Security + Computer System Security

DCOM 258 E31

Name: Shaamim Ahmed
Chapter 10: Access Control Methods & Models
Part # 1

Define the following Key Terms (12 points)

Part A: Define the following terms (25 points)

1. Access control models:
Know access control models such as MAC, DAC, and RBAC, plus
methodologies such as implicit deny and job rotation.
Demonstrate the following:
o Ability to create and enforce policies.
o Create a plan of action.
2. Discretionary access control (DAC)
An access control policy generally determined by the owner
3. Mandatory access control (MAC)
An access control policy determined by a computer system, not by a user or
owner, as it is in DAC
o Rule-based access control
o Lattice-based access control
4. Role-based access control (RBAC)
An access model that, like MAC, is controlled by the system, and unlike
DAC, not by the owner of a resource
5. Implicit deny
Denies all traffic to a resource unless the users generating that traffic are
specifically granted access to the resource
6. Least privilege
When users are given only the amount of privileges needed to do their job and
not one iota more
7. Separation of duties (SoD)
When more than one person is required to complete a particular task or
operation
8. Job rotation
When users are cycled through various assignments
9. Access control lists (ACLs)
Lists of permissions attached to an object.
ACLs reside on firewalls, routers, and on computers.
10. Least privilege as it applies to permissions
Conduct user permission reviews to ensure that long-term users are getting the proper
permissions to data. Privilege creep is when, over time, additional permissions are
given to a particular user because that user needs to access certain files on a
temporary basis. Mandatory vacations are enforced on many personnel to ensure that
there is no kind of fraud or other illegitimate activity going on.
11. Permission inheritance and propagation

Security + Computer System Security

DCOM 258 E31
If you create a folder, the default action it takes is to inherit permissions from the
parent folder, which ultimately come from the root folder. So any permissions set in
the parent are inherited by the subfolder. To view an example of this, locate any folder
within an NTFS volume (besides the root folder), right-click it, and select Properties,
access the Security tab, and click the Advanced button.

Part B: Short answer Questions (8 points)

1. List six NTFS Permissions.
I.
Full control
II.
Modify
III.
Read and execute
IV. List folder contents
V. Read
VI.
Write
2. What is the Username naming convention?
Username naming convention
3. List the 5 Complexity requirements for a good password.
I.
Contain uppercase letters
II.
Contain lowercase letters
III.
Contain numbers
IV. Contain special characters (symbols)
V. Should be 8-10 characters or more. Some organizations that have extremely
sensitive data require 15 characters as a minimum.