Practice Exams:

CISSP Security Fundamentals: Methods to Bypass Access Controls

Access control is one of the foundational pillars of information security. It serves as the primary mechanism to safeguard data, systems, and physical resources by ensuring that only authorized users or processes can access them. For anyone preparing for the CISSP certification or involved in cybersecurity, a thorough understanding of access control systems and the techniques attackers use to bypass them is essential.

Access control involves policies, procedures, and technical mechanisms that restrict access to resources based on identity and permissions. It provides the first line of defense against unauthorized activity, helping organizations protect sensitive information, maintain system integrity, and comply with regulatory requirements.

What is Access Control?

Access control can be broadly defined as the process of granting or denying specific requests to obtain and use information and related information processing services. The key components of access control include identification, authentication, authorization, and accountability.

  • Identification establishes the identity of a user or system requesting access, typically through usernames or IDs.

  • Authentication verifies the claimed identity using methods such as passwords, biometrics, or tokens.

  • Authorization determines what an authenticated user is allowed to do based on permissions and roles.

  • Accountability involves tracking and logging user activities to ensure actions can be audited and attributed.

Effective access control relies on the principle of least privilege, which means users and systems are granted the minimum levels of access needed to perform their functions. This reduces the risk of unauthorized access or damage if credentials are compromised.

Types of Access Control

Access controls are implemented in multiple layers and forms:

  1. Physical Access Control: Restricts entry to buildings, rooms, or physical devices using locks, badges, biometric scanners, security guards, and surveillance.

  2. Logical (Technical) Access Control: Controls access to computer systems, networks, files, and applications through authentication mechanisms, firewalls, encryption, and access control lists.

  3. Administrative Access Control: Involves policies, procedures, and training that govern user behavior and define security responsibilities.

Organizations typically deploy a combination of these controls to create a defense-in-depth strategy that balances usability and security.

Why Understanding Bypass Techniques is Important

Despite the best efforts to implement access controls, attackers continuously seek methods to circumvent them. Understanding how access controls can be bypassed allows security professionals to better anticipate potential threats, identify vulnerabilities, and design more resilient defenses.

Attackers may exploit technical weaknesses, manipulate human behavior, or take advantage of poor administrative policies to gain unauthorized access. The ability to think like an adversary is a critical skill for CISSP candidates, who must be familiar with common bypass methods and the tactics used to counter them.

Common Methods to Bypass Access Controls

Access control bypass methods generally fall into three categories: technical, physical, and administrative. Each category presents unique challenges and requires different mitigation strategies.

1. Exploiting Weak Credentials and Authentication Flaws

Passwords remain the most prevalent form of authentication, but they are often the weakest link. Weak, default, or reused passwords can be guessed, brute forced, or harvested through phishing attacks. Attackers use automated tools to try common passwords or stolen credentials from previous breaches to gain entry.

Multi-factor authentication (MFA) strengthens access control by requiring additional evidence beyond a password, such as a token or biometric data. However, MFA implementations can also have flaws or be bypassed through social engineering or man-in-the-middle attacks.

Vulnerabilities in authentication protocols or poor session management can also provide opportunities for attackers. For example, session hijacking allows an attacker to take over an authenticated session without knowing the user’s credentials.

2. Privilege Escalation

Privilege escalation occurs when an attacker gains access at a low level but exploits vulnerabilities to obtain higher privileges. This can be achieved through software bugs, configuration errors, or exploiting unpatched systems.

There are two main types: vertical privilege escalation, where a user gains higher privileges than intended, and horizontal privilege escalation, where a user accesses resources of other users at the same privilege level.

Once elevated privileges are obtained, attackers can bypass access control mechanisms, access sensitive data, and alter system settings. This method is often used in targeted attacks where initial access is limited.

3. Social Engineering

Social engineering targets the human element by manipulating individuals into divulging confidential information or granting access. This can include phishing emails, phone calls pretending to be IT staff, or physical tactics such as impersonation.

Humans often represent the weakest link in security, making social engineering one of the most effective bypass methods. Successful social engineering can undermine even the most robust technical controls.

