Analyze the datagram to determine the source and destination IP addresses and ports. Source IP =...

Compare and contrast Mandatory Access Control, Discretionary Access Control, and Role Based Access Control. Students must go into depth to receive credit for this.

Discretionary Access Control

In discretionary access control (DAC), the owner of the object specifies which subjects can access the object. This model is called discretionary because the control of access is based on the discretion of the owner.

Most operating systems such as all Windows, Linux, and Macintosh and most flavors of Unix are based on DAC models.

In these operating systems, when you create a file, you decide what access privileges you want to give to other users; when they access your file, the operating system will make the access control decision based on the access privileges you created.

Pros

• User-friendly — Users can manage their data and quickly access data of other users.
• Flexible — Users can configure data access parameters without administrators.
• Easy to maintain — Adding new objects and users doesn’t take much time for the administrator.
• Granular — Users can configure access parameters for each piece of data.

Cons

• Low level of data protection — DAC can’t ensure reliable security because users can share their data however they like.
• Obscure — There’s no centralized access management, so in order to find out access parameters, you have to check each ACL.

Mandatory Access Control

In mandatory access control (MAC), the system (and not the users) specifies which subjects can access specific data objects.

The MAC model is based on security labels. Subjects are given a security clearance (secret, top secret, confidential, etc.), and data objects are given a security classification (secret, top secret, confidential, etc.). The clearance and classification data are stored in the security labels, which are bound to the specific subjects and objects.

When the system is making an access control decision, it tries to match the clearance of the subject with the classification of the object. For example, if a user has a security clearance of secret, and he requests a data object with a security classification of top secret, then the user will be denied access because his clearance is lower than the classification of the object.

The MAC model is usually used in environments where confidentiality is of utmost importance, such as a military institution.

Examples of the MAC-based commercial systems are SE Linux and Trusted Solaris.

Pros and cons of MAC

Pros

• High level of data protection — An administrator defines access to objects, and users can’t edit that access.
• Granular — An administrator sets user access rights and object access parameters manually.
• Immune to Trojan Horse attacks — Users can’t declassify data or share access to classified data.

Cons

• Maintainability — Manual configuration of security levels and clearances requires constant attention from administrators.
• Scalability — MAC doesn’t scale automatically.
• Not user-friendly — Users have to request access to each new piece of data; they can’t configure access parameters for their own data

Role Based Access Control

Role Based Access Control (RBAC), also known as Non discretionary Access Control, takes more of a real world approach to structuring access control. Access under RBAC is based on a user's job function within the organization to which the computer system belongs.

Essentially, RBAC assigns permissions to particular roles in an organization. Users are then assigned to that particular role. For example, an accountant in a company will be assigned to the Accountant role, gaining access to all the resources permitted for all accountants on the system. Similarly, a software engineer might be assigned to the developer role.

Roles differ from groups in that while users may belong to multiple groups, a user under RBAC may only be assigned a single role in an organization. Additionally, there is no way to provide individual users additional permissions over and above those available for their role. The accountant described above gets the same permissions as all other accountants, nothing more and nothing less.

Refer,

https://www.govinfo.gov/content/pkg/GOVPUB-C13-c259b09b0a792f1b4ec649f11a1d62f8/pdf/GOVPUB-C13-c259b09b0a792f1b4ec649f11a1d62f8.pdf

for more detailed study, it helps a lot!

Analyze the datagram to determine the source and destination IP addresses and ports.

Source IP =

Source Port =

Destination IP=

Destination port =

Datagram is not provided, please make sure that you furnish as other question in case if you need the solution!

Hope it helps you! :-)