Importance And Uses Of Access Control Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

What is Access Control? The process in which the users are identified and divided into levels and let them access to information, data, files, systems, or resources according to their levels is called Access Control.

Why must Access Control be used?

The main goal of access control is to protect and maintain the confidentiality, integrity, and availability of information, resources and system. The term 'confidentiality' of information means the process that just the authorized user of the organization can access the information and resources of the system. 'Integrity' refers protecting the information and resources from changing by the unauthorized user. The availability is that the information and resources should not be over protected that the time or availability of the information is very low being not useable by anyone.

Are there any types of Access Control?

Yes, there are five types or technologies of access control. And the five types are

Attribute-based access control

Mandatory access control

Discretionary access control

Role-based access control

Rule-based access control

Attribute-based Access Control

In the attribute-based access control, user can be permitted to have access the information only based on the attributes of his and not on the identification of who he is. For example, if the access control permits every one who is not married, then anyone who can prove this claim that he or she is not married can access the data without entering who or what he or she is.

Mandatory Access Control

In the mandatory access control, the owner of the data can't determine the access control but the machine itself determine it. It is programmed to be multilevel system that inquires the subjects and objects sensitivity labels to permit. The subject's sensitivity label shows its level of trust. The object's sensitivity label shows the level of trust needed to access the data. So, in order to access its object, the subject's label must be greater or equal to the object's label. This access control systems are commonly used by military installation and financial institutions.

Discretionary Access Control

In the discretionary access control, the owner of the data can determine who can read, write or execute his file or service. The owner of the data or file is the one who created this file.

Role-based Access Control

In the role-based access control, users are allowed to access the information and resources based on their roles in the organization. The role-based access control can be used to individual users or group of users.

Rule-based Access Control

In the rule-based access control, users are allowed to access the information and resources based on the pre-determined rules. The rules can be configured.

User Authentication

What does "User Authentication" mean?

"User Authentication" is the process of checking to make sure that the user of the system is the one who have the right or who can be trusted to enter and access the system.

Why should "User Authentication" perform?

User Authentication should be perform in order to protect the important data from being stolen by others or being changed or modified incorrectly by the ones who don't have the proper knowledge.

Examples of User Authentication

Examples of user authentication are -

Using log in to enter a computer to prevent unauthorized user

Using a captcha in order to make sure that the user is not a computer program

Using a confirmation email to make sure the user is using his own email

Using access control to control access as shown above

Firewalls

What is a "firewall"?

A firewall is a system that is made for preventing resources of a private network form access accessing by another networks. For example, a company that have staffs accessing the internet install a firewall in order to prevent accessing the company private resources or control the company data by unauthorized users from anther network through the internet.

Is a firewall hardware or software?

A firewall can be a hardware as well as software or even the combination of both. A hardware firewall is mostly placed between a LAN and the connection of WAN. A software firewall that is installed on the OS of the computer just checks all the packets coming into or leaving the computer.

How does a firewall work?

A firewall, basically, check the packets passing through the router and determines whether the packet should be forwarded to its destination.

What are the types of firewall techniques?

The types of techniques of firewall are

Packet filter

Application gateway

Circuit-level gateway

Proxy sever

Packet Filter

Depend on the rules that are predetermined by the administrator, it checks each packet that passes through the router and accepts or rejects them to pass the router. In other words, it filters the packets.

Application Gateway

It makes security mechanisms to the specific applications that are on the sever. It is very useful although it can degrade some performance.

Circuit-level Gateway

When the TCP or UDP established the connection, it uses security mechanisms to determine if the connection should be established. Its job is done when the connection has been established.

Proxy Sever

It hides the actual network IP of the network.

Virus Protection

What is Virus?

A virus is a computer program which replicates itself into another program to spread. A virus can spread reach to one's network if the user download a program form the internet, bring storage media that contains virus or even if someone send an email that contains attachment which is actually a virus.

Why do we need to protect virus?

Virus can disrupt the computer or the network performance by deleting importance files, using a large amount of computer or network resources, or by formatting disks. So if we don't protect virus, it can lower our performance or even can break our whole operation down. So it can be a potential thread for our system if we don't care about virus.

How can we make virus protection?

There are lots of antivirus software that are available either by purchasing or by downloading free from the internet. But, as there are a lot of virus appearing everyday, update for the antivirus software must be an essential.

Either way, we can use UNIX operating systems as lots of virus are based on windows environment. Because UNIX operating systems need no budget to buy and can be modified freely as the way we need, using of OSS is becoming a potential choice for most system.

Accessing The Internet

Why accessing the internet can be a threat?

