The Mandatory Access Control Method Mac Computer Science Essay

Published:

A) Access control This area evaluates mechanisms that protect an organization from internal and external intrusions. Issues such as password management, authentication systems, and event logging are part of this section

Implementing Access Control

The process of implementing access control is critical. Access control defines how users and Systems communicate and in what manner. In other words, it limits-or controls-access to system resources, including data, and thus protects information from unauthorized Access. Three basic models are used to explain access control.

The Mandatory Access Control Method

The Mandatory Access Control (MAC) model is a static model that uses a predefined set of access privileges for files on the system. The system administrators establish these parameters and associate them with an account, files, or resources.

The MAC model can be very restrictive. In a MAC model, administrators establish

access. Users can't share resources dynamically unless the static relationship already exists.

Lady using a tablet
Lady using a tablet

Professional

Essay Writers

Lady Using Tablet

Get your grade
or your money back

using our Essay Writing Service!

Essay Writing Service

The acronym MAC appears in numerous computer-related contexts. One of

the most common uses is to represent the Media Access layer in networking.

Be careful not to confuse MAC addressing as it relates to network cards with

Mandatory Access Control.

MAC uses labels to identify the level of sensitivity that applies to objects. When a user

attempts to access an object, the label is examined to see if the access should take place or be denied. One key element to remember is that when mandatory control is applied, labels are required and must exist for every object.The Discretionary Access Control Method

The Discretionary Access Control (DAC) model allows the owner of a resource to establish privileges to the information they own. The difference between DAC and MAC is that labels are not mandatory but can be applied as needed.

The DAC model allows a user to share a file or use a file that someone else has shared.

It establishes an access control list (ACL) that identifies the users who have authorization to access that information. This allows the owner to grant or revoke access to individuals or groups of individuals based on the situation. This model is dynamic in nature and allows information to be shared easily between users.

The Role-Based Access Control Method

The Role-Based Access Control (RBAC) model allows a user to act in a certain predetermined manner based on the role the user holds in the organization. The roles almost always shadow the organizational structure.

Users can be assigned roles system wide and can then perform certain functions or duties based on the roles they're assigned. An example might be a role called salesperson. The user assigned the salesperson role can access only the information established for that role. Users may be able to access this information from any station in the network, based strictly on their role. A sales manager may have a different role that allows access to all of the individual salespersons' information.

The RBAC model is common in network administrative roles.

B) Understanding Authentication

Authentication proves that a user or system is actually who they say they are. This is one of the most critical parts of a security system. It's part of a process that is also referred to as identification and authentication (I&A). The identification process starts when a user ID or logon name is typed into a sign-on screen. Authentication is accomplished by challenging

the claim about who is accessing the resource. Without authentication, anybody can claim to be anybody.

Authentication systems or methods are based on one or more of these three factors:

1)Something you know, such as a password or PIN

2) Something you have, such as a smart card or an identification device

3) Something physically unique to you, such as your fingerprints or retinal pattern

Systems authenticate each other using similar methods. Frequently, systems pass private information between each other to establish identity. Once authentication has occurred, the two systems can communicate in the manner specified in the design.

Several common methods are used for authentication. Each offers something to security and should be considered when you're evaluating authentication schemes or methods.

Biometrics

Lady using a tablet
Lady using a tablet

Comprehensive

Writing Services

Lady Using Tablet

Plagiarism-free
Always on Time

Marked to Standard

Order Now

Biometric readers use physical characteristics to identify the user. Such devices are becoming

more common in the business environment. Biometric readers include hand scanners, retinal scanners, and soon, possibly, DNA scanners. To gain access to resources, you must pass a physical screening process. In the case of a hand scanner, the screening may include fingerprints, scars, and markings on your hand. Retinal scanners compare your eye's retinal pattern to a stored retinal pattern to verify your identity. DNA scanners will examine a unique portion of your DNA structure to verify that you are who you say you are

Certificates

Certificates are another common form of authentication. A server or certificate authority

(CA) can issue a certificate that will be accepted by the challenging system. Certificates can be either physical access devices, such as smart cards, or electronic certificates that are used as

part of the logon process. A Certificate Practice Statement (CPS) outlines the rules used for issuing and managing certificates. A Certificate Revocation List (CRL) lists the revocations that must be addressed (often due to expiration) in order to stay current.

This chapter provides only an overview of certificates

a certificate being handed from the server to the client after authentication has been

established. If you have a hall pass, you can wander the halls of your school. If your pass is invalid, the hallway monitor can send you to the principal's office. Similarly, if you have a certificate, then you can prove to the system that you are who you say you are and are authenticated to work with the resources.

Challenge Handshake Authentication Protocol

Challenge Handshake Authentication Protocol (CHAP) challenges a system to verify identity.

