SlideShare uma empresa Scribd logo

Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso a dados

Leinylson Fontinele
Leinylson Fontinele

Slides da aula de Segurança Computacional

Educação
1 de 27
Baixar para ler offline
© 2012 Jones and Bartlett Learning, LLC www.jblearning.com Fundamentals of Information Systems Security Unit 3 Controles de acesso apropriados para sistemas, aplicativos e acesso a dados
Page 2Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Learning Objective Explain the role of access controls in implementing security policy.
Page 3Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Key Concepts § Authorization policies enforcing access control to systems, application, and data § Role of identification in granting access to information systems § Role of authentication in granting access to information systems § Authentication factor types and need for two- or three-factor authentication § Pros and cons of formal models used for access controls
Page 4Introduction to Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com DISCOVER: CONCEPTS
Page 5Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Defining Access Control §The process of protecting a resource so that it is used only by those allowed to do so §Prevents unauthorized use
Page 6Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Four Parts of Access Control Access Control Component Description Authorization Who is approved for access and what can they use? Identification How are they identified? Authentication Can their identities be verified? Accountability How are actions traced to an individual to ensure that the person who makes data or system changes can be identified?
Page 7Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Access Control Basics §Access control provides a set of resources available to the authenticated identity. §Access controls can be logical or physical. §Before authorization can occur, the identity of the account attempting to access a resource must be determined.
Page 8Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Access Control Basics (Continued) §Identification presents credentials. §Authentication associates those credentials with a security principal. §Accountability traces an action to a person or process to know who made the changes to the system or data.
Page 9Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Policy Definition and Policy Enforcement Phases § Policy definition phase decides who has access and what systems or resources they can use. • It is tied to the authorization phase. § Policy enforcement phase grants or rejects requests for access based on the authorizations defined in the first phase. • It is tied to identification, authentication, and accountability phases.
Page 10Introduction to Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com DISCOVER: PROCESSES
Page 11Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Scenario 1 §Select access control methods for the Department of Defense (DoD) network.
Page 12Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Solution §Use a combination of biometric, token-based, and password-form access methods. §Use more complex forms of authentication, such as time-of-day restrictions and hardware encryption devices. §Each account attempting to make a transaction must be properly identified.
Page 13Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Scenario 2 §Select access control methods for an organization that does the majority of its business through public kiosks.
Page 14Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Solution §Authentication can be as simple as an automatic anonymous guest logon shared by all visitors.
Page 15Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Scenario 3 §Select access control methods for an organization that does the majority of its business through Web-based servers.
Page 16Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Solution §Role-based access §Single sign-on §Remote Authentication Dial In User Service (RADIUS) §Strong passwords
Page 17Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com RADIUS
Page 18Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
Page 19Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Desafio-Resposta
Page 20Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Logical Access Control Features Logical Controls Solution? Biometrics Tokens Passwords Single sign-on
Page 21Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Recursos de controle de acesso lógicoLogical Controls Solutions Biometrics • Estático: impressões digitais, granularidade da íris, vasos sanguíneos da retina, características faciais e geometria da mão • Dinâmico: inflexões de voz, traços de teclado e movimentos de assinatura Tokens • Síncrono ou assíncrono • Cartões inteligentes e cartões de memória Passwords • Controles de senha rigorosos para usuários • Políticas de bloqueio de conta • Auditando eventos de logon Single sign-on • Processo Kerberos • Sistema europeu seguro para aplicativos em um ambiente de vários fornecedores (SESAME)
Page 22Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Tipos de Controle de Segurança
Page 23Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Controle de acesso baseados em regras
Page 24Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Controle de acesso baseados em valores, dados
Page 25Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Lista de Controle de Acessos
Page 26Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Questionamento 1 § Como se dá o controle de acesso nos cenários abaixo, isto é, quem define a política de acesso e quem impõe? Cliente/Servidor P2P
Page 27Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Summary § Access control is the process of protecting a resource so that it is used only by those allowed to do so. § Access controls can be logical or physical. § Access control includes identification, authentication, authorization, and accountability. § The four parts of access control can be categorized into policy definition phase and policy enforcement phase.