As the internet is a network that can connect every PCs in the world, it become an entrance for every criminal, illegal issue to come in front of us. Virus can enter our company or organization network through the internet. Any hacking, unauthorized access can come to us through the internet. That's why the internet could be a potential threat nowadays.

How can we use the internet without any harm?

There are a lot of things to do. One's should use firewall while accessing the internet and this is important. A fire wall is a software or hardware or even combination of both that can filter packet and therefore can reduce some security risk.

Anti-virus, anti-spyware software should be installed in the computer. A very popular way of getting virus or spyware is form the internet. So anti-virus, anti-spyware is somewhat very important in everyday's life.

The company should announce policies for accessing the internet for its employees so that the security should be more reliable. Policies are rules for the employees which tell dos and don'ts for them. So if the employees do not do something that are risks for the company, it can be said that the security is somehow more reliable.

Access control to control access of persons, employees according to their level should be a must. Controlling access can reduce level of security risk as it can control who to access and who not to.

Task 2

When I reach to the user's department,

The things I must check

I outline the things I must check. They are

The network adaptor card

The network cable

The OS of the computer

The driver of the network card in the computer

The sever of the network

The things I should check with adapter card are

Whether the card still work or not

Whether the card match the network OS settings

Whether there are any I/O address conflicts

Whether there are more than one NIC cards in the computer. If so, whether there are any setting conflicts in the computer

The things I should check with the network cable are

Whether there are loose or missing connections

Whether it is bent cable

Whether the cable is in correct length

Whether the termination at patch panels is correct

Whether there are broken sections in cable

The things I should check with the OS of the computer

Whether there are any virus in the computer

Whether the user installed any software lately that could change the settings of the OS

Whether any settings of the e-mail software had been changed

The things I should check with the driver of the network card in the computer

Whether there had any changes been bade to the device since the last time she used

Whether there are anyone who moved any hardware in the computer

Whether old driver are being used with the device

Whether there are any software that had been installed lately

The things I should check with the sever of the network

Whether the sever block the user account for not entering wrong for a limited time or not using the account for a long time.

The questions I must ask

I compile the questions I must ask when I arrive at the user's office with the possible responses. They are

Q: When was the last time you log on to e-mail?

If the time she logged on was not recently, I should check the sever as the sever could block her account because she didn't log on for a long time.

Q: Is there any virus on the computer?

I should install an antivirus software and check and kill the virus if there is one.

Q: Have you checked the adaptor card yet?

The adaptor card could be a problem if she hasn't checked whether it still works. I should check it and if it is not good, it should repair it.

Q: Is the default gateway true?

If not, she will never be able to use the network. I should change the right default gateway.

Q: Is the subnet mask true?

If not, she will never be able to use the network. I should change the right subnet mask true.

Q: Does the computer have the authorized access to the network?

If not, I should change the access control from the server.

Q: Did you install any software lately?

If the software has change the computer settings, I should restore the back up the time the computer work properly.

Q: Did you move any hardware from the computer?

The new equipment may change the computer settings. If so, I change back the right settings.

Q: Did you do something to the network cable?

If she has done something that make the cable bent or cut, I should change the cable with a good one.

Task 3

SonicWALL TotalSecure TZ210 Firewall/VPN

Manufacture: Sonicwall

Model Number: TZ 210

Features:

Contains Deep Packet Inspection Engine

50 Mbps Deep Packet Inspection Throughput

Denial of Service Attack Protection

Support DHCP

Support NAT

Stateful Packet Inspection

Switching

Content Filtering

URL filtering

DDos attack prevention

NETGEAR FVX538 ProSafe™ VPN Firewall 200

Manufacture: Netgear

Model Number:  FVX538 ProSafe™ VPN Firewall 200

Features:

Contains DMZ port

Support DHCP

Support NAT

Contains hardware encryption

Support VPN

Stateful Packet Inspection (SPI)

Denial of Service attack prevention

Content filtering

Intrusion Detection System (IDS)

E-mail alert

D-Link - DIR-330 Wireless G VPN Router

Manufacture: D-Link

Model Number: DIR-330

Features:

Wireless VPN Router

Wirelessly share a high-speed Internet connection

Support and manage up to 8 VPN configurations

Simple-to-deploy routing, VPN, and firewall solution

Enterprise-class security protects your network from online intruders and potential attacks

Reasons for the appropriateness of a particular firewall for my organization

For my organization, from the three described above, I prefer D-Link - DIR-330 Wireless G VPN Router. Because

In my organization, most of the computers that use the network are mobile which means my network is appropriate for wireless firewall

In my organization, a lot of computers are using the network, in other words we need a high speed internet connection

As we need speed and security, we usually use VPN. So, as this router can support many VPN, this could be an appropriate firewall.