4. Physical Bypass Techniques

Physical security controls like locked doors, badge readers, and biometric scanners can be bypassed through techniques such as tailgating (following an authorized person into a secure area), theft of access cards, or exploiting unsecured entry points.

Attackers with physical access can often bypass logical controls by directly accessing hardware, resetting passwords, or installing malicious devices. Physical security breaches can compromise an entire security framework if not properly addressed.

5. Insider Threats and Administrative Weaknesses

Insiders—employees, contractors, or partners—can intentionally or unintentionally bypass access controls. Malicious insiders may abuse their access privileges, while negligent insiders might inadvertently weaken security by ignoring policies or falling for social engineering.

Administrative controls such as policies, training, and enforcement are essential to manage insider risks. However, ineffective policies, lack of awareness, or inconsistent enforcement create opportunities for bypass.

Examples of Access Control Bypass in Real-World Attacks

Historical data shows that many breaches stem from bypassing access controls. For example, the exploitation of default credentials or weak passwords has led to high-profile intrusions. Attackers have also used phishing campaigns to steal credentials and gain network access.

In some cases, attackers have exploited software vulnerabilities to escalate privileges, gaining administrative rights and full control of compromised systems. Physical breaches, such as unauthorized entry to data centers, have allowed attackers to tamper with hardware or install backdoors.

These examples reinforce the need for a comprehensive understanding of access control and bypass techniques for effective defense.

Access control is a fundamental security mechanism designed to protect organizational assets from unauthorized access. However, attackers continuously develop sophisticated techniques to bypass these controls. A solid understanding of these methods—from exploiting weak passwords to leveraging social engineering and physical security flaws—is crucial for cybersecurity professionals and CISSP candidates.

The next parts of this series will explore the technical methods used to bypass access controls, followed by physical and administrative bypass techniques, and finally, strategies to mitigate these risks and strengthen security postures.

By mastering these concepts, security practitioners can better defend against unauthorized access and help organizations maintain the confidentiality, integrity, and availability of critical information.

 Technical Methods to Bypass Access Controls

In the realm of cybersecurity, understanding the technical methods used to bypass access controls is crucial for both defense and certification preparation. Attackers employ a variety of sophisticated tactics to circumvent authentication and authorization mechanisms, exploiting vulnerabilities in software, systems, and protocols. This article explores the most common technical bypass methods, including privilege escalation, password attacks, exploitation of vulnerabilities, and social engineering with a technical twist.

The Landscape of Technical Access Control Bypass

Access controls are implemented through various technologies, such as operating system permissions, directory services, firewalls, and encryption. Despite these layers, many systems have inherent weaknesses due to design flaws, configuration errors, or outdated software that attackers exploit to gain unauthorized access.

The process of bypassing access control typically begins with gaining initial entry through low-level access or stolen credentials. From there, attackers aim to escalate privileges, move laterally within networks, and maintain persistence while avoiding detection. Let’s examine these techniques in detail.

Password Attacks: The Most Common Entry Point

Passwords remain the primary method of authentication across most systems. Unfortunately, many users choose weak or reused passwords, making password attacks a preferred bypass technique.

Brute Force and Dictionary Attacks

Brute force attacks involve systematically trying every possible password combination until the correct one is found. Although time-consuming, automated tools and powerful hardware have made brute force attacks more feasible, especially against weak or short passwords.

Dictionary attacks improve on brute force by using precompiled lists of common passwords, phrases, or leaked credentials. These attacks are faster and often successful because many users rely on easily guessable passwords.

Credential Stuffing

Credential stuffing leverages large databases of stolen username and password pairs from previous breaches. Attackers use automated scripts to test these credentials against multiple websites or systems, hoping users have reused passwords.

Credential stuffing bypasses access control by exploiting poor password hygiene rather than technical flaws, emphasizing the need for strong password policies and multi-factor authentication.

Password Spraying

Password spraying attacks use a small set of commonly used passwords across many accounts, avoiding detection mechanisms that lock accounts after repeated failures. This method effectively bypasses access controls by exploiting weak authentication without triggering alerts.

Exploitation of Software Vulnerabilities

Many technical bypass methods target vulnerabilities in software or operating systems. These weaknesses can be exploited to gain unauthorized access or escalate privileges.

