...Unit 3: Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective Explain the role of access controls in implementing security policy. Key Concepts The authorization policies applying access control to systems, application, and data The role of identification in granting access to information systems The role of authentication in granting access to information systems The authentication factor types and the need for two- or three-factor authentication The pros and cons of the formal models used for access controls Reading Kim and Solomon, Chapter 5: Access Controls. Keywords Use the following keywords to search for additional materials to support your work: Biometrics Content Dependent Access Control Decentralized Access Control Discretionary Access Control Kerberos Mandatory Access Control Remote Authentication Dial In User Service (Radius) Role-Based Access Control Security Controls Secure European System for Applications in a Multi-Vendor Environment (SESAME) Single Sign-on Terminal Access Controller Access-Control System (TACACS) ------------------------------------------------- Week 3 Discussion * Access Control Models * Unit 3 Access Control Models (lT255.U3.TS2) Lab * Enable Windows Active Directory and User Access Controls Assignment * Remote Access Control...
Words: 542 - Pages: 3
...VPN access control model for a large scale company. * This policy will support remote access control for systems, applications, and data access. Remote access Defined Remote access for employees is deployed by using remote access VPN connections across the Internet based on the settings configured for the VPN Server, and the following additional settings. The following diagram shows the VPN server that provides remote access VPN connections. Domain/Network Config: For each employee that is allowed VPN access: * The network access permission on the dial-in properties of the user account is set to Control access through NPS Network Policy. * The user account is added to the VPN_Users group in Active Directory. To define the authentication and encryption settings for remote access VPN clients, the following remote access network policy is created in Network Policy Server (NPS): * Policy name: Remote Access VPN Clients * Conditions: * NAS Port Type is set to Virtual (VPN) * Windows Groups is set to VPN_Users * Calling Station ID is set to 207.209.68.1 * Permission is set to Grant access. NPS policy settings: * On the Constraints tab, under Authentication Methods, for EAP Types select Microsoft: Smart Card or other certificate. Also enable Microsoft Encrypted Authentication version 2 (MS-CHAP v2). * Or SSTP, L2tp/IPsec, PPTP, IKEv2 Access control model/ policy: This model would support Role based access controls and allow mandatory access control to be...
Words: 339 - Pages: 2
...NT2580 Unit 3 Assignment & Lab Unit 3. Assignment 1 - Remote Access Control Policy Definition There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentication. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be...
Words: 477 - Pages: 2
...Week 3 Course Lesson Plan IT2580 Introduction to Information Systems Security—Unit 3 Mr. Phillip Parrinelli pparrinelli@itt-tech.edu 619-327-1800 Unit 3: Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective Explain the role of access controls in implementing security policy. Key Concepts The authorization policies applying access control to systems, application, and data The role of identification in granting access to information systems The role of authentication in granting access to information systems The authentication factor types and the need for two- or three-factor authentication The pros and cons of the formal models used for access controls Reading Kim and Solomon, Chapter 5: Access Controls. GROUP ACTIVITY Discuss and complete the following worksheet: ------------------------------------------------- IT2580: Unit 3 Types of Authentication Instructions: In the following table, identify the type of authentication for the given authentication methods. Authentication Method | Authentication Type (Knowledge, Ownership, or Characteristic) | Password | | Smart card | | Fingerprint | | Personal identification number (PIN) | | Token | | Badge | | Signature | | ------------------------------------------------- DISCUSSION ------------------------------------------------- IT2580: Unit 3 Access Controls Discussion: Access controls can be...
Words: 716 - Pages: 3
...Unit 3 Discussion 1: Access Control Models 1. Select an access control model that best prevents unauthorized access for each of the five scenarios given in the worksheet 2. Which types of logical access controls should be used in each scenario? Justify your recommendations. Scenario 1. - Discretionary access controls I s a small company consisting of 12 computers only DAC allows each user to control access to their own data and is typically the default access control mechanism for most desktop operating systems. Scenario 2.-Role-based access control Because RBAC is based on a user's job function within the organization to which the computer system belongs. Scenario 3.-Mandatory access controls Because how big is the company MAC takes a hierarchical approach to controlling access to resources. Under a MAC enforced environment access to all resource objects (such as data files) is controlled by settings defined by the system administrator. As such, all access to resource objects is strictly controlled by the operating system based on system administrator configured settings. Mandatory Access Control the operating system checks the user's classification and categories and compares them to the properties of the object's security label. Scenario 4.- Mandatory access control The design of MAC was defined, and is primarily used by the government. Scenario 5.- Mandatory access control Because all access to resource objects is strictly controlled by the operating...