Moreover, as we use VPN, this is a very simple-to-deploy routing.

As many people use internet in our network, there are many security risk. This protects my network form virus, online intruders and potential attacks.

Task 4

Acceptable Use Policies for Accessing the WWW

It is strongly recommended to the employees to use the Internet for the job-related activities and not to use personal access to the inter net.

Employees can not pay a visit to any of hateful, inappropriate, pornographic materials. These site could be an entrance of virus or unauthorized acts.

Employees must not put the company into any risk with their false using of the internet.

Employees can not pay a visit to any of violent, illegal materials.

Employees should not download and use any copyrighted commercial software belonging to another parties without purchasing.

Employees should not visit to any free websites, download freeware and use in the company computer. These could be a potential security threat.

Employees should not publish any false material that could hurt the company's or security .

Employees should distribute or post no confidential information of the company which could be a potential security threat.

Employees should not distribute any of the company information including financial information and the company's customers relating information, private polices, or business plan.

Employees are very strongly warned not to bring any kind of malicious software to the company network

Employees are not permitted to use company's computers to launch any computer-based attack or hack to other computer system in order to gain unauthorized access.

Employees should not create, distribute or transmit chain mail or should not be spamming.

Employees are not allowed to create, distribute or transmit mass mail without any subject matter which could take the company performance down.

In order to make sure that the employees don't visit to certain website, the company will use filtering software. In this case, employees should not access any websites restricted by the company filtering software using bypass sites or software.

Employees should not use the company's internet access to act some illegal issue like arranging drug sales, engaging in some criminal gang activity, threatening a person's safety and so on.

Each employee is responsible to his or her user account and should take care and make precautions for the account. Employees should not give their password to other under no condition.

Company's computers will be install with antivirus software and these should be updated by the responsible person.

Acceptable Use Policies for Instant Messengers and Chat Room

Employees are strongly recommended to use the instant messenger and chat room for only job-related communications between employees.

Employees are prohibited to download and use personal instant messenger software on their own.

Employees are not allowed to waste time by sending instant messages or use chat room to chat each other.

Employees are not permitted to send jokes, gossip, rumors via instant messenger or chat room.

Employees should never give their personal information to someone who hasn't met with them. This can be a potential threat for the employees.

Employees are not allowed to physically meet with persons who meet on the internet by using the company's chat room. If something happens to the employees, this could be the company issue.

Employees should not give the information to persons who forcedly make them to give it that can make the employees insecure.

Employees should never tell any of their confidential data including passwords, personal identification number (PIN) code, address, credit card number, or etc.

Employees should not use any option or button newly added to your messenger unless it is provided by the software vendor as this could be a virus.

Employees should choose user name carefully and should not choose any user name that contains personal information of the employees.

Employees should choose strong password. Strong password contains alphabetical letters, number and special characters and easy to remember.

Employees should not show the pictures of their own selves using chat room unless it is secure.

Employees should not use violent language while using chat room as it can damage the image of the company.

E-mail Usage Policies

Employees are strongly recommended to use the E-mail for only job-related activities and not for their personal activities.

Employees should check their mail box and delete unwanted messages. The company should specify the size of the e-mail capacity.

Employees are not allowed to send mass email ( sending large file) which could lower the company network performance.

Employees are also not allowed to send chain mails. This may damage company security.

Employees are restricted to send messages containing company confidential data to where other than within company.

Employees are not allowed to distribute or send emails that contain violent, indecent, inappropriate, pornographic materials, images, text, file, movie or etc.

Employees should not attach files in mails as possible.

Employees should not open attached files carelessly. Attaching files could be viruses.

Employees must not forward any software or anything if it is against the copyright law.

Employees should not write their passwords in mails or force to write the passwords of the receivers.

Employees should not open and read mails in the mail box if it is not theirs.

Employees must not distribute any kind of malicious software to others.

Task 5

Start IpSec Software.

First check "Local Mode (Debug this system)" and click "Next>>".

Diagnosis of "System Info"

Check "SystemInfo" in order to diagnosis system information. And click "Start Deagnosis".

The diagnostics has completed. Click "Generate Report" to generate report.

