Network Security Controls are used to ensure the confidentiality, integrity, and availability of the network services. These security controls are either technical or administrative safeguards implemented to minimize the security risk. To reduce the risk of a network being compromised, an adequate network security requires implementing a proper combination of network security controls.
These network security controls include:
- Access Control
- Identification
- Authentication
- Authorization
- Accounting
- Cryptography
- Security Policy
These controls help organizations with implementing strategies for addressing network security concerns. The multiple layers of network security controls along with the network should be used to minimize the risks of attack or compromise. The overlapping use of these controls ensures defense in depth network security.
Access Control
Access control is a method for reducing the risk of data from being affected and to save the organization’s crucial data by providing limited access of computer resources to users. The mechanism grants access to system resources to read, write, or execute to the user based on the access permissions and their associated roles. The crucial aspect of implementing access control is to maintain the integrity, confidentiality, and availability of the information.
An access control system includes:
– File permissions such as create, read, edit or delete
– Program permissions such as the right to execute a program
– Data rights such as the right to retrieve or update information in a database
There are two types of access controls:
physical and logical. The physical access controls the access to buildings, physical IT assets, etc. The logical access controls the access to networks and data.
In general, access control provides essential services like authorization, identification, authentication, access permissions and accountability.
1) Authorization determines the action a user can perform
2) Identification and authentication identify and permit only authorized users to access the systems
3) The access permissions determine approvals or permissions provided to a user to access a system and other resources
4) Accountability categorizes the actions performed by a user
Access Control Terminology
The following terminologies are used to define access control on specific resources:
1) Subject: A subject may be defined as a user or a process, which attempts to access the objects. Further, subjects are those entities that perform certain actions on the system.
2) Object: An object is an explicit resource on which access restriction is imposed. The Access controls implemented on the objects further control the actions performed by the user. For example, files or hardware devices.
3) Reference Monitor: It monitors the restrictions imposed according to certain access control rules. Reference monitor implements a set of rules on the ability of the subject to perform certain actions on the object.
4) Operation: An operation is an action performed by the subject on the object. A user trying to delete a file is an example of an operation. Here, the user is the subject. Delete refers to the operation and file is the object.
Access Control Principles
Access control principles deal with restricting or allowing the access controls to users or processes. The principle includes the server receiving a request from the user and authenticating the user with the help of an Access Control Instruction (ACO. The server can either allow or deny the user to perform any actions like read, write, access files, etc.
Network Security Control is a part Certified Ethical Hacking v10(CEH v10) training you learn the cyber security attacks and their impact.
Access controls enable users to gain access to the entire directory, subtree of the directory and another specific set of entries and attribute values in the directory. It is possible to set permission values to a single user or a group of users. The directory and attribute values contain the access control instructions. Access control function uses an authorization database, maintained by the security admin, to check the authorization details of the requesting user.
Related Product : Certified Ethical Hacker | CEH Certification
Types of Access Control
Types of access control between how a subject can access an object. The policy for determining the mechanism uses access control technologies and security.
1. Discretionary Access Control (DAC)
Discretionary access controls determine the access controls taken by any possessor of an object in order to decide the access controls of the subjects on those objects. The other name for DAC is a need-to-know access model. It permits the user, who is granted access to information, to decide how to protect the information and the level of sharing desired. Access to files is restricted to users and groups based upon their identity and the groups to which the users belong.
2. Mandatory Access Control (MAC)
The mandatory access controls determine the usage and access policies of the users. Users can access a resource only if that particular user has the access rights to that resource. MAC finds its application in the data marked as highly confidential. The network administrators impose MAC, depending on the operating system and security kernel. It does not permit the end user to decide who can access the information, and does not permit the user to pass privileges to other users as the access could then be circumvented.
3. Role Based Access Control (RBAC)
In role based access control, the access permissions are available based on the access policies determined by the system. The access permissions are out of user control, which means that users cannot amend the access policies created by the system. Users Identification, Authentication, Authorization and Accounting
Identification: Identification deals with confirming the identity of a user, process, or device accessing the network. User identification is the most common technique used in authenticating the users in the network and applications. Users have a unique User ID, which helps in identifying them.
The authentication process includes verifying a user ID and a password. Users need to provide both the credentials in order to gain access to the network. The network administrators provide access controls and permissions to various other services depending on the user ID’s.
