ACCESS CONTROL & INTRUSION DETECTION

BY:RAUL FERNANDES

411112

ACCESS CONTROL

ResourceUser

process

Referencemonitor

access request

policy

?

WHAT IS ACCESS CONTOL

oAccess Controls: The security features that control how users and systems communicate and interact with one another.

POLICY DICTATES WHAT TYPES OF ACCESS ARE PERMITTED,UNDER WHAT CIRCUMSTANCES,AND BY WHOM

CATEGORIES OF ACCESS CONTROL

DISCRETIONARY ACCESS CONTOL(DAC)

MANDATORY ACCESS CONTROL(MAC)

ROLE-BASED ACCESS CONTROL(RBAC)

DISCRETIONARY ACCESS CONTOL(DAC)

A system that uses discretionary access control allows the owner of the resource to specify which person can access which resources.

Access control is given by the owner.

MANDATORY ACCESS CONTROL(MAC)

Access control is based on a security labeling (how data is sensitive and critical) system.

Users have security clearances(eligibility to access certain resource) and resources have security labels that contain data classifications.

Model is used in confidentiality(e.g military)

ROLE-BASED ACCESS CONTROL(RBAC)

Controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.

INTRUSION DETECTION

SECURITY INTRUSION:A SECURITY EVENT OR A COMBINATION OF MULTIPLE SECURITY EVENTS THAT CONSTITUTES A SECURITY INCIDENT IN WHICH AN INTRUDER GAINS OR ATTEMPTS TO GAIN, ACCESS TO A SYSTEM WHITHOUT AUTHORIZATION

INTRUSION DETECTION:A SECURITY SERVICE THAT MONITORS AND ANALYZES SYSTEM EVENTS FOR THE PURPOSE OF FINDING,AND PROVIDING REAL TIME WARNINGS OF ATTEMPTS TO ACCESS SYSTEM RESOURCES IN AN AUTHORIZED MANNER

CLASSIFICATION OF ID`S

HOST- BASED IDSNETWORK –BASED IDS

HOST-BASED ID`S

Analyze the activity within a particular computer system

MONITORS THE CHARACTERISTICS OF A SINGLE HOST AND THE EVENTS OCCURING WITHIN THAT HOST FOR SUSPICIOUS ACTIVITY

NETWORK BASED ID`S

Monitor network communications MONITORS NETWORK TRAFFIC FOR

PARTICULAR NETWORK SEGMENTS OR DEVICES AND ANALYZES NETWORK,TRANSPORT,AND APPLICATION PROTOCOLS TO IDENTIFY SUSPICIOUS ACTIVITY

LOGICAL COMPONENTS OF IDS

SENSORS :- Part of system resposible for collecting evidence of an intrusion.

ANALYZERS :- Responsible for determining if an intrusion has occurred.

USER INTERFACE :- Enables user to view output from he system or control the behavior of the system.

REFERNCE

ACCESS CONTROL-(PgNO 675-680 WILLIAM STALLINGS)INTRUSION DETECTION-(PgNO 680-684 WILLIAM STALLINGS)

THANK YOU