General Security Concepts
The first section of this chapter deals mainly with fundamental knowledge of authentication, access control, and auditing, also known as AAA in the computer security arena. Along with this, you will learn about different types of attacks and about malicious code that can cause significant damage to the organization’s security setup. The concepts discussed in the following section are as follows:
Access control methods
Auditing and logging
Types of attacks
Types of malicious code
Risks involved in social engineering
Identifying and disabling nonessential services and protocols
Each of these concepts is discussed in the following sections.
Access Control Models
In this section, you will learn about different types of access control methods. These methods are used to grant or deny access to a network or computer resource by means of security policies and hardware or software applications. In its simplest form, access control to files, folders, and other shared network resources is achieved by means of assigning permissions. Smart cards and biometric devices are examples of hardware devices used for access control. Access control can also be implemented by means of network devices, such as routers and wireless Access Points (APs). You can also achieve access control by implementing security policies, such as remote access policies and rules for connecting to a virtual private network (VPN). The following are the main models or mechanisms ...