CHAP doesn't use a user ID/password mechanism. Instead, the initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server. The server compares the value from the client and,

if the information matches, grants authorization. If the response fails, the session fails, and the request phase starts over. Figure 1.4 illustrates the CHAP procedure. This handshake method involves a number of steps and is usually automatic between systems

Password Authentication Protocol

Password Authentication Protocol (PAP) offers no true security, but it's one of the simplest forms of authentication. The username and password values are both sent to the server as clear text and checked for a match. If they match, the user is granted access; if they don't match, the user is denied access. In most modern implementations, PAP is shunned in favor of other, more secure authentication methods

C) Firewalls

Firewalls are one of the first lines of defense in a network. There are different types of

firewalls, and they can be either stand-alone systems or included in other devices such as routers or servers. You can find firewall solutions that are marketed as hardware only and others that are software only. Many firewalls, however, consist of add-in software that is available for servers or workstations.

Although solutions are sold as "hardware only," the hardware still runs

Some sort of software. It may be hardened and in ROM to prevent tampering,

And it may be customized-but software is present nonetheless.

The basic purpose of a firewall is to isolate one network from another. Firewalls are becoming available as appliances, meaning they're installed as the primary device separating two networks. Appliances are freestanding devices that operate in a largely self-contained manner, requiring less maintenance and support than a server-based product.

Firewalls function as one or more of the following:

1) Packet filter

2)Proxy firewall

3) Stateful inspection firewall

Packet Filter Firewalls

A firewall operating as a packet filter passes or blocks traffic to specific addresses based on the type of application. The packet filter doesn't analyze the data of a packet; it decides whether to pass it based on the packet's addressing information. For instance, a packet filter may allow web traffic on port 80 and block Telnet traffic on port 23. This type of filtering is included in many routers. If a received packet request asks for a port that isn't authorized, the filter may reject the request or simply ignore it. Many packet filters can also specify which IP addresses can request which ports and allow or deny them based on the security settings of the firewall.

Lady using a tablet
Lady using a tablet

This Essay is

a Student's Work

Lady Using Tablet

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Examples of our work

Packet filters are growing in sophistication and capability. A packet filter firewall can

allow any traffic that you specify as acceptable. For example, if you want web users to access your site, then you configure the packet filter firewall to allow data on port 80 to enter. If every network were exactly the same, firewalls would come with default port settings hardcoded, but networks vary, so the firewalls don't include such settings.

Proxy Firewalls

A proxy firewall can be thought of as an intermediary between your network and any other network. Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the data and makes rule-based decisions about whether the request should be forwarded or refused. The proxy intercepts all the packages and reprocesses them for use internally. This process includes hiding IP addresses.

When you consider the concept of hiding IP addresses, think of Network

Address Translation (NAT) ,The proxy firewall provides better security than packet filtering because of the increased intelligence that a proxy firewall offers. Requests from internal network users are routed through the proxy. The proxy, in turn, repackages the request and sends it along, thereby isolating the user from the external network. The proxy can also offer caching, should the same request be made again, and can increase the efficiency of data delivery.

Stateful Inspection Firewalls

The last section on firewalls focuses on the concept of stateful inspection. Stateful inspection is also referred to as stateful packet filtering. Most of the devices used in networks don't keep track of how information is routed or used. After a packet is passed, the packet and path are forgotten. In stateful inspection (or stateful packet filtering), records are kept using a state table that tracks every communications channel. Stateful inspections occur at all levels of the network and provide additional security, especially in connectionless protocols such as User Datagram Protocol (UDP) and Internet Control Message Protocol (ICMP). This adds complexity to the process. Denial-of-service (DoS) attacks present a challenge because flooding techniques are used to overload the state table and effectively cause the firewall to shut down

or reboot.

D) Appreciating Antivirus Software

Computer viruses-applications that carry out malicious actions-are among the most annoying trends happening today. It seems that almost every day someone invents a new virus. Some of these viruses do nothing more than give you a big "gotcha." Others contaminate networks and wreak havoc on computer systems. A virus may act on your data or your operating system, but it's intent on doing harm-and doing so without your consent. Viruses often include replication as a primary objective and try to infect as many machines as they can, as quickly as possible.

The business of providing software to computer users to protect them from viruses has

become a huge industry. Several very good and well-established suppliers of antivirus software exist, and new virus-protection methods come on the scene almost as fast as new viruses. Antivirus software scans a computer's memory, disk files, and incoming and outgoing e-mail. The software typically uses a virus definition file that is updated regularly by the manufacturer. If these files are kept up-to-date, the computer system will be relatively secure. Unfortunately, most people don't keep their virus definition files up-to-date. Users will exclaim that a new virus has come out, because they just got it. Upon examination, you'll often discover that their

virus definition file is months out-of-date. As you can see, the software part of the system will break down if the definition files aren't updated on a regular basis.