Example: Username, Account Number, etc.
Also Read : Overview of Network Security Objectives
Authentication: Authentication refers to verifying the credentials provided by the user while attempting to connect to a network. Both wired and wireless networks perform authentication of users before allowing them to access the resources in the network. A typical user authentication consists of a user ID and a password. The other forms of authentication are authenticating a website using a digital certificate, comparing the product and the label associated with it.
Example: Password, PIN, etc.
Authentication: Authentication refers to verifying the credentials provided by the user while attempting to connect to a network. Both wired and wireless networks perform authentication of users before allowing them to access the resources in the network. A typical user authentication consists of a user ID and a password. The other forms of authentication are authenticating a website using a digital certificate, comparing the product and the label associated with it.
Example: Password, PIN, etc.
Authorization: Authorization refers to the process of providing permission to access the resources or perform an action on the network. Network administrators can decide the access permissions of users on a multi-user system. They even decide the user privileges. The mechanism of authorization can allow the network administrator to create access permissions for users as well as verify the access permissions created for each user.
In logical terms, authorization succeeds authentication. But, the type of resources or perform an action on the network. Network administrators can decide the access permissions of users on a multi-user system. They even decide the user privileges. The mechanism of authorization can allow the network administrator to create access permissions for users as well as verify the access permissions created for each user.
In logical terms, authorization succeeds authentication. But, the type of authentication required for authorization varies. However, there are cases that do not require any authorization of the users requesting for a service.
Example: A user can only read the file but not write to or delete it.
Accounting: User accounting refers to tracking the actions performed by the user on a network. This includes verifying the files accessed by the user, functions like alteration or modification of the files or data. It keeps track of who, when, how the users access the network. It helps in identifying authorized and unauthorized actions.
Questions related to this topic
- How do I add authenticated users to security permissions?
- What is authorization and access control?
- What are the 3 types of access control?
- What is user authorization?
Learn CEH & Think like hacker
- What is Ethical Hacking? & Types of Hacking
- 5 Phases of Hacking
- 8 Most Common Types of Hacker Motivations
- What are different types of attacks on a system
- Scope and Limitations of Ethical Hacking
- TEN Different Types Of Hackers
- What is the Foot-printing?
- Top 12 steps for Foot printing Penetration Testing
- Different types of tools with Email Foot printing
- What is “Anonymizer” & Types of Anonymizers
- Top DNS Interrogation Tools
- What is SNMP Enumeration?
- Top vulnerability scanning tools
- Information Security of Threat
- Foot printing tools:
- What is Enumeration?
- Network Security Controls
- What is Identity and Access Management?
- OWASP high TEN web application security risks
- Password Attacks
- Defend Against Key loggers
- Defend Against Spyware
- Covering Tracks
- Covering Track on Networks
- Everything You Need To Know About Sniffing – Part 1
- Everything You Need To Know About Sniffing – Part 2
- Learn more about GPS Spyware & Apparatuses
- Introduction of USB Spyware and It’s types
- 10 Types of Identity Theft You Should Know About
- Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack
- Most Effective Ways to Overcome Impersonation on Social Networking Site’s Problem
- How Dynamic Host Configuration Protocol (DHCP) Works
- DHCP Request/Reply Messages
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- IOS Switch Commands
- Web Server Concept
- Web Server Attacks
- Web Server Attack Tools
- Web Server Security Tools
- 6 Quick Methodology For Web Server Attack
- Learn Skills From Web Server Foot Printing / Banner Grapping
- The 10 Secrets You Will Never Know About Cyber Security And Its Important?
- Ways To Learn Finding Default Content Of Web Server Effectively
- How will Social Engineering be in the Future
- Understand The Background Of Top 9 Challenges IT Leaders Will Face In 2020 Now
- Learning Good Ways To Protect Yourself From Identity Theft
- Anti-phishing Tools Guide
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
I really like it when people get together and share ideas.
I love reading your site.
I love reading your site.
I love reading your site.
This is a great blog.
Very efficiently written information. It will be useful to anyone who employess it, including yours truly :). Keep doing what you are doing – looking forward to more posts.
I am usually to running a blog and i really appreciate your content. The article has really peaks my interest. I’m going to bookmark your web site and keep checking for new information.