Words: 452 - Pages: 2
...October 1, 2014 NT2580 Unit 3 Assignment 1 There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentications. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be proof that the person is who they say they are every time they attempt to access a workstation...
Words: 364 - Pages: 2
...October 1, 2014 NT2580 Unit 3 Assignment 1 There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentications. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be proof that the person is who they say they are every time they attempt to access a workstation...
Words: 364 - Pages: 2
...Name: IT 255 Unit 3 Assignment 1: Remote Access Control Policy Definition Remote Access Control Policy I. Technician responsible for: - Remote Access will be controlled. Control will be enforced one time via password authentication. - Richman’s employees shouldn’t provide their login or email password to any one even their family members. - Richman’s employees with remote access privileges must ensure that their workstation or personal computer. Which is remotely connect to Richman’s company network - All hosts that are connecting to Richman internal network via remote access must use the most up to date antivirus software. This includes personal computers. - All confidential and personal information transmitted via a remote access connection must be encrypted prior to transmission or sent through an encrypted tunnel, except for where the remote connection forms a direct part of the Richman network. - Remote access connections must only be used for approved Richman company purposes in a lawful and ethical manner. - All passwords used to access remote access connections must be created and managed in accordance with the Richman password standards policy. - Remote access user must force to change their password at their first logon. - All remote access sessions which are inactive for more than 30 minutes must be automatically ‘locked’ or logged out. - All remote access sessions must be...
Words: 429 - Pages: 2
... Unit 3 Assignment 1 Richmond Corporate Remote Access Policy 1.0 Purpose The purpose of this policy is to define standards for connecting to the Richmond corporate network from any remote host. These standards are designed to minimize the potential exposure to the Corporation from damages which may result from unauthorized use of corporation resources. Damages include the loss of sensitive or confidential data, intellectual property, damage to public image, damage to critical internal systems, etc. 2.0 Scope This policy applies to all Corporation employees, personnel, and affiliates including vendors and agents with a corporation owned or personally-owned computer or workstation used to connect to the Richmond network. This policy applies to remote access connections used to do work on behalf of Richmond or for personal business, including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to, dial-up modems, DSL, and cable modems, etc. 3.0 Policy 3.1 General 1. It is the responsibility of Richmond employees, personnel, or affiliates with remote access privileges to the corporation network to ensure that their remote access connection is given the same consideration as the user's on-site connection. 2. Please review the various computing policies located on http://security.richmondcc.edu including the following 1. Richmond Information Security Policy 2. Richmond...
Words: 956 - Pages: 4
...Ken Schmid Unit 3 Assignment 1 Remote Access Control Policy for Richman Investments Authorization- Richman Investments must define rules as to who has access to which computer and network resources. My suggestion is that RI implements either a group membership policy or an authority-level policy to achieve this. Group policy would allow the administrator to assign different privileges to different groups. The admin would then assign different individual users to those different groups. So the users permissions would depend on the permissions of the group they were a member of. With authority-level policy the admin would assign different permissions to individual users based on their position and authority level within the company and what access that position requires. Identification- Richman Investments needs to assign a unique identifier to each user in order to have accurate records of who is accessing, or trying to access, what applications, which network resource, and what data. The most common ID is the username, account number, or PIN Authentication- In order to keep the remote access to Richman Investments secure, there must be proof that the person trying to gain access to the network remotely is the same person who has been granted access by identification. To do this RI can choose one of the following knowledge type authentications: PIN, password, or passphrase along with one of the following ownership type of authentication: smart card, key, badge...
Words: 312 - Pages: 2
...IS4550 Security Policies and Implementation INSTRUCTOR GUIDE Course Revision Table Change Date | Updated Section | Change Description | Change Rationale | Implementation Quarter | 12/20/2011 | All | New curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing...
Words: 18421 - Pages: 74
...Table of Contents Chapter 1 Evaluating the Cisco ASA VPN Subsystem .......................................3 Chapter 2 Deploying Cisco ASA IPsec VPN Solutions ............................. 42 Chapter 3 Deploying Cisco ASA AnyConnect Remote-Access SSL VPN Solutions..............................109 Chapter 4 Deploying Clientless RemoteAccess SSL VPN Solutions ................148 Chapter 5 Deploying Advanced Cisco ASA VPN Solutions .............................184 CCNP Security VPN 642-648 Quick Reference Cristian Matei ciscopress.com [2] CCNP Security VPN 642-648 Quick Reference About the Author Cristian Matei, CCIE No. 23684, is a senior security consultant for Datanet Systems, Cisco Gold Partner in Romania. He has designed, implemented, and maintained multiple large enterprise networks, covering the Cisco security, routing, switching, service provider, and wireless portfolios of products. Cristian started this journey back in 2005 with Microsoft technology and finished the MCSE Security and MCSE Messaging tracks. He then joined Datanet Systems, where he quickly obtained his Security and Routing & Switching CCIE, among other certifications and specializations, such as CCNP, CCSP, and CCDP. Cristian has been a Cisco Certified Systems Instructor (CCSI) since 2007, teaching CCNA, CCNP, and CCSP curriculum courses. In 2009, he received a Cisco Trusted Technical Advisor (TTA) award and became certified as a Cisco IronPort Certified Security Professional (CICSP) on E-mail...
