To Contact Me

Phone: 07768 113497

Fax: 01473 423491


CISSP Domain 1: Access Control Systems & Methodology

Home Page | Network Penetration Testing | Firewall and VPN Engineering | Network Design | Security Policy | Network Support | Employment / Contract History | CV and References | Personal

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It permits management to specify what users can do, which resources they can access, and what operations they can perform on a system.

The candidate should fully understand access control concepts, methodologies and implementation within centralized and decentralized environments across the enterprise's computer systems. Access control techniques, detective and corrective measures should be studied to understand the potential risks, vulnerabilities, and exposures.


Key Areas of Knowledge


.§ Accountability

§ Access Control techniques

§  Discretionary Access Control

§  Mandatory Access Control

§  Lattice-based Access Control

§  Rule-based Access Control

§  Role-based Access Control

§  Access Control Lists

§ Access Control Administration

§  Account Administration

§  Account, Log, and Journal Monitoring

§  Access Rights and Permissions

§  Establishment (authorization)

§  File and Data Owners, Custodians, and Users

§  Principle of Least Privilege

§  Segregation of Duties and Responsibilities

§  Maintenance

§  Revocation

§ Access Control Models

§ Bell-LaPadula

§  Biba

§  Clark and Wilson

§  Non-interference Model

§  State Machine Model

§  Access Matrix Model

§  Information Flow Model

§ Identification and Authentication Techniques

§  Knowledge-based passwords, Personal Identification Numbers

(PINs), phrases

§  Passwords

§  Selection

§  Management

§  Control

§  Characteristic-based (biometrics, behavior)

§  Tokens

§  Tickets

§  One-time Passwords

§  Token-based (smart card, key card)

§  Administrative

§  Single Sign-On (SSO)

§ Access Control Methodologies and Implementation

§  Centralized/Remote Authentication Access Controls

§  RADIUS

§  TACACS

§  Decentralized Access Control

§  Domains

§  Trust

§ File and Data Ownership and Custodianship

§ Methods of Attack

§  Brute Force

§  Denial of Service

§  Dictionary

§  Spoofing

§  Man-in-the-middle attacks

§  Spamming

§  Sniffers

§  Crackers

§ Monitoring

§  Intrusion Detection

§  Types of intrusions

§  Intrusion prevention (identification, authentication)

§  Intrusion detection (data extraction, sampling, recognition, traffic)

§  Attack signature identification

§  Intrusion reactive response

§  Anomaly identification

§  Intrusion response

§  Alarms

§  Signals

§  Audit Trails 

§  Violation Reports

§  Corrections

§ Penetration Testing

Click to email me