background preloader

Access Control

Facebook Twitter

DAP (software) Dap is a command line driven program.

DAP (software)

Using its internal commands, one can perform tests on means and percentiles, correlation, ANOVA, categorical analysis, linear and logistic regression analysis and non parametric statistics. It can also be used to create scatterplots, line graphs and histograms of data. It has been designed so as to cope with very large data sets; even when the size of the data exceeds the size of the computer's memory. Lightweight Directory Access Protocol. The Lightweight Directory Access Protocol (LDAP; /ˈɛldæp/) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.[1] Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.[2] As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory.

Lightweight Directory Access Protocol

Similarly, a telephone directory is a list of subscribers with an address and a phone number. LDAP is specified in a series of Internet Engineering Task Force (IETF) Standard Track publications called Request for Comments (RFCs), using the description language ASN.1. The latest specification is Version 3, published as RFC 4511. Directory service. TACACS. Terminal Access Controller Access-Control System (TACACS, usually pronounced like tack-axe) refers to a family of related protocols handling remote authentication and related services for networked access control through a centralized server.


The original TACACS protocol, which dates back to 1984, was used for communicating with an authentication server, common in older UNIX networks; it spawned related protocols: Extended TACACS (XTACACS) is a proprietary extension to TACACS introduced by Cisco Systems in 1990 without backwards compatibility to the original protocol. TACACS and XTACACS both allow a remote access server to communicate with an authentication server in order to determine if the user has access to the network.Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. History[edit] RADIUS. What is AAA server (authentication, authorization, and accounting)? - Definition from Kerberos (protocol) Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography during certain phases of authentication. [1] Kerberos uses UDP port 88 by default.

Kerberos (protocol)

MIT developed Kerberos to protect network services provided by Project Athena. The protocol is based on the earlier Needham-Schroeder Symmetric Key Protocol. The protocol was named after the character Kerberos (or Cerberus) from Greek mythology, which was a monstrous three-headed guard dog of Hades. Several versions of the protocol exist; versions 1–3 occurred only internally at MIT. Version 5, designed by John Kohl and Clifford Neuman, appeared as RFC 1510 in 1993 (made obsolete by RFC 4120 in 2005), with the intention of overcoming the limitations and security problems of version 4. MIT makes an implementation of Kerberos freely available, under copyright permissions similar to those used for BSD. Group Policy. Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts.

Group Policy

Group Policy provides the centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. A version of Group Policy called Local Group Policy ("LGPO" or "LocalGPO") also allows Group Policy Object management on standalone and non-domain computers.[1][2] Operation[edit] Group Policy, in part, controls what users can and cannot do on a computer system, for example: to enforce a password complexity policy that prevents users from choosing an overly simple password, to allow or prevent unidentified users from remote computers to connect to a network share, to block access to the Windows Task Manager or to restrict access to certain folders. File system permissions. Operating system variations[edit] Unix-like and otherwise POSIX-compliant systems, including Linux-based systems and all Mac OS X versions, have a simple system for managing individual file permissions, which in this article are called "traditional Unix permissions".

File system permissions

Most of these systems also support some kind of access control lists, either proprietary (old HP-UX ACLs, for example), or POSIX.1e ACLs, based on an early POSIX draft that was abandoned, or NFSv4 ACLs, which are part of the NFSv4 standard. Microsoft and IBM DOS variants (including MS-DOS, PC DOS, Windows 95, Windows 98, Windows 98 SE, and Windows Me) do not have permissions, only file attributes. There is a read-only attribute (R), which can be set or unset on a file by any user or program, and therefore does not prevent him/her from changing/deleting the file. There is no permission in these systems which would prevent a user from reading a file. OpenVMS (a.k.a. Linux supports POSIX.1e ACLs.

Set NTFS Permissions on Objects in Microsoft Windows 8. About Setting NTFS Permissions on Objects In Windows 8, when any volume is formatted using NTFS file system, it allows administrators to protect the information that the volume contains using NTFS permissions.

Set NTFS Permissions on Objects in Microsoft Windows 8

When NTFS permissions are set on the objects, only the users who have been granted appropriate rights are allowed to access the objects. Likewise, if names of the users are not listed in NTFS permissions list, implicit deny permission is automatically applied. Principle of least privilege. Details[edit] The principle means giving a user account only those privileges which are essential to that user's work.

Principle of least privilege

For example, a backup user does not need to install software: hence, the backup user has rights only to run backup and backup-related applications. Job rotation. Job rotation is a management technique[1] that assigns trainees to various structures and departments over a period of a few years.[2] Surveys show that an increasing number of companies are using job rotation to train employees (see Coyne 2011 below).

Job rotation

There are both positive and negative effects involved with job rotation that need to be taken into consideration when a company makes the decision to use[3] this technique. Organizations that use job rotation tend to be successful innovative companies and organizations with a growth and development agenda. Job rotation is also a control to detect errors and frauds. It reduces the risk of collusion between individuals. Organizations dealing with sensitive information or system (e.g. bank) where there is an opportunity for personal gain can benefit by job rotation. Separation of duties. By Alungile Joki ct2015-1709 My research on separation of duties.

Separation of duties

Access control. A sailor allows a driver to enter a military base.