In mandatory access control, or MAC, systems, the operating system itself restricts the permissions that may be granted to users and processes on system resources. Users themselves cannot modify permissions. In this video, learn the concept of mandatory access controls and rule-based access controls.
- [Mike] Mandatory access control systems…are the most stringent type of access control.…In mandatory access control, or MAC systems,…the operating system itself restricts the permissions…that may be granted to users…and processes on system resources.…Users themselves cannot modify permissions.…For this reason, MAC is rarely fully implemented…on production systems outside…of highly secure environments.…MAC is normally implemented as a rule-based…access control system where users…and resources have labels,…and the operating system makes access control decisions…by comparing those labels.…
The most common example of an operating system…implementing MAC is Security-Enhanced Linux,…or SELinux.…A Linux kernel Security Module developed…by the U.S. National Security Agency in the 1990s…and included in some Linux distributions,…including Red Hat Enterprise Linux, CentOS,…and Fedora.…So, let's take a look at a brief demonstration.…I have here an SSH session open…to a Linux system running Red Hat Enterprise Linux…with the SELinux kernel module installed and running.…
To join one of Mike's free study groups for access to bonus tips and practice questions, visit certmike.com.
- Identity and access management
- Using access cards and biometrics
- Multifactor authentication
- Password authentication protocols
- Device authentication
- Identity management life cycle
- Access control lists
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover subject/object model. In addition, the following topics were updated: registration and identity proofing, SSO and federation, and advanced authorization concepts.