In mandatory access control (MAC) systems, the operating system itself restricts the permissions that may be granted to users and processes on system resources. Users themselves cannot modify permissions. In this video, explore the concept of mandatory access controls and rule-based access controls.
- [Instructor] Mandatory access control systems…are the most stringent type of access control.…In mandatory access control, or MAC systems,…the operating system itself restricts the permissions…that may be granted to users and processes…on system resources.…Users themselves cannot modify permissions.…For this reason, MAC is rarely fully implemented…on production systems outside of highly secure environments.…MAC is normally implemented…as a rule-based access control system…where users and resources have labels…and the operating system makes access control decisions…by comparing those labels.…
The most common example of an operating system…implementing MAC is Security-Enhanced Linux, or SELinux,…a Linux kernel security module developed…by the U.S. National Security Agency in the 1990s…and included in some Linux distributions,…including Red Hat Enterprise Linux, CentOS, and Fedora.…So let's take a look at a brief demonstration.…I have here an SSH session open…to a Linux system running Red Hat Enterprise Linux…with the SELinux kernel module installed and running.…
You can sign up for Mike's free study group at certmike.com, and find his study guides at the Sybex test prep site. To review the complete CISSP Body of Knowledge, visit https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A complete learning path will be available once all the courses are released.
- Identity and access management overview
- Identification mechanisms: user names, access cards, biometrics, and registration
- Authentication factors
- Password authentication protocols
- Identity as a service (IDaaS)
- Enforcing accountability
- Managing credentials with policies
- Using access control lists
- Defending against access control attacks
Skill Level Advanced
1. Identity and Access Management
5. Credential Management
7. Access Control Attacks
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.