Access Controls
Supervised by: Dr.Lo’ai Tawalbeh
Prepared by: Abeer Saif
Introduction:



Access Controls: The security features that control
how users and systems communicate and interact with
one another.
Access: The flow of information between subject and
object.
Subject: An active entity that requests access to an
object or the data in an object. Such as a user,
program, or process that accesses an object to
accomplish a task.
Introduction:

Object: A passive entity that contains information.
Such as: a computer, database, file, computer
program, directory, or field in a table in a database,
etc.
Introduction:


Access controls are extremely important because they
are one of the first lines of defense used to fight
against unauthorized access to systems and network
resources.
Access controls give organizations the ability to
control, restrict, monitor, and protect resource
availability, integrity, and confidentiality.
Access Control Administration:
Two Basic forms:
 Centralized: One entity is responsible for
overseeing access to all corporate resources.
Provides a consistent and uniform method of
controlling access rights.
 Decentralized: Gives control of access to the
people who are closer to the resources.
Has no methods for consistent control, lacks
proper consistency.
Centralized & Decentralized access:
Access Control methods:


Access controls can be implemented at various layers
of an organization, network, and individual systems.
Three broad categories:
 Administrative
 Physical
 Technical (aka Logical)
Access Controls
ISA 2004
Internet Security & Acceleration Server 2004
ISA 2004 overview:
ISA 2004 overview:

ISA Server 2004 main roles:



Firewall.
 Packet inspection & filtering.
 Stateful inspection & filtering.
 Application layer inspection & filtering.
VPN server.
 Unified firewall & VPN Server.
Proxy and Caching server.
 Forward cache.
 Backward cache.
ISA 2004 overview:

ISA Server 2004 as a VPN server:
 VPN (Virtual Private Network): is a secure
network connection created through a public
network such as the Internet.
 Types of VPN connections:
VPN clients.
 Site-Site VPN.
 Quarantine Control.

ISA 2004 overview:

Why use VPN connections:



Availability.
Cost.
Internet Protocol security (IPSec): A set of industrystandard, cryptography based protection services and
protocols. IPSec protects all protocols in the
Transmission Control Protocol/Internet Protocol
(TCP/IP) protocol suite and Internet communications.
ISA 2004 overview:

Protocols supported by ISA Server 2004:

Point-Point tunneling protocol (PPTP):



Uses Microsoft’s encryption (MPPE).
Less Complex to set than IPsec.
Layer two tunneling protocol (L2TP):


More secure than PPTP.
IPsec concepts more complex.
ISA 2004 overview:
References:

CISSP All-in-One Exam Guide.
 Installing, Configuring, and Administering
Microsoft Windows XP Professional.
MCSA/MCSE Self-Paced Training Kit (Exam 70-270).

Implementing Microsoft Internet Security and
Acceleration Server 2004.
MCSA/MCSE Self-Paced Training Kit (Exam 70-350).