Access Controls Supervised by: Dr.Lo’ai Tawalbeh Prepared by: Abeer Saif Introduction: Access Controls: The security features that control how users and systems communicate and interact with one another. Access: The flow of information between subject and object. Subject: An active entity that requests access to an object or the data in an object. Such as a user, program, or process that accesses an object to accomplish a task. Introduction: Object: A passive entity that contains information. Such as: a computer, database, file, computer program, directory, or field in a table in a database, etc. Introduction: Access controls are extremely important because they are one of the first lines of defense used to fight against unauthorized access to systems and network resources. Access controls give organizations the ability to control, restrict, monitor, and protect resource availability, integrity, and confidentiality. Access Control Administration: Two Basic forms: Centralized: One entity is responsible for overseeing access to all corporate resources. Provides a consistent and uniform method of controlling access rights. Decentralized: Gives control of access to the people who are closer to the resources. Has no methods for consistent control, lacks proper consistency. Centralized & Decentralized access: Access Control methods: Access controls can be implemented at various layers of an organization, network, and individual systems. Three broad categories: Administrative Physical Technical (aka Logical) Access Controls ISA 2004 Internet Security & Acceleration Server 2004 ISA 2004 overview: ISA 2004 overview: ISA Server 2004 main roles: Firewall. Packet inspection & filtering. Stateful inspection & filtering. Application layer inspection & filtering. VPN server. Unified firewall & VPN Server. Proxy and Caching server. Forward cache. Backward cache. ISA 2004 overview: ISA Server 2004 as a VPN server: VPN (Virtual Private Network): is a secure network connection created through a public network such as the Internet. Types of VPN connections: VPN clients. Site-Site VPN. Quarantine Control. ISA 2004 overview: Why use VPN connections: Availability. Cost. Internet Protocol security (IPSec): A set of industrystandard, cryptography based protection services and protocols. IPSec protects all protocols in the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite and Internet communications. ISA 2004 overview: Protocols supported by ISA Server 2004: Point-Point tunneling protocol (PPTP): Uses Microsoft’s encryption (MPPE). Less Complex to set than IPsec. Layer two tunneling protocol (L2TP): More secure than PPTP. IPsec concepts more complex. ISA 2004 overview: References: CISSP All-in-One Exam Guide. Installing, Configuring, and Administering Microsoft Windows XP Professional. MCSA/MCSE Self-Paced Training Kit (Exam 70-270). Implementing Microsoft Internet Security and Acceleration Server 2004. MCSA/MCSE Self-Paced Training Kit (Exam 70-350).