Buffer Overflows and Code Injection

Buffer overflow vulnerabilities occur when a program writes more data to a buffer than it can hold, overwriting adjacent memory. Attackers exploit this to inject malicious code that executes with elevated privileges, potentially bypassing access controls.

Code injection techniques, such as SQL injection or command injection, exploit input validation flaws to execute unauthorized commands or queries. By manipulating input, attackers can access or modify data without proper authorization.

Unpatched Systems and Zero-Day Exploits

Systems that are not regularly updated with security patches are vulnerable to known exploits. Attackers scan for unpatched software versions to deploy exploits that bypass authentication and authorization mechanisms.

Zero-day exploits target vulnerabilities unknown to the vendor or the public. These sophisticated attacks bypass access controls by exploiting unknown flaws before patches are available.

Privilege Escalation: Gaining Higher Access

Privilege escalation is a key technique where attackers leverage vulnerabilities or misconfigurations to increase their access level after gaining initial entry.

Vertical Privilege Escalation

Vertical escalation occurs when a user with limited access obtains higher-level permissions, such as administrator or root privileges. This enables the attacker to bypass most access controls and gain full control over systems.

Common vertical escalation methods include exploiting system misconfigurations, abusing setuid programs in Unix-like systems, or leveraging insecure service configurations.

Horizontal Privilege Escalation

Horizontal escalation involves accessing resources or accounts of other users with the same privilege level. Although it does not increase privilege level, it can lead to sensitive data exposure or lateral movement within the network.

Horizontal escalation exploits flaws in access control policies or improper segregation of duties, enabling attackers to bypass restrictions on resource access.

Bypassing Multi-Factor Authentication

Multi-factor authentication (MFA) significantly improves security by requiring multiple forms of verification. However, attackers have developed methods to bypass MFA protections.

Man-in-the-Middle Attacks

In man-in-the-middle (MITM) attacks, attackers intercept communications between users and authentication servers. They capture one-time passwords or tokens and reuse them to bypass MFA.

MITM attacks often involve phishing or malicious software that tricks users into entering credentials and MFA tokens on fake websites.

MFA Fatigue and Push Notification Attacks

Attackers bombard users with repeated push notification requests, hoping the user will approve out of annoyance or confusion. This technique, called MFA fatigue, effectively bypasses access control by exploiting human behavior.

Session Hijacking and Token Manipulation

Once a user authenticates successfully, a session token or cookie is often issued to maintain the session. Attackers seek to steal or forge these tokens to bypass authentication without needing credentials.

Session hijacking can be performed through network sniffing, cross-site scripting (XSS), or malware. By taking control of an active session, attackers bypass access controls and impersonate legitimate users.

Exploiting Default and Misconfigured Settings

Many systems ship with default credentials or permissive settings that are rarely changed by administrators. Attackers scan for such systems and use default usernames and passwords to bypass access control.

Misconfigured firewalls, open ports, or improperly set permissions also provide entry points. Failure to implement the principle of least privilege and segregate networks can allow attackers to bypass logical controls.

Social Engineering with a Technical Angle

Social engineering is typically considered a human-focused attack. However, technical social engineering combines manipulation with technical exploits.

For instance, attackers might send phishing emails with malicious links or attachments that install malware, allowing remote access to systems. Once inside, attackers bypass access controls by exploiting technical vulnerabilities or stealing credentials.

Another example includes impersonation through caller ID spoofing to trick help desk personnel into resetting passwords or granting system access.

Summary of Technical Bypass Techniques

  • Password attacks such as brute force, dictionary attacks, credential stuffing, and password spraying exploit weak authentication mechanisms.

  • Exploiting software vulnerabilities like buffer overflows, code injections, and unpatched systems enables attackers to gain unauthorized access or escalate privileges.

  • Privilege escalation allows attackers to increase their level of access, bypassing restrictions.

  • Bypassing MFA can involve man-in-the-middle attacks, push notification fatigue, and token manipulation.

  • Default credentials and misconfigurations remain common weaknesses that facilitate bypass.

  • Social engineering combined with malware or impersonation techniques further enables technical bypass.

