. Scenarios: 1. Shovels and Shingles is a small construction company consisting of 12 computers that have Internet access. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet access. All employees communicate using smartphones. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate using smartphones and e-mail. Many employees work from home and travel extensively. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and e-mail. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers with Internet access and 250,000 servers. All employees must have security clearances, and they communicate mainly using BlackBerry devices and e-mail. Access Controls * Administrative controls: Policies approved by management and passed down to staff...
Words: 304 - Pages: 2
...an access control system for entry into a dormitory. This will include analysis and design, which involves the creation of various design documents. Following this, the system will be developed. In this stage, any development requirements will be completed. This may involve the development of a database system or modification of a commercial off the shelf system. During the integration phase, the physical installation of the system will occur. This is followed by testing. Once testing has been completed, the major project scope ends and the project enters into a maintenance phase. Major Tasks There will be five major tasks in this project, including: 1. Analysis and Design a. Design Documentation i. With this task, documentation is written up to describe the work that needs to be completed. This documentation is reviewed by all stake holders to ensure that the requirements are have been accurately conveyed and understood. b. Design Models i. With this task, flow charts and/or use case are created to describe the functionality. These documents are of particular importance to members of the project team, as they provide a model for the actual system 2. Development a. Database i. Depending on the results of the analysis and design task, either a custom or a commercial off the shelf system will be used. This system will require development or customizations to meet specific needs. b. Interface i. An interface is required to view access records...
Words: 479 - Pages: 2
...Running head: Dormitory Access Control Case Study: Dormitory Access Control Elizabeth Koch CIS 210 Dr Lopez Abstract As a member of the Information Security team at a small college, you have been made the project manager to install an access control system (ACS) in a dormitory. The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system. The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door. Create a 3-4 page project plan for this project in which you: Project Scope Statement The Information Security team at Small University has been given the project to install an access control system (ACS) from Dynamics Security in a dormitory. The ACS will automatically unlock the doors via an electronic proximity reader and integrate with an existing security camera system. The existing cameras are designed to face and rotate to record a person as they use their identification card to unlock the doors. For this reason, the system will be designed in a way that the user will have three chances to unlock the door, if the user fails to unlock the door on the third attempt, then the alarm will go off. The ACS will also be designed to allow the security administrator to make changed for the ACS operations. These changes will be the camera positions, setting the alarm time, and setting the time the dormitory doors will lock. ...
Words: 755 - Pages: 4
...ACCESS CONTROL SYSTEM BY name SYSTEM ANALYSIS AND DESIGN – CIS210 Professor Ntinglet-Davis, Ed. D. Case Study 1 30 October, 2012 The purpose of this paper is to discuss installing an access control system (ACS) in a dormitory. The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system. The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door. Project Title: Install Access Control System in Hall of TC CARRINGTON dormitory Project Justification: To increase the security and integrity of dormitory access at Southern Maryland Community College, one dormitory has been set up as a test site for the newly access control system (ACS). According to Germain (2011), an “access control system allows you to monitor when people enter and exit access control systems help to keep unauthorized people out, while providing flawless access to those who are authorized to be there” (para. 1). Project Scope: Install entry access system to dormitory using current security system. Project Deliverables: Scope Statement: The purpose of this project is to install an ACS in the Hall of TC CARRINGTON dormitory on the campus of Southern Maryland Community College located at 1010 Anywhere Ln, Waldorf MD, 20000. The ACS will automatically unlock the dormitory doors via an electronic proximity reader. The electronic proximity readers...
Words: 523 - Pages: 3
...In computer security, access control includes authentication, authorization and accountability. In access control models, the human users or software which execute actions are defined as subjects; while the resources or whatever which are intended to be protected from illegal access are designated objects. Authentication is the process of verifying the credential provider claiming who he or she is. Before a subject open an account in online retailers or financial service firms, there is an initial step knew as identity proofing. That is, the subject must provide enough information to assert who you are. Right now there are three kinds of identity proofing , from simple to complex but with security assurance ascending. They are showed as follow: 1. Classic knowledge-based authentication (KBA), such as simple questions of “what is your favorite fruit”, which is easy to guess and the same to fraud. 2. Dynamic KBA. Instead of raise up questions predefined by the subject, the system generates questions on the fly based on the information in a subject’s personal aggregated data file from public records. To initiate the dynamic KBA, basic identification factors, such as name, address and date of birth must be provided by the subject. 3. Out-of-band proofing, which verify identity through other means such as SMS or a phone call rather than web channel. The credential used to identify the subject includes: 1. Something the subject knows, such as Personal Information Number (PIN) ...