Words: 52748 - Pages: 211
...3110 Unit 2 Assignment 1 12/15/2014 PCI DSS and the Seven Domains YieldMore YieldMore has a network needing to configure its current configuration and policy to meet PCI DSS standards which can be found at: https://www.pcisecuritystandards.org/security_standards/documents.php?agreements=pcidss&association=pcidss In order to be in compliance a basic compliance plan has been created to ensure YieldMore and customer data in the reconfiguration will be met. Software and hardware used will be checked to PCI DSS database to ensure compliance. The network plan will be required to meet these minimum requirements before compliance assessment test will be made. *Note: If third party is to host the payment process and procedure. They will be responsible to uphold the PCI DSS standards, they will be held liable if failure to maintain compliance. Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall -In reference to previous network plan U1A1 a firewall will be in place in the LAN/WAN Domain & System/Application Domain to protect internal network from potential external threats. Requirement 2: Do not use defaults, such as default password -In reference to previous network plan U1A1 GPO and AD will be created and upheld for the internal network. GPO will be in place to provide username and password security policy for external network users. (System/Application Domain) Protect Cardholder Data Requirement 3: Protect stored data -Policy will...
Words: 572 - Pages: 3
...RADIUS Consulting Ghana Limited AGENDA 1. SSL VPN Market Overview 2. SSL VPN Use Cases 3. Access Control and AAA 4. End-to-End Security 5. Junos Pulse 6. Secure Meeting 7. Business Continuity with SSL VPN 8. Hardware, Management and High Availability 2 www.radiusconsultingghana.com Copyright © 2010 Juniper Networks, Inc. www.juniper.net BUSINESS CHALLENGE: GRANT ACCESS VS. ENFORCE SECURITY Maximize Productivity with Access... Allow partner access to applications (Extranet portal) Increase employee productivity by providing anytime, anywhere access (Intranet, E-mail, terminal services) …While Enforcing Strict Security Allow access only to necessary applications and resources for certain users Mitigate risks from unmanaged endpoints Customize experience and access for diverse user groups (partners, suppliers, employees) Enable provisional workers (contractors, outsourcing) Enforce consistent security policy Support myriad of devices (smartphones, laptops, kiosks) …And the Solution Must Achieve Positive ROI Minimize initial CAPEX costs Lower ongoing administrative and support OPEX costs 3 www.radiusconsultingghana.com Copyright © 2010 Juniper Networks, Inc. www.juniper.net THE SOLUTION: JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Mobile User – Cafe Secure SSL access to remote users from any device or location Easy access from Web-browsers – no client software to manage Dynamic, granular access control to manage users and resources SA6500...
Words: 3503 - Pages: 15
...NT2580-M1 Introduction to Information Security Unit 1: Information Systems Security Fundamentals 2015-Summer, 6/20/2015, Saturday (9:00am – 1:30pm) Student Name ___________________________________ Lesson Plan Theory (in class, Lab #2)……………………………..…………………..……...2 Reading Kim and Solomon, Chapter 1: Information Systems Security. Objectives……………..………………….……………………………….2 Student Assignments for this Unit Unit 1 Lab Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) Lab #1: Performing Network Reconnaissance using Common Tools Overview and access vLab..............................................................................................3 Part 1: Exploring the Tools used in the Virtual Lab Environment……………16 Unit 1 Assignment Match Risks/Threats to Solutions Part 2: Connecting to a Linux Machine …………………. .........................44 Unit 1 Assignment Impact of a Data Classification Standard Part 3: Using Zenmap to Perform Basic Reconnaissance ……………………59 Appendix A. SYLLABUS………………………………………………..……..………….69 B. Forgot your password?………………………………………………..……..73 Instructor: Yingsang “Louis” HO Tel: 425-241-8080 (cell), (206) 244-3300 (school) Email: yho@itt-tech.edu NT2580_2015_Summer_M1_UNIT1.doc Page 1 of 76 Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability...
Words: 3379 - Pages: 14