TASK 2

TROUBLE SHOOTING STRUCTURED METHODS:

DETERMINING THE PROBLEM DEFINITION AND SCOPE

GATHERING INFORMATION

CONSIDERING POSSIBLE CAUSES

DEVISE A SOLUTION

IMPLEMENT THE SOLUTION

TEST THE SOLUTION

DOCUMENT THE SOLUTION

DEVICE THE PREVENTIVE MEASURES

DETERMINING THE PROBLEM DEFINITION AND SCOPE

When you reach the user computer, try to ask about the problem using open question, the user will tell you all of his/her problems in his/her own language and understanding where to start. After that ask close questions whereby the user will respond by saying "yes" or "no" answers.

Then we should ask about the scope. Is he/she the only one with the problem, or the whole network experiences the problem.

GATHERING INFORMATION

Here we gather all information regarding the users address and names, the computers operating system, the software available and also here we gather the computers information from example the

System information

Event viewer

Device manager

CONSIDERING POSSIBLE CAUSES

The following are list of possible causes:

Cabling is faulty, or the use of wrong cables

No internet connection available

Cabling is faulty, or the use of wrong cables

Printer not installed correctly

Wrong IP addressing

No papers inside the printer

Faulty NIC card

Faulty mail client settings

Mail server availability

No printer drivers in computer

Printer is not turned on

No ink inside the printer

ADEVISE A SOLUTION AND IMPLEMENT A SOLUTION

These depend on the problem you found at any situation, example solution below;

Wrong IP addressing-confirm the addressing from the administrator

No ink inside the printer-try a print page, you can replace the cartridge if ink is finished, or consider refilling

Mail server availability-can you access other server like facebook,google

No printer drivers in computer-check at device manager for the printer driver, if not available download the latest drivers and install them on computer

No papers inside the printer-check the paper tray inside, add some print papers

Faulty mail client settings-choose a default mail client example outlook express at the browsers tools tab key.

Cabling is faulty, or the use of wrong cables-between the switch and the computer make sure its straight through cable

Faulty NIC card-see the blinking at the NIC card, if its blinking then the NIC is ok,also go to command prompt and check if loopback addressing is ok example, ping loopback

Printer is not turned on-switch on the printer

Cabling is faulty, or the use of wrong cables-between the switch and the computer make sure its straight through cable

Printer not installed correctly-try a print test, and re install the printer

No internet connection available-possible solution is that you make sure you get connected to the internet, example attach you cable to the switch and other end to the computer and you must get the network icon at bottom of the computer. Also you must be able to access at least Google server

TEST THE SOLUTION

When you have already solve the problem then check if you can access the internet, or more specifically the mail server, and also check if you can print once more after the solution.

DOCUMENT THE SOLUTION

Create a simple document that could help on the future in case the same problem happens and the current networker will able to solve the problem by follow the same method.

PREVENTIVE MEASURES:

Explain to the computer user what was the problem and how to prevent it in the future example, in the issue of the email problem, the user has to know and note down his mail client settings, also keep safe the straight cable he is using to connect to the switch, also show him or her how to protect hosting NIC card from damages, also show him how to update his browser and patches.

In the case of the print problem, show him how to safely use the printer, also how to update printers driver, also how to install anew printer.

TASK 3

Task4

ACCEPTABLE USER POLICY

Group of rules set by the owner of network,AUP documents are written for many organizations including schools,businesses,isp's to minimize the potential for legal action that may be taken by users.

AUP are important in security of an organization.

So all members of a company have to sign the AUP before they are given access to companies information system.

AUP has to be simple and clear,it should show what users should do and not do with the companies system and infrastructure.

A)Acceptable internet use policy (IMIT COLLEGE)

Use of the internet by employees of [IMIT COLLEGE] is permitted and encouraged where such use supports the goals and objectives of the business.Use of the internet is also encouraged where such use assists the company in any way.

However, [IMIT COLLEGE] has a policy for the use of the internet so employees should ensure that they:

comply with the legislation

use the internet in an acceptable way and safe way

do not create unnecessary business risk

Unacceptable behaviour

In particular the following is unacceptable use by employees:

visiting sites that contain pornographic or otherwise illegal material

doing fraud using the computer

using the internet to abuse or send annoying messages to others

downloading commercial software or any copyrighted materials

hacking into unauthorised sectors

revealing confidential information about [IMIT COLLEGE] in a personal online posting, upload or transmission

undertaking useless activities that waste staff effort or networked resources

introducing any form of harmful software into the corporate network

Company-owned information held on third-party websites

Whenever you collect,produce any information in the course of your work,the information remains the property of IMIT COLLEGE,this includes the information stored on your hard drive or third party sites eg facebook.

