CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [228]
In the following sections, we’ll look at each of these methods from a business perspective. You learned about the technical aspects in earlier chapters.
Mandatory Access Control
Mandatory Access Control (MAC) is clearly an inflexible method for how information access is allowed. In a MAC environment, all access capabilities are predefined. Users can’t share information unless their rights to share it were established by administrators; administrators must make any changes that need to be made. This process enforces a rigid model of security.
For a MAC model to work effectively, administrators and network designers must think relationships through carefully. The advantage of this model is that security access is well established and defined, making security breaches easier to investigate and correct. A well-designed MAC model can make the job of information control easier and can essentially lock down a network. The major disadvantages of this model are the lack of flexibility and the fact that its needs change over time. The inability of administrative staff to address these changes can sometimes make the model hard to keep up.
Discretionary Access Control
In a Discretionary Access Control (DAC) model, network users have some flexibility regarding how information is accessed. This model allows users to dynamically share information with other users. The method allows a more flexible environment, but it increases the risk of unauthorized disclosure of information. Administrators have a more difficult time ensuring that information access is controlled and that only appropriate access is given out.
Role-Based Access Control
Role-Based Access Control (RBAC) models approach the problem of access control based on established roles in an organization. RBAC models implement access by job function or by responsibility. Each employee has one or more roles that allow access to specific information. If a person moves from one role to another, the access for the previous role will no longer be available. RBAC models provide more flexibility than a MAC model and less flexibility than the DAC model. They do, however, have the advantage of being strictly based on job function as opposed to individual needs.
Rule-Based Access Control
Rule-Based Access Control (RBAC) uses the settings in pre-configured security policies to make all decisions. These rules can be to deny all but those who specifically appear in a list (an allow list), or deny only those who specifically appear in the list (a true deny list). Entries in the list may be actual usernames, IP addresses, hostnames, or even domains. Rule-Based models are often being used in conjunction with Role-Based to add greater flexibility.
Summary
In this chapter, you learned about the many aspects involved in the operations of a secure environment. You studied business continuity, vendor support, security policies, security procedures, and privilege management. Each of these areas must be addressed and considered before you can be assured of a reasonable level of safety.
The issue of reliable service from utility companies, such as electricity and water, should be evaluated as part of your disaster recovery process. Addressing potential problems as part of your business decision making can prevent unanticipated surprises.
High-availability systems usually provide fail-over capabilities. These systems can use redundant components or fault-tolerant technologies. Clustering is a method of using multiple