Recomendados

Aula 05 - Importância do teste, auditoria e monitoramento
Aula 05 - Importância do teste, auditoria e monitoramentoAula 05 - Importância do teste, auditoria e monitoramento
Aula 05 - Importância do teste, auditoria e monitoramentoLeinylson Fontinele
 
Aula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurançaAula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurançaLeinylson Fontinele
 
Aula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informaçõesAula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informaçõesLeinylson Fontinele
 
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...Leinylson Fontinele
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...PECB
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
 

Recomendados

Aula 05 - Importância do teste, auditoria e monitoramento
Aula 05 - Importância do teste, auditoria e monitoramentoAula 05 - Importância do teste, auditoria e monitoramento
Aula 05 - Importância do teste, auditoria e monitoramentoLeinylson Fontinele
 
Aula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurançaAula 04 - Implementação efetiva da política de segurança
Aula 04 - Implementação efetiva da política de segurançaLeinylson Fontinele
 
Aula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informaçõesAula 01 - Fundamentos da segurança dos sistemas de informações
Aula 01 - Fundamentos da segurança dos sistemas de informaçõesLeinylson Fontinele
 
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...
Aula 02 - Aplicação de contramedidas de segurança para mitigar ataques malici...Leinylson Fontinele
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...PECB
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Dr. Ahmed Al Zaidy
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Dr. Ahmed Al Zaidy
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06Skillspire LLC
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3techcouncil
 
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William Tanenbaum
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Dr. Ahmed Al Zaidy
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03Skillspire LLC
 
Funsec3e ppt ch07
Funsec3e ppt ch07Funsec3e ppt ch07
Funsec3e ppt ch07Skillspire LLC
 
Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05Skillspire LLC
 
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxdaniahendric
 

Mais conteúdo relacionado

Mais procurados

Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Dr. Ahmed Al Zaidy
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorCONFENIS 2012
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Dr. Ahmed Al Zaidy
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyClickSSL
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Mukesh Chinta
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3techcouncil
 
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William Tanenbaum
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in IndonesiaEryk Budi Pratama
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Dr. Ahmed Al Zaidy
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copyyuliana_mar
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPandreasschuster
 

Mais procurados (20)

Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
 
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
 
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
 
Funsec3e ppt ch06
Funsec3e ppt ch06Funsec3e ppt ch06
Funsec3e ppt ch06
 
How To Plan Successful Encryption Strategy
How To Plan Successful Encryption StrategyHow To Plan Successful Encryption Strategy
How To Plan Successful Encryption Strategy
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
 
William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015William A. Tanenbaum Association of Benefit Administrators April 2015
William A. Tanenbaum Association of Benefit Administrators April 2015
 
Personal Data Protection in Indonesia
Personal Data Protection in IndonesiaPersonal Data Protection in Indonesia
Personal Data Protection in Indonesia
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
 
Information Security Management. Security solutions copy
Information Security Management. Security solutions copyInformation Security Management. Security solutions copy
Information Security Management. Security solutions copy
 
apsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLPapsec 7 Golden Rules Data Leakage Prevention / DLP
apsec 7 Golden Rules Data Leakage Prevention / DLP
 
Forensic3e ppt ch03
Forensic3e ppt ch03Forensic3e ppt ch03
Forensic3e ppt ch03
 
Funsec3e ppt ch07
Funsec3e ppt ch07Funsec3e ppt ch07
Funsec3e ppt ch07
 

Semelhante a Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso a dados

Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxdaniahendric
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingKaren Oliver
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Access Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxAccess Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxdaniahendric
 
cryptography.pptx
cryptography.pptxcryptography.pptx
cryptography.pptxMhndHTaani
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challengessidraasif9090
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
55994241 cissp-cram
55994241 cissp-cram55994241 cissp-cram
55994241 cissp-crambsnl007
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsSroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsJane Jones
 
SOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core PrinciplesSOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core PrinciplesShyamMishra72
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...PECB
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 

Semelhante a Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso a dados (20)

Funsec3e ppt ch05
Funsec3e ppt ch05Funsec3e ppt ch05
Funsec3e ppt ch05
 
Access Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docxAccess Control, Authentication, and Public Key Infrastructure .docx
Access Control, Authentication, and Public Key Infrastructure .docx
 
Remote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal ThingRemote Access Policy Is A Normal Thing
Remote Access Policy Is A Normal Thing
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
Asset Security
Asset Security Asset Security
Asset Security
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Access Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docxAccess Control, Authentication, and Public Key Infrastructure.docx
Access Control, Authentication, and Public Key Infrastructure.docx
 
cryptography.pptx
cryptography.pptxcryptography.pptx
cryptography.pptx
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challenges
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
55994241 cissp-cram
55994241 cissp-cram55994241 cissp-cram
55994241 cissp-cram
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle AppsSroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
Sroaug October 27 2017 Learn to Streamline User Provisioning in Oracle Apps
 
SOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core PrinciplesSOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core Principles
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Co p
Co pCo p
Co p
 

Mais de Leinylson Fontinele

Utilização do editor de texto Word
Utilização do editor de texto WordUtilização do editor de texto Word
Utilização do editor de texto WordLeinylson Fontinele
 
A história da Segurança da Informação
A história da Segurança da InformaçãoA história da Segurança da Informação
A história da Segurança da InformaçãoLeinylson Fontinele
 
Introdução ao Prolog - Prof. Sérgio S. Costa
Introdução ao Prolog - Prof. Sérgio S. CostaIntrodução ao Prolog - Prof. Sérgio S. Costa
Introdução ao Prolog - Prof. Sérgio S. CostaLeinylson Fontinele
 
Aula 02 - Agentes e problemas de busca
Aula 02 - Agentes e problemas de buscaAula 02 - Agentes e problemas de busca
Aula 02 - Agentes e problemas de buscaLeinylson Fontinele
 
Aula 04 - Diagrama de casos de uso
Aula 04 - Diagrama de casos de usoAula 04 - Diagrama de casos de uso
Aula 04 - Diagrama de casos de usoLeinylson Fontinele
 
Aula 1 - Introdução a Engenharia de Software
Aula 1 - Introdução a Engenharia de SoftwareAula 1 - Introdução a Engenharia de Software
Aula 1 - Introdução a Engenharia de SoftwareLeinylson Fontinele
 

Mais de Leinylson Fontinele (20)

Utilização do editor de texto Word
Utilização do editor de texto WordUtilização do editor de texto Word
Utilização do editor de texto Word
 
Prática com slide.pptx
Prática com slide.pptxPrática com slide.pptx
Prática com slide.pptx
 
A galinha carijó
A galinha carijóA galinha carijó
A galinha carijó
 
Descrição do Projeto 8 puzzle
Descrição do Projeto 8 puzzleDescrição do Projeto 8 puzzle
Descrição do Projeto 8 puzzle
 
Aula 02 - Agentes Inteligentes
Aula 02 - Agentes InteligentesAula 02 - Agentes Inteligentes
Aula 02 - Agentes Inteligentes
 
Aula 01 - Visão Geral da IA
Aula 01 - Visão Geral da IAAula 01 - Visão Geral da IA
Aula 01 - Visão Geral da IA
 
A história da Segurança da Informação
A história da Segurança da InformaçãoA história da Segurança da Informação
A história da Segurança da Informação
 
Introdução ao Prolog - Prof. Sérgio S. Costa
Introdução ao Prolog - Prof. Sérgio S. CostaIntrodução ao Prolog - Prof. Sérgio S. Costa
Introdução ao Prolog - Prof. Sérgio S. Costa
 
Caso 1 - Boing 777
Caso 1 - Boing 777Caso 1 - Boing 777
Caso 1 - Boing 777
 
Caso 2 - Aeroporto de Denver
Caso 2 - Aeroporto de DenverCaso 2 - Aeroporto de Denver
Caso 2 - Aeroporto de Denver
 
Aula 02 - Agentes e problemas de busca
Aula 02 - Agentes e problemas de buscaAula 02 - Agentes e problemas de busca
Aula 02 - Agentes e problemas de busca
 
Aula 01 - Visão geral da IA
Aula 01 - Visão geral da IAAula 01 - Visão geral da IA
Aula 01 - Visão geral da IA
 
Aula 7 - Modelagem de Software
Aula 7 - Modelagem de SoftwareAula 7 - Modelagem de Software
Aula 7 - Modelagem de Software
 
Aula 6 - Qualidade de Software
Aula 6 - Qualidade de SoftwareAula 6 - Qualidade de Software
Aula 6 - Qualidade de Software
 
Aula 07 - Diagrama de sequencia
Aula 07 - Diagrama de sequenciaAula 07 - Diagrama de sequencia
Aula 07 - Diagrama de sequencia
 
Aula 06 - Diagrama de classes
Aula 06 - Diagrama de classesAula 06 - Diagrama de classes
Aula 06 - Diagrama de classes
 
Aula 04 - Diagrama de casos de uso
Aula 04 - Diagrama de casos de usoAula 04 - Diagrama de casos de uso
Aula 04 - Diagrama de casos de uso
 
Aula 1 - Introdução a Engenharia de Software
Aula 1 - Introdução a Engenharia de SoftwareAula 1 - Introdução a Engenharia de Software
Aula 1 - Introdução a Engenharia de Software
 
