CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass
Showing posts with label RBAC. Show all posts
Showing posts with label RBAC. Show all posts

Tuesday, October 15, 2024

Security Groups

 Security Groups

Security groups can be used to control access to resources and data and to manage network traffic:

Control access

Security groups can grant users access to applications, actions, and data. For example, in Active Directory, you can assign user rights to security groups (RBAC) to determine what group members can do.

Manage network traffic

Security groups can be used to control the traffic that can reach and leave resources. For example, in AWS, you can create security groups with inbound and outbound rules to control traffic to and from an EC2 instance.

Protect against threats

Security groups can be used to protect against threats like credential theft, fraud, and brand impersonation.

Here are some examples of how security groups can be used:

Google Admin console

To make a group a security group, you can add the Security label to it in the Google Admin console.

Azure application security groups

You can group virtual machines and define network security policies based on those groups.

AWS security groups

You can create security groups with inbound and outbound rules to control traffic to and from an EC2 instance (Virtual Machine).

Posted by at No comments:
Labels: , ,

Sunday, May 5, 2024

Access Control Methods

 ABAC, DAC, MAC, Role-BAC, Rule-BAC

ABAC (Attribute-Based Access Control)
The most fine-grained access control.
Access is based on a combination of subject and object attributes
  • Operating system
  • IP address
  • Up-to-date patches
  • Up-to-date antimalware
  • Employee's identity
  • Time of day
  • Location
  • Type of device
DAC (Discretionary Access Control)
  • Based on the owner of the file or folder
  • The owner decides who gets access and the type of access
  • Windows, Linux, and UNIX use a DAC method
MAC (Mandatory Access Control)
  • Each object is assigned a classification label
  • Each subject is assigned a clearance level (such as Confidential, Secret, or Top Secret)
  • A subject with the label "Secret" would be unable to access "Top Secret" data as it would be above its clearance level.
  • Also, based on "Need to know," in other words, not everything will they have access to at its security level. 
RBAC (Role-Based Access Control)
  • Based on your job function (role)
  • Group-based security
  • Group examples: Accounting, HR, IT, Sales. etc
RBAC (Rule-Based Access Control)
  • System enforced rules
  • Some rule triggers the access control
  • Time of day 
  • Conditional access is a form of rule-based access control
  • UAC (User Account Control - Windows) and sudo - Linux are examples of conditional access

Posted by at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)