top of page

FOUR OF THE BEST THINGS YOU CAN BUY TO PASS THE CISSP EXAM

71OMr0D4FrL._SL1500_.jpg
119159849_10158061653118813_5314694876572739015_n.jpg
four video.png
71eSH5cSYiL._SL1377_.jpg

Access Control: Non-Discretionary

You might see a lot of questions on the CISSP exam about rule-based and role-based access.

Firewalls are an example of rule-based access.

Active Directory user profiles are a form of role-based access.

Role and Rule-based controls are called Non-Discretionary controls.

8 years ago when I was just a junior systems administrator, the IT Director provisioned me a new desktop computer networked to Active Directory.

I wanted to immediately change the desktop wallpaper to a picture of Chewbacca playing the drums in a giant rock band with Han Solo as the lead guitarist, while Darth Vader floats down onto the stage, and Princess Leia belching out the vocals.

But I couldn’t.

I couldn’t change the desktop wallpaper, I couldn’t change the system time, couldn’t access cmd.exe, or change my password.

At first, I thought this was a show of force by the Director. A form of centralized access control made by a player who has played the game longer and knows the tricks and strategies to best a rookie junior administrator.

Now as a security engineer, I realized the IT Directory didn’t grant me the ability to change the system time because it would interfere with NTP (protocol to maintain date and time), or distribution of encrypted session keys.

Quite simply, non-discretionary access controls are ones that are not at the discretion of the user. They are global rules, they apply to mostly everyone, so don’t feel bad : )

Comentários


bottom of page