NIST RBAC Model:
The NIST RBAC model comprises four model components (Figure 3.3): which are core RBAC, hierarchical RBAC, static separation of duty (SSD) relations, and dynamic separation of duty (DSD) relations.
2.3 RESEARCH GAP
Zoning is used to provide security in Storage Area Network by preventing the unauthorized access. Although there are two methods of Zoning, they have some advantages and drawbacks. WWN zoning provides flexibility but it is susceptible to spoofing, while port zoning provide security but it is not flexible.
2.3 OBJECTIVE
Objective of this research is to provide the better security, flexibility to a Storage Area Network using the concept of Zoning along with the concept of Role-Based Access Control (RBAC) model.
CHAPTER 3 METHODOLOGY
3.1 PROPOSED MODIFIED MODEL
The Role-Based Zoning model is proposed using the concept of SAN Zoning and Role-Based Access Control (RBAC) model. Role-Based Zoning model provides the better security, flexibility, and reduce traffic overhead.
3.2 Role-Based Zoning:
In SAN Zoning, hosts and storage devices are logically grouped together. These groups are called zones. There are several zones in a storage area network.
But In this proposed model, we logically group the roles instead of hosts and storage devices. Roles are assigned to hosts. There are many-to-many relationship between roles and hosts. Multiple hosts may have a single role and multiple roles may be assigned to a single host. The relationship between roles and the storage is also many-to-many. The specific access rights are associated with each role to access the storage.
The relationship between roles and zones is many-to-many and also there is a many-to-many relationship between zones and storage. Multip...
... middle of paper ...
... IMPLEMENTATION
4.1 Role Based Zoning Model
There are several steps in this model; create roles, create hosts or storage, assign roles to hosts, and create zones, apply constrained on roles, apply constrained on zones.
Definitions:
USERS (U) ← {H1, H2, H3, H4…, Hn}; Set of hosts
STORAGES (S) ← {S1, S2, S3…., Sn}; Set of storages
ROLES (R) ← {R1, R2, R3…, Rn}; Set of roles
HIERARCHY ← {R1 ≥ R2 ≥ R3….. ≥ Rn}; Role hierarchy
PERMISSIONS (P) ← {read, write, modify, own, control}; Set of permissions
Firstly, the system administrator creates roles (R1, R2.., Rn), then hosts (H1, H2…., Hn) and Storage (S1, S2.., Sn). after that Hosts are assigned to different roles. There is a many-to many relationship between hosts and roles. A Single host is assigned to multiple roles and multiple hosts are assigned to a single role.Table1 shows which host is assigned to which role.
The current architecture of the Riordan Manufacturing Company Inc. Wide Area Network (WAN) and network security in place requires updated documentation. The purpose of this paper is to consolidate the existing information into a single format and evaluate the WAN and security documentation for an executive overview. Riordan Manufacturing, Inc. is an industry leader in the field of plastic injection molding. With state-of-the art design capabilities, they create innovative plastic designs that have earned international acclaim. Attention to detail, extreme precision and enthusiastic quality controls are the hallmarks of Riordan Manufacturing. With facilities in San Jose, California, Albany, Georgia, Pontiac, Michigan and Hangzhou, China, the company is heavily dependent upon their communication networks. The documentation produced by this analysis will give the management at Riordan Manufacturing an understanding of their current network topology and a baseline to evaluate security of the network.
This chart provides a visual divide of the organization at the different levels of authority. The boxes on the graph depict a department and position, with those in the same footing being of the same status. Additionally, it shows the relationship between agencies and people working in them. In essence, making it easy for the staff to figure out the structure of the organization, such as, in a large business with more than five members (Reference.com).
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
1. Yes, there is a clear method of organization. The three different points that you mention in the introductory paragraph are stated separately in each paragraph.
2. Once you have segregated the POS network, you need to apply rules on the networking device responsible for the
According to Rothwell, roles are largely determined by their formal structure in large groups and organizations. “The roles each member will play have not been designated in advance but emerge from the transactions conducted among group members,” (Rothwell, 2013). Role emergence is primarily a concern to small, informal, leaderless groups without a history.
These values are manifest through a simple, five level hierarchical structure. Each plant has three levels - the plant manager, seven area superintendents and front-line staff while a divisional layer oversees the plants and projects by area providing the interaction between the headquarters and plants followed by the CEO.
I T controls: - IT can be used to ensure that access to data and systems is restricted to authorized personnel only by using access logs and passwords.
In a computer network, switches are devices that are used to connect devices together. Multiple cables can be connected to a switch to enable networked devices to communicate with each other. The role of a switch is to manage the flow of data throughout a network and this process is effective in its role due to the fact that the messages are sent only to the intended target. The media access control (MAC) is the identification that each device connected to the switch carries. By each device having individual IDs this increases the overall effectiveness and security of a network.
Peer-to-peer is a communications model in which each party has the same capabilities and either party can initiate a communication session. Other models with which it might be contrasted include the client/server model and the master/slave model. In some cases, peer-to-peer communications is implemented by giving each communication node both server and client capabilities. In recent usage, peer-to-peer has come to describe applications in which users can use the Internet to exchange files with each other directly or through a mediating server.
Security consideration features for information systems will vary for the type of information held, but the basic features will hold the information securely. The major security features for the company systems will include a login using a user ID and password, user authorization, and priority access. The security features would also use the four access control models of Identification, Authentication, Authorization, and Accountability. The access control would use the mandatory access control (MAC), which is a structured and coordinated within a data scheme that rates the information collection and the users (Whiteman & Mattord, "Ch 6: Security Management Models," 2010). With the priority access, user authorization, and the user ID and password, the supervisor can authorize the correct access and rights to the employees. These features would prevent any employees who do not have access to the system from entering. The priority access will allow the employees to
A network can be based on either a peer-to-peer level or server-based, also referred to as domain-based. To distinguish the difference, a peer-to-peer network, also known as a workgroup, is a network in which a group of computers are connected together to share resources, such as files, applications, or peripherals. The computers in a peer-to-peer network are peers to one another, meaning no single computer has control over one another. There is also no central location for users to access resources, which means that each individual computer must share their files in order for other computers to have access (Muller, 2003, p.411). “In a peer-to-peer environment, access rights are governed by setting sharing permissions on individual machines.” (Cope, 2002) On the other hand, in a domain-based network, the computers connected together are either servers or clients. All of the other computers connected to the network are called client computers. The server is a dedicated machine that acts as a central location for users to share and access resources. The server controls the level of authority each user has to the shared resources. When logging on to the network, users on client machines are authenticated by the server, based on a user name and password (Lowe, 2004, p.13).
Quite often, organizations find it difficult to implement the decision making. The matrix organizations generate complex reporting relations and roles and the new decision making relations. There are relatively few methods to present these difficult connections. For example, organization charts do not reveal the interactions which do not have direct organizational roles. (McCann et.al. 1983, p. 3).
Data can be organized a specific way for each business to be able to get the best use. Employees can also access the system at the same time but in different ways. For example, the customer service team can pull up documents and keep track of complaints at the same time that the marketing team is in a