fips191_17
FIPS PUB 191
termination of connection after multiple failed logins
user notification of last successful login and number of login failures,
real-time user verification mechanism,
cryptography with unique user keys.
2.2.2 Access Control
This service protects against the unauthorized use of LAN resources, and can be provided by the
use of access control mechanisms and privilege mechanisms. Most file servers and multi-user
workstations provide this service to some extent. However, PCs which mount drives from the
file servers usually do not. Users must recognize that files used locally from a mounted drive
are under the access control of the PC. For this reason it may be important to incorporate access
control, confidentiality and integrity services on PCs to whatever extent possible. Appendix C
highlights some of the concerns that are inherent in the use of PCs.
According to [NCSC87], access control can be achieved by using discretionary access control or
mandatory access control. Discretionary access control is the most common type of access
control used by LANs. The basis of this kind of security is that an individual user, or program
operating on the users behalf is allowed to specify explicitly the types of access other users (or
programs executing on their behalf) may have to information under the users control.
Discretionary security differs from mandatory security in that it implements the access control
decisions of the user. Mandatory controls are driven by the results of a comparison between the
users trust level or clearance and the sensitivity designation of the information.
Access control mechanisms exist that support access granularity for acknowledging an owner, a
specified group of users, and the world (all other authorized users). This allows the owner of
the file (or directory) to have different access rights than all other users, and allows the owner
to specify different access rights for a specified group of people, and also for the world.
Generally access rights allow read access, write access, and execute access. Some LAN
operating systems provide additional access rights that allow updates, append only, etc.
A LAN operating system may implement user profiles, capability lists or access control lists to
specify access rights for many individual users and many different groups. Using these
mechanisms allows more flexibility in granting different access rights to different users, which
may provide more stringent access control for the file (or directory). (These more flexible
mechanisms prevent having to give a user more access than necessary, a common problem with
the three level approach.) Access control lists assign the access rights of named users and named
groups to a file or directory. Capability lists and user profiles assign the files and directories that
can be accessed by a named user.
19