2022 information security engineer examination knowledge point: access control

I have arranged for you 2022 Knowledge points of information security engineer examination in ： Access control , I hope it will be helpful for you to prepare for the information security engineer exam .

Access control

【 Test method analysis 】

This knowledge point is mainly to examine the contents related to access control .

【 Key points analysis 】

1． Role based access control design , The basic idea is this , Various permissions for system operation are not directly granted to specific users , Instead, a role set is created between the user set and the permission set .

Each role corresponds to a corresponding set of permissions , To simplify user rights management , Reduce system overhead .

2．Kerberos agreement ： In an open distributed network environment , Users access the services provided on the server through the workstation . The server should be able to restrict the access of unauthorized users and authenticate requests for services .

The workstation cannot be trusted by the network service that it can correctly identify users , That is, there are three threats to the workstation ： A user on a workstation may impersonate another user to operate ;

A user may change the network address of a workstation , So as to pretend to work as another workstation ;

A user may eavesdrop on the information exchange of others , And replay the attack to gain access to a server or interrupt the operation of the server .

The above problems can be attributed to the fact that an unauthorized user can obtain services or data that he / she does not have permission to access .

Kerberos Is a standard network identity authentication protocol , It aims to provide “ Identity Authentication ”. It is based on trusted third parties , It is like a broker that centrally authenticates users and issues electronic identities .

3．Kerberos Requirements that the system should meet ：① Security ;② reliable ;③ transparent ;④ Telescopic .

4．Kerberos Design ideas and problems ： Use one （ Or a group ） Independent authentication server （Authentication Server,AS）, For users in the network （C） Provide identity authentication services ;

Authentication server （AS）, Household registration order issued by AS Save in database ;

AS With each server （V） Share a secret key （Kv）（ Has been safely distributed ）.

The above agreement problem is ： Password plaintext transmission will be eavesdropped .

Validity of the instrument （ Used multiple times ）.

Access to multiple servers requires multiple ticket applications （ That is, the password is used more than once ）.

Solve the above problems ,Kerberos The protocol uses ticket reuse and introduces a ticket license server （Tickert Granting Server,TGS）.

5． Password guessing techniques include ：① brute force（ Violent attack ）;

② Character frequency analysis ;

③ Rainbow watch ;

④Dictioingary Attack（ Dictionary attack ）;

⑤ Password guessing based on probability ;

⑥ JTR：John the Ripper It is one of the most popular password cracking tools , Open source software , It can be downloaded for free on its website ;

⑦HASHCAT：HashCat It is the fastest in the world CPU Password cracking tool .

6． User identity authentication is the first security line of information system , user name — Password mechanism is the most commonly used method in identity authentication . But the password mechanism is easy to understand 、 Easy to use and easy to implement , This makes password mechanism still an important method of user authentication in the future .

【 For reference 】

Understand and understand relevant knowledge points .