Good day Jonus,<br><br>You are attempting to drag me too deep into the material.<br><br>Do not attempt to match concepts with products or operating systems in real life. It does not map very well and the exam is also vendor and operating system agnostic.<br>
<br>The access control matrix looks very much like a table in a relational database. On the left column you have the subject and on the first row you have the objects names. It is usually a tool use to implement Access Control List (ACL) and also use to define Capabilities.<br>
<br>Take care<br><br>Clement<br><br><br clear="all">Clément Dupuis, CD<br>CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS, ACE<br>----------------------------------------------------------------------------------------------<br>
In real life:<br>Senior Security Specialist and Instructor<br>Security University<br>>> Call me to get the best CISSP training <<<br>----------------------------------------------------------------------------------------------<br>
In Cyberspace:<br>President/Security Evangelist/Chief Learning Officer (CLO)<br>The CCCure Family of Portals<br>----------------------------------------------------------------------------------------------<br>Business: 407 479 3903<br>
Fax: 407 264 8396 <br><br>Maintainer of :<br>The CISSP and SSCP Open Study Guides Web Site<br><a href="http://www.cccure.org">http://www.cccure.org</a> <br><br>The Professional Security Testers Warehouse<br><a href="http://www.professionalsecuritytesters.org">http://www.professionalsecuritytesters.org</a> <br>
<br>Knowledge sharing and giving back to the community<br>
<br><br><div class="gmail_quote">On Fri, Sep 11, 2009 at 07:54, gerritsjs <span dir="ltr"><<a href="mailto:gerritsjs@gmail.com">gerritsjs@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="blue" lang="EN-US">
<div>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;">Thanks Clement, </span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p style="text-indent: 6pt;"><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;">So what
you are saying, a system should be configured IAW with the organization’s
security policy. It may differ between organizations. From best
security practices perspective, what should it illustrate? For instance
in a Unix environment, what should the access matrix looks like, acceptable across
the universe?</span></font></p>
<p style="text-indent: 6pt;"><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p style="text-indent: 6pt;"><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;">Thanks
for your expert opinion. </span></font></p>
<p style="text-indent: 6pt;"><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<p style="text-indent: 6pt;"><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;">jonus</span></font></p>
<p><font size="2" color="navy" face="Arial"><span style="font-size: 10pt; font-family: Arial; color: navy;"> </span></font></p>
<div>
<div style="text-align: center;" align="center"><font size="3" face="Times New Roman"><span style="font-size: 12pt;">
<hr align="center" size="2" width="100%">
</span></font></div><div class="im">
<p><b><font size="2" face="Tahoma"><span style="font-size: 10pt; font-family: Tahoma; font-weight: bold;">From:</span></font></b><font size="2" face="Tahoma"><span style="font-size: 10pt; font-family: Tahoma;"> <a href="mailto:cisspstudy-bounces@cccure.org" target="_blank">cisspstudy-bounces@cccure.org</a>
[mailto:<a href="mailto:cisspstudy-bounces@cccure.org" target="_blank">cisspstudy-bounces@cccure.org</a>] <b><span style="font-weight: bold;">On
Behalf Of </span></b>Clement Dupuis<br>
<b><span style="font-weight: bold;">Sent:</span></b> Monday, September 07, 2009
3:26 AM<br>
<b><span style="font-weight: bold;">To:</span></b> The
CISSP Study Mailing list<br>
<b><span style="font-weight: bold;">Subject:</span></b> Re: [Cisspstudy]
Bell-Lapadula?</span></font></p>
</div></div>
<p><font size="3" face="Times New Roman"><span style="font-size: 12pt;"> </span></font></p>
<p><font size="3" face="Times New Roman"><span style="font-size: 12pt;">With info this time:<div><div></div><div class="h5"><br>
<br>
A system state is defined to be "secure" if the only permitted access
modes of subjects to objects are in accordance with a <a href="http://en.wikipedia.org/wiki/Security_policy" title="Security policy" target="_blank">security
policy</a>. To determine whether a specific access mode is allowed, the
clearance of a subject is compared to the classification of the object (more
precisely, to the combination of classification and set of compartments, making
up the <i><span style="font-style: italic;">security level</span></i>) to
determine if the subject is authorized for the specific access mode. The
clearance/classification scheme is expressed in terms of a lattice. The model
defines two <a href="http://en.wikipedia.org/wiki/Mandatory_access_control" title="Mandatory access control" target="_blank">mandatory access control</a> (MAC) rules and
one <a href="http://en.wikipedia.org/wiki/Discretionary_access_control" title="Discretionary access control" target="_blank">discretionary access control</a> (DAC)
rule with three security properties:<br>
<br>
<br>
Take care<br>
<br>
Clement<br>
<br>
<br clear="all">
</div></div></span></font></p>
</div>
</div>
<br>_______________________________________________<br>
cisspstudy mailing list<br>
<a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br>
<a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
<br></blockquote></div><br>