General Security Concepts

The first section of this chapter deals mainly with fundamental knowledge of authentication, access control, and auditing, also known as AAA in the computer security arena. Along with this, you will learn about different types of attacks and about malicious code that can cause significant damage to the organization’s security setup. The concepts discussed in the following section are as follows:

  • Access control methods

  • Authentication methods

  • Auditing and logging

  • System scanning

  • Types of attacks

  • Types of malicious code

  • Risks involved in social engineering

  • Identifying and disabling nonessential services and protocols

Each of these concepts is discussed in the following sections.

Access Control Models

In this section, you will learn about different types of access control methods. These methods are used to grant or deny access to a network or computer resource by means of security policies and hardware or software applications. In its simplest form, access control to files, folders, and other shared network resources is achieved by means of assigning permissions. Smart cards and biometric devices are examples of hardware devices used for access control. Access control can also be implemented by means of network devices, such as routers and wireless Access Points (APs). You can also achieve access control by implementing security policies, such as remote access policies and rules for connecting to a virtual private network (VPN). The following are the main models or mechanisms ...

Get A+, Network+, Security+ Exams in a Nutshell now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.