Mac/dac/rbac

Hi all,

I am preparing for security+ and referring Darril Gibson's book (nicely written). There was this question and I am not able to digest the answer. Could someone pls help

Q. The system administrator establishes access permissions to network resources in the ________ access control model.

If MAC, what are the security levels assigned to object and subjects. Why not DAC and RBAC.

Many thanks in advance

Find more posts tagged with

Comments

MattSC

ketanwip wrote: »

Hi all,

I am preparing for security+ and referring Darril Gibson's book (nicely written). There was this question and I am not able to digest the answer. Could someone pls help

Q. The system administrator establishes access permissions to network resources in the ________ access control model.

If MAC, what are the security levels assigned to object and subjects. Why not DAC and RBAC.

Many thanks in advance

I would answer with MAC with possible levels being secret, top secret and confidential. With DAC, the owner of each resource controls the permissions. With RBAC, your role/duty in the organization determines the access you receive.

I don't have my book at hand, so I can't re-read Darril's take on the situation now, but during my prep for the exam, I associated MAC with an administrator.

ketanwip

Thanks Matt. Considering some organization which having provisioning system, Payroll system, HR system etc. Each system or resource has its owner or admin who approve access to their system or resource. Is this access control model MAC? or DAC?

Dr IT

I would go for MAC as MAC can be classfied using a labels and set by admin.

RBAC is not in - as it uses role or rules defined .

DAC is done by the object/file owner , so this leaves us with MAC as the only option.

Hope that helps

ketanwip

Thanks Dr. IT. I think, I got it.

fss

MattSC wrote: »

I would answer with MAC with possible levels being secret, top secret and confidential.

I agree with the answer being MAC, but the USG classification system is more akin to RBAC than MAC. MAC access levels would be more along the lines of "read", "write", and "execute."