



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Devops notes....................................................................................................................................................................................................................................................................
Typology: Study notes
1 / 7
This page cannot be seen from the preview
Don't miss anything!




1) What Is Security?
vi) Elevation of privilege. In this type of threat, an unprivileged user gainsprivileged access and thereby has sufficient access to compromise ordestroy the entire system. 3) Resources to Be Protected
4) Security Roles and Activities ✓ Four different roles related to security. ✓ The people performing these roles may belong to the same organization or to different organizations. i) Security architect. ✓ A security architect is responsible for the design of an organization’s network to achieve security for the network. ✓ The security architect is also responsible for overseeing the implementation of the network.
Passwords can be compromised in several different ways: a) An attacker breaks an individual’s password through various forms of brute force attacks. Controls specify minimum password length, password lifetime, and limits on password reuse. b) A user allows her or his password to be determined through social engineering means. There are controls about security education for users, but perhaps the most notorious use of social engineering to determine a password. One of the controls to prevent this type of attack is to require that default passwords be changed before a system goes into production. c) An authorized user changes roles or leaves the organization. When an employee leaves the organization, a control specifies that their account privileges are deleted within a short time frame. d) Your system is compromised, allowing determination of passwords. Controls specify that passwords must be stored in an encrypted form using an approved piece of cryptographic software. iv) Authorization Once a user is identified then it becomes possible to control access to resources based on the privileges granted to that user. Control: The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
v) Techniques to Control Access to Resources There are two fundamental techniques used to control access to resources: access control lists (ACLs) and capabilities. a) ACLs. ✓ An ACL is a list of users or roles and allowed operations attached to a resource such as a file system or database field. ✓ When a user asks for access to the resource to perform a particular operation, the list is examined to determine whether that user or role has the right to perform that operation on the resource. b) Capability****. ✓ A capability is a token that grants particular rights on a resource. ✓ A good analogy is a key and a lock. ✓ The capability is the key; the resource maintains the lock. When access is requested, the resource will verify that the token provided with the access request contains sufficient privileges for the provider of that token to be granted access. vi) Role-Based Access Control ✓ RBAC is based on a mapping between individuals and roles. ✓ A role is allowed certain access privileges, and the identity management system maintains a mapping between users and roles. ✓ It also maintains a mapping between roles and privileges. ✓ Then, when a user changes roles, the mapping between users and roles is changed as well and the authorization system is provided with the information appropriate to the