The report for "SystemInfo"

-----------Local Mode Diagnosis:Start - 2010/11/1(04hr:19min:29sec)-----------

Log Location: C:\Users\zachary\AppData\Roaming\IPSecureLogs\LocalMode2010-11-1(04hr-19min-29sec)

Local IP: 192.168.10.122, Remote Machine: 192.168.100.106

SystemInfo:

--Passed: System information(software, hardware,active processes, active network connections) collected. View Output Logs for details

IPsec Service Diagnosis:

--Passed : IPsec services are up and running

----BFE up and running

----IKEext/Policyagent up and running

Live Debugging: Start

WFPUtil Diagnosis:

(If you did not repro the issue while the tool was running, ignore WFPUtil Diagnosis)

This Diagnosis report is for negotiation between host and 192.168.100.106

Failed: No IKE negotiaton found between Host machine and 192.168.100.106. This could be because:

--1.Wrong value was entered for the Desitnation IP Address(Client2 IP)

--2.Wrong log was provided

--3.IPSec is not monitoring traffic between Host machine and 192.168.100.106

Live Debugging: End

IPsec SA, Filter Diagnosis:

--Failed : No Main mode SA exists between 192.168.10.122 and 192.168.100.106

--Failed : No Quick mode SA exists between 192.168.10.122 and 192.168.100.106

--Information : No Legacy MM policies applied on this system

--Information : No active IKEEXT rule was found on this system

--Failed : No policies on this system

--Information : No legacy MM outbound filters between exist between 192.168.10.122 and 192.168.100.106

--Information : No Legacy MM inbound filters between exist between 192.168.10.122 and 192.168.100.106

-----------Local Mode Diagnosis:End - 2010/11/1(04hr:20min:13sec)-----------

Diagnosis of "Network Interface"

Check "Network Interface" and click "Start Diagnosis".

The Diagnosis has completed. Click "Generate Report"

Report for "Network Interface"

-----------Local Mode Diagnosis:Start - 2010/11/1(04hr:33min:36sec)-----------

Log Location: C:\Users\zachary\AppData\Roaming\IPSecureLogs\LocalMode2010-11-1(04hr-33min-36sec)

Local IP: 192.168.10.122, Remote Machine: 192.168.100.106

Network Interface Diagnosis:

--Passed : Network Interface configured correctly

IPsec Service Diagnosis:

--Passed : IPsec services are up and running

----BFE up and running

----IKEext/Policyagent up and running

Live Debugging: Start

WFPUtil Diagnosis:

(If you did not repro the issue while the tool was running, ignore WFPUtil Diagnosis)

This Diagnosis report is for negotiation between host and 192.168.100.106

Failed: No IKE negotiaton found between Host machine and 192.168.100.106. This could be because:

--1.Wrong value was entered for the Desitnation IP Address(Client2 IP)

--2.Wrong log was provided

--3.IPSec is not monitoring traffic between Host machine and 192.168.100.106

Live Debugging: End

IPsec SA, Filter Diagnosis:

--Failed : No Main mode SA exists between 192.168.10.122 and 192.168.100.106

--Failed : No Quick mode SA exists between 192.168.10.122 and 192.168.100.106

--Information : No Legacy MM policies applied on this system

--Information : No active IKEEXT rule was found on this system

--Failed : No policies on this system

--Information : No legacy MM outbound filters between exist between 192.168.10.122 and 192.168.100.106

--Information : No Legacy MM inbound filters between exist between 192.168.10.122 and 192.168.100.106

-----------Local Mode Diagnosis:End - 2010/11/1(04hr:33min:48sec)-----------

Diagnosis for "Ping Remote"

Check "Ping Remote" and click "Start Diagnosis".

The Diagnosis has completed. Click "Generate Report" to generate report.

Report For "Ping Remote"

-----------Local Mode Diagnosis:Start - 2010/11/1(04hr:37min:31sec)-----------

Log Location: C:\Users\zachary\AppData\Roaming\IPSecureLogs\LocalMode2010-11-1(04hr-37min-31sec)

Local IP: 192.168.10.122, Remote Machine: 192.168.100.106

Ping (Remote Reachability) Diagnosis:

Passed: Remote machine,"192.168.100.106", is reachable from host

IPsec Service Diagnosis:

--Passed : IPsec services are up and running

----BFE up and running

----IKEext/Policyagent up and running

Live Debugging: Start

WFPUtil Diagnosis:

(If you did not repro the issue while the tool was running, ignore WFPUtil Diagnosis)

This Diagnosis report is for negotiation between host and 192.168.100.106

Failed: No IKE negotiaton found between Host machine and 192.168.100.106. This could be because:

--1.Wrong value was entered for the Desitnation IP Address(Client2 IP)

--2.Wrong log was provided

--3.IPSec is not monitoring traffic between Host machine and 192.168.100.106

Live Debugging: End

IPsec SA, Filter Diagnosis:

--Failed : No Main mode SA exists between 192.168.10.122 and 192.168.100.106

--Failed : No Quick mode SA exists between 192.168.10.122 and 192.168.100.106

--Information : No Legacy MM policies applied on this system

--Information : No active IKEEXT rule was found on this system

--Failed : No policies on this system

--Information : No legacy MM outbound filters between exist between 192.168.10.122 and 192.168.100.106

--Information : No Legacy MM inbound filters between exist between 192.168.10.122 and 192.168.100.106

-----------Local Mode Diagnosis:End - 2010/11/1(04hr:37min:39sec)-----------

Diagnosis For "NAP Client", "RRAS, Wireless, IAS" and "Registry and Events"

Click "Start Diagnosis" to start diagnosis.

