Access Control System
2016-05-15 19:31:57 0 举报AI智能生成
访问控制系统(Access Control System,简称ACS)是一种广泛应用于各种设施和环境的安全管理系统。它通过识别、验证和授权用户或设备来控制对特定区域的访问。ACS的主要目的是确保只有经过授权的人员才能进入受保护的区域,从而防止未经授权的访问、盗窃、破坏和其他安全威胁。ACS通常包括门禁卡、密码键盘、生物识别读卡器(如指纹识别、面部识别等)、RFID卡和无线传感器等多种访问控制设备。此外,许多现代ACS还具有集成的监控和报警功能,可以实时监控访问活动并在发生异常情况时发出警报。总之,访问控制系统是一种有效的安全管理工具,可以帮助企业、学校、医院等机构提高安全性和降低风险。
作者其他创作
大纲/内容
Foundation and Steps
Identification
definition
who are you
a entity professing an identity to the system
credential
username
PIN
personal identification number
smart card
digital signature
account number
anatomical attribute
biometrics
performance
Type I error
false reject rate
Type II error
false accept rate
Crossover error rate
the point of type I error=type II error
measure of determining the system accuracy
types
fingerprint
iris scan
voice print
facial scan
hand topology
signature dynamics
negative matching
one-to-many matching
generally used for identification only in a physical security access control role.
Authentication
three factor types based
something you know
something you have
something you are
strong authentication
two
out of three types
a two-step process
public information
private information
Passwords
password management
password checkers
password weakness
password generator
password aging
limit login attempt
cognitive passwords
fact
opinion-based information
one-time passwords
dynamic password
token device
synchronous
time or event-driven
asynchronous
challenge-response
Cryptographic Keys
private key
digital signature
passphrase
longer than password
virtual password
PGP
memory card
just hold information
not process information
smart card
micro-processor
ic
biometrics
positive matching
one-to-one matching
something you are
authentication protocols
SSO
Scripting
Kerberos
characters
symmetric key cryptography
end-to-end security
distributed environments
main components
KDC
AS
TGS
ticket
TGT
ticket granting ticket
SGT
service granting ticket
principal
realm
set of components and principals
authentication process
client->AS
authenticate client to AS
AS->client
TGT
client->TGS
SGT
client->Server
weakness
a single point of failure
KDC
password guessing
session key and secret key
temporarily stored in user's workstation
SESAME
secure European system of multivendor environment
distribution of secret key
public key cryptography
password guessing
improvement for Kerberos
Thin Client
diskless computer
CryptoKnight
authentication,SSO,key distribution
RADIUS
remote access
TACACS
remote access
CHAP
channel handshake authentication protocol
encryption of communication
no password eavesdroppers
PAP
password authentication protocol
Authorization
definition
allow sb to carry out the actions requested
access criteria
role
job assignment or function
group
physical or logical location
ip address
time of day
transaction type
default to no access
Accountability
monitoring
policy
inform all employees
IDS
Categories
Knowledge-vs Behavior-based IDS
knowledge-based IDS
Behavior-based IDS
Network- vs Host-based IDS
differences
Components
sensor
central monitoring software
analysis of event reports
database components
response box
Sensor
placement
critical
Honeypot
entice
entrap
illegal
Sniffing
auditing
log files
auditing documents
review
auto
variance-detection
attack signature-detection
audit reduction
manual
protection
items and actions
system-level events
application-level events
user-level events
keystroke
capture every keystroke
Access Control
Models
DAC
the Owner of Object
make decision
MAC
Administrator
security label
clearance of subjects
classification of objects
use in military institution
Non-DAC
RBAC
best for company
role
group
Techniques and Technologies
role-based
rule-based
a type of MAC
restricted interface
menus and shells
database views
physically constrained interfaces
access control matrix
attribute of DAC model
capability table
ACLs
capability table
bound to subject
ACL
bound to object
contend-based access
Implementation
Centralized administration
RADIUS
TACACS
CHAP
PAP
Decentralized and distributed access administration
Security Domain
definition
objects a subject can access
Hybrid
Categories
administrative
policy and procedure
senior management
top-down
personnel controls
separation of duties
job rotation
least privileges
need to know
hiring practices
supervisory structure
security awareness training
testing
up-to-date
conform to policy
assurance
physical
network segregation
perimeter security
fences
guard
dogs
computer control
work area separation
data backup
access to physical media
calling
logical/technical
system access
network architecture
network access
encryption and protocols
control zone
auditing
log files
auditing documents
review
protection
items and actions
system-level events
application-level events
user-level events
Functionality
preventive
detective
corrective
deterrent
recovery
compensation
control combos
preventive/administrative
policy and procedures
effective hiring practices
pre-employment background checks
data classification and label
security awareness
control termination processes
preventive/technical
password,biometrics,smart card
encryption,protocols
database views
constrained user interface
anti-virus,firewall,IDS
preventive/physical
biometrics
guards,dog,CCTV
fences,locks,man-trap
detective/administrative
detective/technical
detective/physical
Relational Database security
entity Integrity and referential integrity
view
least privilege
need to know
inference attack
Attacks
brute force
wardialing
dictionary
spooling
denial of services
Goals
Foundation and steps
Identification
Authentication
Authorization
Accountability
monitoring
auditing
Access Control
Models
DAC
MAC
Non-DAC
Administration
Centralized administration
Decentralized and distributed access administration
Hybrid
Categories
administrative
physical
logical/technical
Functionality
preventive
detective
corrective
deterrent
recovery
compensation
Techniques and Technologies
role-based
rule-based
restricted interface
access control matrix
capability table
ACL
contend-based access
Attacks
C.I.A Triad
Confidentiality
Integrity
Availability
terms
least privileges
two-man control
two operators review and approve the work of each other
dual control
two and more operators are need to complete a sensitive task
separation of duties
need to know
The necessity for access to, knowledge of, or possession of specific
information that is required to carry out official duties.
separation of duties
no one can complete the whole task
job rotation
mandatory vacation
several people
do the same job
confidentiality
integrity
availability
accountability
system's ability
authentication
authorization
identification
subject
object
access
information flow
between
subject and object
clipping level
threshold
enticement
entrapment
illegal
call-back
call forwarding
back door
trap door
maintenance hook
bypass the security control mechanisms
Type I error
False Reject
false positive
incorrectly find a positive result
none really exist
宁可错杀一千不可放走一个
蒋介石
Type II error
False Accept
false negative
incorrectly report a result not found
it is really present
node authentication
node address
0 条评论
下一页