Words: 524 - Pages: 3
...Remote access control policy definition Richman Investments firm Remote access control policy The following is the firm remote access control policy. The policy will be listing the appropriate access controls for systems, applications and data access. We will be providing a description on each type of access. It is our mission to preserve and protect the Confidentiality, Availability and Integrity of our Firms Information System. 1. Systems Access Control. A. Users are required to use a user ID with password and smart card for accessibility. B. Remote Users are required to use a user ID with password and software token for accessibility. C. All users most change user password every 30 days. D. Users will only have access to their branch office. E. User’s logins will be recorded. F. Only authorized users will be allowed access to their respected system. G. Management users will have access to their own branch office and also to Head Quarters office. H. Desk top, mobile and wireless devices most be loaded with up to date firm ware, OS software and patches. 2. Application Access Control. A. Users will be assigned rights to use individual application. B. Users will have to use first and second layer of authentication to gain access to their application. C. Users will be recorded using application. D. IT Administration is responsible for running monthly application test. E. Applications will be tested for security...
Words: 383 - Pages: 2
...In scenario one, I would think that one of the most important would be software controls so that you know what your employees of such a small business are doing. You would want to make sure that they are being productive and not taking out any of your customers’ sensitive information. Most likely you would store your vendor’s information, purchase orders, and customer’s information. This might include account numbers, or contact information that you wouldn’t want just anyone to get a hold of. Therefore you wouldn’t want to allow anyone to cause you to lose this information by causing your network to get a virus. Even more simpler than that would be due to the fact you are as small as you are, you most likely don’t have a administrator present all the time, and would have to contract out someone to come fix the network if some sort of attack was caused by loading unapproved software onto the system. In scenario two, I believe that you would have similar needs of above, but also would want to have some more in depth administrative controls on the smartphone side of business. You wouldn’t want someone to have something unprofessional on the voice mail of the phone, or even downloading applications that would allow the company to lose money in wages from employees not utilizing the resources that are given properly. In scenario three, you would want emphasize on the physical end of the security. I believe this because with 120,000 computers and 45,000 servers, you have...
Words: 487 - Pages: 2
... Access Control Policy Student Name: Christopher Waller University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Romel Llarena Date: May 13, 2012 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems 1 Authentication Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on. Authentication credentials really help control access to sensitive data or systems by making it literally to get unauthorized access to them. Passwords and usernames are a good way to start because if you use those rights then these are hard to bypass, but multifactor authentication is a more efficient way for secure access. Triple authentication requires something you have, something you know, and something you are such as a keycard, password and a fingerprint. 2 Access control strategy 1 Discretionary access control Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion to dictate access to that information...
Words: 526 - Pages: 3
...Overview of the Project Building an Access Control System in a dormitory of small college Purpose of the Project The ACS will automatically unlock the dormitory doors via an electronic proximity reader and integrate with an existing security camera system. The cameras are designed to face and rotate to record a person as they use their identification card to unlock the door. Work Includes A. Furnish and install all equipment and materials in accordance with these specifications and drawings to provide a complete and operating Door Access Control System. B. The scope of work for the Access Control and Security System shall include to providing the following: 1. Local control panels within the SER. 2. Card readers. 3. Magnetic door locks. 4. Exit push button. 5. PTZ camera. C. The scope of work for the software shall include to providing the following: 1. Install Software in the computer within the SER (computer, printer provide by owner) 2. Train the owner or who represent the company of how to use the software and add identification card to the system. Project process * The typical access control system consists of a control panel, PC, Software card/ pin reader, electromagnetic lock or door strike, power supply system and a push button. * The valid and authorized card user must present the card to the security system. * Upon verification by the reader, the locking system will be reenergized and the door can be pushed open. * To exit the...
Words: 512 - Pages: 3
...Abstract Access control systems were examined to determine if a network based system would be more reliable and beneficial. Two major systems were determined to be very beneficial to the company. In contrast, the systems would consume a great deal of resources in order to be put into full working order at all sites worldwide. Together these findings suggest that using a network based system can ultimately serve the company better and create a more secure environment for the research and the employees. Keywords: Access control, CCURE, Locknetics, security, networking Network Based Access Control Systems: What Are They? Personal and confidential information can easily be accessed at sites if the access to the specific areas is not updated quickly enough. To secure and protect this data, technology must adapt to mitigate the threats and risks. Applications and services are becoming mobile across multiple resources, sometimes in a dynamically allocated way, necessitating the migration of sensitive and private data. I propose a network based access control system to address the inadequacies of current technological solutions in preserving the confidentiality and privacy of data, along with the safety and security of the site. More specifically, I describe a solution for securing all Bristol-Myers Squibb sites throughout the world. Access control systems have become a basic way of life for many businesses, especially large businesses. There are many different variations...
