Page 27 - StudyBook.pdf
P. 27
General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1 11
■ More Precise Than Groups RBAC allows the application of the prin-
ciple of least privilege, granting the precise level of access required to per-
form a function.
EXAM WARNING
Be careful! RBAC has two different definitions in the Security+ exam.
The first is defined as Role-Based Access Control. A second definition of
RBAC that applies to control of (and access to) network devices, is
defined as Rule-Based Access Control. This consists of creating access
control lists for those devices, and configuring the rules for access to
them.
EXERCISE 1.01
VIEWING DISCRETIONARY ACCESS CONTROL SETTINGS
Almost all current NOSes allow administrators to define or set DAC set-
tings. UNIX and Linux accomplish this either by way of a graphical user
interface (GUI) or at a terminal window as the superuser creating
changes to the settings using the chmod command. Windows operating
systems set DAC values using Windows Explorer.
For this exercise, you will view the DAC settings in Windows XP
Professional. Please note that if you try this in Windows XP Home edi-
tion, the DAC settings will not be available. To start, open Windows
Explorer. Navigate to the %systemroot%\system32 folder (where %sys-
temroot% is the folder Windows 2000 or XP Professional is installed in).
Highlight this folder’s name and select Properties. Select the Security
tab; you should see a window as shown in Figure 1.1.
www.syngress.com
