Model for Network Security is a description of the security features of an operating system or network. Hence, that increases the security of the user’s account.
A model is a description of something. A security model is a description of the security features of an operating system or network.
For example, one operating system has a security model that defines a single security identity for each user. That identity includes the user’s name and password.
Two-factor authentication
The operating system supports two-factor authentication to increase the security of this identity. In this case, two-factor authentication requires the user to enter both his or her password and a numeric code. Further, from an alphanumeric keypad device that generates random numbers. The random number must be in real-time as the user types his or her password. This two-factor authentication greatly increases the security of the user’s account. Because an attacker would have to steal both the user’s username and password. And know how to use the keypad device to generate random numbers.
A different operating system has a more advanced security model. Hence, that uses virtual private network (VPN) technology to secure remote connections from users at the protected organization’s offices. These remote users have no access to files on their local computers when they log on to their workstations in their offices. However, when they make a VPN connection back into their office network, they are given access to their local file systems. And can access files on their local desktop systems. The VPN solution can also provide encryption of data as it travels between the remote client and the office network using IPSec technology.
In both these cases, an attacker would need to know about each model’s specific vulnerabilities before he or she could successfully attack them. To understand these models better, we need to look at some common models in use today:
• Mandatory access control (MAC)
This is a form of computer security used in multiuser operating systems such as OpenVMS, Unix, and VMS operating systems; systems running OpenVMS are still in use today, including by some large organizations in the defense industry. MAC allows administrators to define which files users can read and write. And when they can do so by assigning each resource (file or directory) with an Access Control List (ACL).
• Discretionary access control (DAC)
A security policy used by UNIX and Linux operating systems. DAC allows each user to define his or her own set of permissions for the files on a computer system. A user can apply permissions to a file, such as read/write (R/W), read-only (R), or no permission (N). The owner of the file can change these permissions at any time. For example, if you create a file on your computer and give yourself permission to read it. No one else can read the file unless you grant them permission to do so.
• Role-based access control (RBAC)
A type of security model that bases access decisions on the roles users play in an organization. Rather than on their individual identities. For example, in an organization that uses RBAC. All users are assigned one or more roles that are defined by management. When users need access to specific resources, they must prove they have the rights and privileges associated with those roles. Access decisions are then based on the role rather than on the individual user’s identity.
• Multilevel security (MLS)
A security model that provides different levels of security for different types of information within a single system or network. MLS policies provide a separation between high-level security data and low-level security data within the same system or network.
• Multilevel integrity (MLI)
This is another type of MLS that combines integrity with confidentiality into one policy. So that all information has both confidentiality and integrity controls applied to it when necessary.
• Multilevel assurance (MLA)
It is another type of MLS used to apply controls at different levels within a system or network. In order to provide assurance at those levels according to specific requirements and policies established by management.