Access Controls

1
Access Controls

• Supervised by Dr.Loai Tawalbeh
• Prepared by Abeer Saif

2
Introduction

• Access Controls The security features that
  control how users and systems communicate and
  interact with one another.
• Access The flow of information between subject
  and object.
• Subject An active entity that requests access
  to an object or the data in an object. Such as a
  user, program, or process that accesses an object
  to accomplish a task.

3
Introduction

• Object A passive entity that contains
  information. Such as a computer, database, file,
  computer program, directory, or field in a table
  in a database, etc.

4
Introduction

• Access controls are extremely important because
  they are one of the first lines of defense used
  to fight against unauthorized access to systems
  and network resources.
• Access controls give organizations the ability to
  control, restrict, monitor, and protect resource
  availability, integrity, and confidentiality.

5
Access Control Administration

• Two Basic forms
• Centralized One entity is responsible for
  overseeing access to all corporate resources.
• Provides a consistent and uniform method of
  controlling access rights.
• Decentralized Gives control of access to the
  people who are closer to the resources.
• Has no methods for consistent control, lacks
  proper consistency.

6
Centralized Decentralized access
7
Access Control methods

• Access controls can be implemented at various
  layers of an organization, network, and
  individual systems.
• Three broad categories
• Administrative
• Physical
• Technical (aka Logical)

8
Access Controls

• ISA 2004
• Internet Security Acceleration Server 2004

9
ISA 2004 overview
10
ISA 2004 overview

• ISA Server 2004 main roles
• Firewall.
• Packet inspection filtering.
• Stateful inspection filtering.
• Application layer inspection filtering.
• VPN server.
• Unified firewall VPN Server.
• Proxy and Caching server.
• Forward cache.
• Backward cache.

11
ISA 2004 overview

• ISA Server 2004 as a VPN server
• VPN (Virtual Private Network) is a secure
  network connection created through a public
  network such as the Internet.
• Types of VPN connections
• VPN clients.
• Site-Site VPN.
• Quarantine Control.

12
ISA 2004 overview

• Why use VPN connections
• Availability.
• Cost.
• Internet Protocol security (IPSec) A set of
  industry-standard, cryptography based protection
  services and protocols. IPSec protects all
  protocols in the Transmission Control
  Protocol/Internet Protocol (TCP/IP) protocol
  suite and Internet communications.

13
ISA 2004 overview

• Protocols supported by ISA Server 2004
• Point-Point tunneling protocol (PPTP)
• Uses Microsofts encryption (MPPE).
• Less Complex to set than IPsec.
• Layer two tunneling protocol (L2TP)
• More secure than PPTP.
• IPsec concepts more complex.

14
ISA 2004 overview
15
References

• CISSP All-in-One Exam Guide.
• Installing, Configuring, and Administering
  Microsoft Windows XP Professional.
• MCSA/MCSE Self-Paced Training Kit (Exam 70-270).
• Implementing Microsoft Internet Security and
  Acceleration Server 2004.
• MCSA/MCSE Self-Paced Training Kit (Exam 70-350).