Page 61 - StudyBook.pdf
P. 61
General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1 45
Additionally, we reviewed the concepts of disabling or removing unnecessary
services, protocols, and applications from our environment, to help minimize the
effects that could occur from weaknesses.This process includes the evaluation and
detection of inappropriate applications, services, and components within systems
that can lead to system compromise, and also showed us that removal of these
unnecessary components can assist in freeing up resources for use within the
system.
Exam Objectives Fast Track
Introduction to AAA
AAA is made up of three distinct but interdependent parts: access control,
authentication, and auditing.
Access control consists of the rules for controlling the methods and
conditions of access to your system.
Authentication defines the methods for setting the rules for establishing
the methods of authentication of the service or user requesting access to
the system or resources.
Auditing contains the suggestions and procedures for monitoring access
and authentication processes in your systems, and secures the log files and
records of these efforts.
Access Control
MAC is a level of access that is defined and hard-coded in the OS or
application, and not easily changed.
DAC are defined by the owner of an object (such as files), and are
modifiable and transferable as desired.
RBACs are defined by job function and are definable with much more
control.
www.syngress.com