Words: 2919 - Pages: 12
...ACCESS CONTROL MODELS An access control model is a framework that dictates how subjects access objects. There are three main types of access control model mandatory access control, discretionary access control and role-based access control. Discretionary (DAC) The creator of a file is the ‘owner’ and can grant ownership to others. Access control is at the discretion of the owner. Most common implementation is through access control lists. Discretionary access control is required for the Orange Book “C” Level. Mandatory (MAC) Much more structured. Is based on security labels and classifications. Access decisions are based on clearance level of the data and clearance level of the user, and, classification of the object. Rules are made by management, configured by the administrators and enforced by the operating system. Mandatory access control is required for the Orange Book “B” Level. Role-Based (RBAC) Continually administered set of controls by role within organization. Access rights assigned to roles – not directly to users. Roles are tighter controlled than groups - a user can only have one role. Can use different types of RBAC Role-based Role within organization. Task-based Specific task assigned to the user. Lattice-based Upper and Lower bounds Access Control Techniques and Technologies Once a company decides on the access control model to use, the technologies and techniques to implement that model need to be determined Role-based Can be used with...
Words: 1719 - Pages: 7
...BIOMETRIC ACCESS CONTROL Access control is the method used to control access to your Computer System, and the method used to control access to files held on your computer system. For the moment we are just going to look at controlling access to the computer itself rather than individual files. Traditional access control is software based and follows a standard procedure of identification and authentication. Users must first declare who they are, and then attempt to prove who they are who they say they are. This is generally part of a long on procedure that involves a user name and password. Traditional access control is software based and follows a standard procedure of identification and authentication. Users must first declare who they are, and then attempt to prove who they are who they say they are. This is generally part of a long on procedure that involves a user name and password. Traditional access control is software based and follows a standard procedure of identification and authentication. Users must first declare who they are, and then attempt to prove who they are who they say they are. This is generally part of a long on procedure that involves a user name and password. Traditional access control is software based and follows a standard procedure of identification and authentication. Users must first declare who they are, and then attempt to prove who they are who they say they are. This is generally part of a long on procedure that involves a user name and...
Words: 365 - Pages: 2
...required for this single point of entry. There were security cameras outside of the building. There was a dumpster outside that was not secured, which could allow anyone access to sensitive information. Locking the dumpster or placing it in a secured location would mitigate this risk. The receptionist did not ask me to verify my identity. The receptionist should be required to verify the identity of everyone entering building to prevent a person from entering the building that isn’t authorized. There was a security room with security personnel viewing the monitors. Office 1-1 had a post it note taped to computer monitor with names that could be passwords. Increased password security should be implemented to reduce the risk of someone hacking into a system. Both office 1-1 and 1-2 had fingerprint scanners, which increases access control. In office 1-2 there was an unattended paper shredder, which should be secured due to sensitive information. In the hallway there was a security camera and a utility box but the wire cabinet was not locked. As such, anyone can access the hardware inside. A lock should be installed to prevent unauthorized access to the hardware. Also in the hallway there was an Ethernet jack which allowed access to the internet. Controls should be put in place to require security access to logon to the network. Floor 2 Cubicle 2-1 had a pre-approved offsite equipment request posted This should be secured to prevent an unauthorized person from stealing...
Words: 720 - Pages: 3
...F Access Control Policy Student Name: Charles Williams University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Tarik Lles Date: December 4, 2011 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems Access control is used to restrict operations, which authorized users can perform. Access control does exactly what it says, it controls what access an authorized user can have. A reference monitor is used for access control and follows instructions from an authorization database. These authorizations are controlled and administered by a security administrator who sets the access controls based on the companies’ security policies, which are defined by the organization. The decision of which access controls to use would be based on the organizational policy and two accepted standards of practice, which includes separation of duties and least privilege (Kurzban, 2011). 1 Authentication Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on. Today, when using a computer system, a number of computer services are provided to many users simultaneously, so it is important to ensure that authorized users will be granted access to the...
Words: 1663 - Pages: 7