Diagnosis has completed. Click "Generate Report" to generate report.

Report For "NAP Client", "RRAS, Wireless, IAS" and "Registry and Events"

-----------Local Mode Diagnosis:Start - 2010/11/1(05hr:17min:10sec)-----------

Log Location: C:\Users\zachary\AppData\Roaming\IPSecureLogs\LocalMode2010-11-1(05hr-17min-10sec)

Local IP: 192.168.10.122, Remote Machine: 192.168.100.106

NAP Client Diagnosis:

--Information : NAP client is running

---- NAP logs collected

IPsec Service Diagnosis:

--Passed : IPsec services are up and running

----BFE up and running

----IKEext/Policyagent up and running

Live Debugging: Start

--Information: Enabling RRAS Trace

WFPUtil Diagnosis:

(If you did not repro the issue while the tool was running, ignore WFPUtil Diagnosis)

This Diagnosis report is for negotiation between host and 192.168.100.106

Failed: No IKE negotiaton found between Host machine and 192.168.100.106. This could be because:

--1.Wrong value was entered for the Desitnation IP Address(Client2 IP)

--2.Wrong log was provided

--3.IPSec is not monitoring traffic between Host machine and 192.168.100.106

Live Debugging: End

RRAS Diagnosis:

--Passed : RRAS is switched off, implying no external policies

--Information: Disabling RRAS trace that was enabled during live debugging.RRAS logs copied.

Registry and Events Diagnosis:

--Passed: System, Application and Security event logs collected

IPsec SA, Filter Diagnosis:

--Failed : No Main mode SA exists between 192.168.10.122 and 192.168.100.106

--Failed : No Quick mode SA exists between 192.168.10.122 and 192.168.100.106

--Information : No Legacy MM policies applied on this system

--Information : No active IKEEXT rule was found on this system

--Failed : No policies on this system

--Information : No legacy MM outbound filters between exist between 192.168.10.122 and 192.168.100.106

--Information : No Legacy MM inbound filters between exist between 192.168.10.122 and 192.168.100.106

-----------Local Mode Diagnosis:End - 2010/11/1(05hr:17min:28sec)-----------

Diagnosis For "Windows Firewall"

To start Diagnosis, click "Start Diagnosis".

Diagnosis has completed. Click "Generate Report" to generate report.

Report For "Windows Firewall"

-----------Local Mode Diagnosis:Start - 2010/11/1(05hr:23min:20sec)-----------

Log Location: C:\Users\zachary\AppData\Roaming\IPSecureLogs\LocalMode2010-11-1(05hr-23min-20sec)

Local IP: 192.168.10.122, Remote Machine: 192.168.100.106

IPsec Service Diagnosis:

--Passed : IPsec services are up and running

----BFE up and running

----IKEext/Policyagent up and running

Live Debugging: Start

WFPUtil Diagnosis:

(If you did not repro the issue while the tool was running, ignore WFPUtil Diagnosis)

This Diagnosis report is for negotiation between host and 192.168.100.106

Failed: No IKE negotiaton found between Host machine and 192.168.100.106. This could be because:

--1.Wrong value was entered for the Desitnation IP Address(Client2 IP)

--2.Wrong log was provided

--3.IPSec is not monitoring traffic between Host machine and 192.168.100.106

Live Debugging: End

Windows Firewall Diagnosis:

--Information : Windows Firewall is not running. Check if system has another firewall active.

IPsec SA, Filter Diagnosis:

--Failed : No Main mode SA exists between 192.168.10.122 and 192.168.100.106

--Failed : No Quick mode SA exists between 192.168.10.122 and 192.168.100.106

--Information : No Legacy MM policies applied on this system

--Information : No active IKEEXT rule was found on this system

--Failed : No policies on this system

--Information : No legacy MM outbound filters between exist between 192.168.10.122 and 192.168.100.106

--Information : No Legacy MM inbound filters between exist between 192.168.10.122 and 192.168.100.106

-----------Local Mode Diagnosis:End - 2010/11/1(05hr:23min:34sec)-----------

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.