Aula 2 - Modelos de processos
Aula 2 - Modelos de processosAula 2 - Modelos de processos
Aula 2 - Modelos de processos
 
Minicurso de App Inventor
Minicurso de App InventorMinicurso de App Inventor
Minicurso de App Inventor
 

Último

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 

Último (20)

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 

Aula 03 - Controles de acesso apropriados para sistemas, aplicativos e acesso a dados

  • 1. © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Fundamentals of Information Systems Security Unit 3 Controles de acesso apropriados para sistemas, aplicativos e acesso a dados
  • 2. Page 2Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Learning Objective Explain the role of access controls in implementing security policy.
  • 3. Page 3Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Key Concepts § Authorization policies enforcing access control to systems, application, and data § Role of identification in granting access to information systems § Role of authentication in granting access to information systems § Authentication factor types and need for two- or three-factor authentication § Pros and cons of formal models used for access controls
  • 4. Page 4Introduction to Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com DISCOVER: CONCEPTS
  • 5. Page 5Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Defining Access Control §The process of protecting a resource so that it is used only by those allowed to do so §Prevents unauthorized use
  • 6. Page 6Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Four Parts of Access Control Access Control Component Description Authorization Who is approved for access and what can they use? Identification How are they identified? Authentication Can their identities be verified? Accountability How are actions traced to an individual to ensure that the person who makes data or system changes can be identified?
  • 7. Page 7Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Access Control Basics §Access control provides a set of resources available to the authenticated identity. §Access controls can be logical or physical. §Before authorization can occur, the identity of the account attempting to access a resource must be determined.
  • 8. Page 8Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Access Control Basics (Continued) §Identification presents credentials. §Authentication associates those credentials with a security principal. §Accountability traces an action to a person or process to know who made the changes to the system or data.
  • 9. Page 9Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Policy Definition and Policy Enforcement Phases § Policy definition phase decides who has access and what systems or resources they can use. • It is tied to the authorization phase. § Policy enforcement phase grants or rejects requests for access based on the authorizations defined in the first phase. • It is tied to identification, authentication, and accountability phases.
  • 10. Page 10Introduction to Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com DISCOVER: PROCESSES
  • 11. Page 11Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Scenario 1 §Select access control methods for the Department of Defense (DoD) network.
  • 12. Page 12Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Solution §Use a combination of biometric, token-based, and password-form access methods. §Use more complex forms of authentication, such as time-of-day restrictions and hardware encryption devices. §Each account attempting to make a transaction must be properly identified.
  • 13. Page 13Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Scenario 2 §Select access control methods for an organization that does the majority of its business through public kiosks.
  • 14. Page 14Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Solution §Authentication can be as simple as an automatic anonymous guest logon shared by all visitors.
  • 15. Page 15Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Scenario 3 §Select access control methods for an organization that does the majority of its business through Web-based servers.
  • 16. Page 16Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Solution §Role-based access §Single sign-on §Remote Authentication Dial In User Service (RADIUS) §Strong passwords
  • 17. Page 17Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com RADIUS
  • 18. Page 18Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com
  • 19. Page 19Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Desafio-Resposta
  • 20. Page 20Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Logical Access Control Features Logical Controls Solution? Biometrics Tokens Passwords Single sign-on
  • 21. Page 21Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Recursos de controle de acesso lógicoLogical Controls Solutions Biometrics • Estático: impressões digitais, granularidade da íris, vasos sanguíneos da retina, características faciais e geometria da mão • Dinâmico: inflexões de voz, traços de teclado e movimentos de assinatura Tokens • Síncrono ou assíncrono • Cartões inteligentes e cartões de memória Passwords • Controles de senha rigorosos para usuários • Políticas de bloqueio de conta • Auditando eventos de logon Single sign-on • Processo Kerberos • Sistema europeu seguro para aplicativos em um ambiente de vários fornecedores (SESAME)
  • 22. Page 22Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Tipos de Controle de Segurança
  • 23. Page 23Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Controle de acesso baseados em regras
  • 24. Page 24Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Controle de acesso baseados em valores, dados
  • 25. Page 25Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Lista de Controle de Acessos
  • 26. Page 26Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Questionamento 1 § Como se dá o controle de acesso nos cenários abaixo, isto é, quem define a política de acesso e quem impõe? Cliente/Servidor P2P
  • 27. Page 27Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Summary § Access control is the process of protecting a resource so that it is used only by those allowed to do so. § Access controls can be logical or physical. § Access control includes identification, authentication, authorization, and accountability. § The four parts of access control can be categorized into policy definition phase and policy enforcement phase.