Monitoring

[IMIT COLLEGE] accepts that the use of the internet is a valuable business tool. However, misuse of this facility can have a negative impact upon employee productivity and the reputation of the business.

Sanctions

Whenever an employee has failed to comply to this policy, they will face the company's disciplinary process. If the employee is found to have degraded the policy, they will face a judgement,which can be a verbal warning or dismissal. The actual penalty applied will depend on factors such as the seriousness of the breach and the employee's disciplinary record.

Agreement

All company employees, permanent staff ,contractors or temporary staff who have been granted the right to use the company's internet access are required to sign this agreement confirming their understanding and acceptance of this policy. please if you don't understand don't sign and ask for assistance.

B) acceptable email use policy

An email acceptable use policy sets out your employees' responsibilities when using email in their day-to-day working activities,

Use of email by employees of [IMIT COLLEGE] is permitted and encouraged where such use supports the goals and objectives of the business.also if the use is private and safe.

However, [IMIT COLLEGE] has a policy for the use of email.employees should:

comply with legislation

use email in an acceptable way and safe

do not create unnecessary business risk

Unacceptable behaviour

use of company email systems to set up personal businesses or send chain letters

forwarding of company confidential messages to external locations who are not allowed to get the message

storing images, text or materials that might be considered indecent, pornographic

storing images, text or materials that might be considered discriminatory, offensive or abusive,

accessing copyrighted information in a way that violates the copyright

transmitting unsolicited commercial or advertising material

undertaking useless activities that waste staff effort or networked resources

introducing any form of computer virus or malware,Trojan into the corporate network

Monitoring

[IMIT COLLEGE] accepts that the use of email is a valuable business tool. However, misuse of this facility can have a negative impact upon employee productivity and the reputation of the business.

Sanctions

Whenever an employee has failed to comply to this policy, they will face the company's disciplinary process. If the employee is found to have degraded the policy, they will face a judgement,which can be a verbal warning or dismissal. The actual penalty applied will depend on factors such as the seriousness of the breach and the employee's disciplinary record.

Agreement

All company employees, permanent staff ,contractors or temporary staff who have been granted the right to use the company's internet access are required to sign this agreement confirming their understanding and acceptance of this policy. please if you don't understand don't sign and ask for assistance.

C)ACCEPTABLE INSTANT MESSANGERS AND CHAT ROOM

Use of the instant messengers by employees of [IMIT COLLEGE] is permitted and encouraged where such use supports the goals and objectives of the business.Use of the internet is also encouraged where such use assists the company in any way.

However, [IMIT COLLEGE] has a policy for the use of the internet so employees should ensure that they:

comply with the legislation

use the internet in an acceptable way and safe way

do not create unnecessary business risk

Unacceptable behaviour

In particular the following is unacceptable use by employees:

"chat", are not allowed on IMIT servers,

For the purposes of this policy, a "chat" system is defined as a Web site or portion thereof that encourages visitors to post messages in order to engage in "real-time" conversation with other visitors at the same site.

Interactive Web applications are not suitable for IMIT'S shared hosting environment

IMIT usually permit its Users to host forums provided that they are moderated in accordance with IMIT'S Forum Rules

IMIT'S permits its users to host their own personal web logs (blogs) on the following basis:

you accept and understand that any content that you provide to a blog enters an open, public forum, and is not confidential;

by disclosing personal information such as your name and email address in a blog, you acknowledge and understand that this information may be collected and used by other persons to communicate with you;

you may be held legally liable for the content that you provide in a blog;

IMIT'S have the right to remove any offending content or stop your use of a blog or hosting a forum.

Company-owned information held on third-party websites

Whenever you collect,produce any information in the course of your work,the information remains the property of IMIT COLLEGE,this includes the information stored on your hard drive or third party sites eg yahoo messengers.

Monitoring

[IMIT COLLEGE] accepts that the use of the internet is a valuable business tool. However, misuse of this facility can have a negative impact upon employee productivity and the reputation of the business.

Sanctions

Whenever an employee has failed to comply to this policy, they will face the company's disciplinary process. If the employee is found to have degraded the policy, they will face a judgement,which can be a verbal warning or dismissal. The actual penalty applied will depend on factors such as the seriousness of the breach and the employee's disciplinary record.

Agreement

All company employees, permanent staff ,contractors or temporary staff who have been granted the right to use the company's internet access are required to sign this agreement confirming their understanding and acceptance of this policy. please if you don't understand don't sign and ask for assistance.

TASK 5