book

Advanced Infrastructure Penetration Testing

by Chiheb Chebbi

February 2018

Intermediate to advanced

396 pages

9h 38m

English

Packt Publishing

Read now

Unlock full access

Content preview from Advanced Infrastructure Penetration Testing

Access control models

Access controls are a form of technical security controls. Subjects and objects are two important terminologies. A subject is an active entity, such as an action (modification or access to a file, for example). An object is a static system entity, such as text file or a database. Basically, there are three types of access control models, described as the following:

Mandatory Access Control (MAC): The system checks the identity of a subject and its permissions with the object permissions. So usually, both subjects and objects have labels using a ranking system (top secret, confidential, and so on).
Discretionary Access Control (DAC): The object owner is allowed to set permissions to users. Passwords are a form of DAC. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Practical Web Penetration Testing

Gus Khawaja

Hands-On Web Penetration Testing with Metasploit

Harpreet Singh, Himanshu Sharma

AWS Penetration Testing

Jonathan Helmus

Securing Network Infrastructure

Sairam Jetty, Sagar Rahalkar

Publisher Resources

ISBN: 9781788624480Supplemental Content