Implications for Security Professionals

Understanding these technical bypass methods equips security professionals to identify weaknesses in their environments and implement stronger controls. This includes enforcing strong password policies, deploying MFA properly, conducting regular patch management, hardening system configurations, and training users to recognize phishing attacks.

Continuous monitoring, penetration testing, and vulnerability assessments are essential to detect attempts to bypass access control and respond promptly.

Physical and Administrative Methods to Bypass Access Controls

While technical methods to bypass access control often attract the most attention, physical and administrative approaches remain significant threats. Attackers exploit weaknesses in physical security and organizational policies to gain unauthorized access or escalate privileges. Security professionals must recognize these vectors to design comprehensive protection strategies.

This article delves into physical security bypass techniques, social engineering from an administrative perspective, insider threats, and policy weaknesses that facilitate access control circumvention.

The Role of Physical Security in Access Control

Physical access control is the first line of defense for most organizations. Locks, badges, biometric scanners, security guards, and surveillance cameras protect sensitive areas. However, physical security controls can be bypassed by exploiting human error, weak enforcement, or technology limitations.

Common Physical Bypass Techniques

Tailgating and Piggybacking

Tailgating involves an unauthorized individual following an authorized person through a secured door without using credentials. Piggybacking is similar but implies the authorized person knowingly allows the unauthorized person to enter.

These tactics rely on social manipulation and physical proximity. They are common because people often prioritize politeness or convenience over strict security enforcement.

Lock Picking and Bypass Tools

Traditional locks can be defeated using lock-picking tools or bump keys. Skilled attackers or insiders can open doors without leaving evidence of forced entry, bypassing physical access controls.

Electronic locks or badge readers may be vulnerable to relay attacks or signal jamming, allowing attackers to bypass door controls remotely.

Exploiting Security Device Weaknesses

Security cameras, alarms, and sensors are crucial physical controls, but attackers may disable or avoid detection by:

  • Covering cameras or moving out of view

  • Triggering false alarms to distract security personnel

  • Exploiting blind spots or gaps in surveillance coverage

Dumpster Diving and Physical Data Theft

Attackers may obtain sensitive information or credentials discarded improperly. Dumpster diving can yield passwords written on notes, discarded access cards, or manuals revealing security procedures.

Similarly, stealing hardware like laptops, USB drives, or access badges bypasses logical controls by providing attackers with valid credentials or information.

Administrative Bypass Methods: Policy and Process Weaknesses

Beyond physical security, administrative controls govern how access permissions are granted, managed, and revoked. Weaknesses or failures in these controls create opportunities to bypass access restrictions.

Social Engineering and Pretexting

Social engineering remains a powerful administrative bypass technique. Attackers impersonate trusted personnel or fabricate scenarios to manipulate employees into revealing credentials or granting access.

Pretexting involves creating a fabricated identity or situation to gain trust. For example, an attacker may pose as IT support and request a password reset or access card.

These tactics exploit human factors and often bypass technical controls because employees override policies due to perceived authority or urgency.

Insider Threats

Insiders, including disgruntled employees or contractors, possess legitimate access that can be abused or escalated. Insider threats can bypass access controls simply because they are authorized users.

Insiders might copy sensitive data, install backdoors, or share credentials with outsiders. Detecting insider misuse requires monitoring user behavior and enforcing strict access reviews.

Inadequate Access Reviews and User Provisioning

Administrative lapses, such as failing to regularly review access rights or promptly revoke permissions for departing employees, create prolonged windows for access control bypass.

Overprovisioning is another common issue, where users have more permissions than necessary. This violates the principle of least privilege and facilitates unauthorized actions.

Poor Policy Enforcement and Training

Even well-designed policies fail if enforcement is weak. Employees who ignore password policies, share credentials, or circumvent security protocols contribute to access control weaknesses.

Training programs that emphasize security awareness and the consequences of policy violations are vital. Without ongoing education, employees may unintentionally assist attackers.

Combining Physical and Administrative Techniques

Many real-world access control bypass scenarios involve a combination of physical and administrative methods. For example, an attacker may:

  • Use social engineering to obtain an access badge

  • Tailgate into a secure area

  • Exploit insider knowledge to navigate restricted zones.

  • Manipulate administrators into elevating privilege.s

This multi-faceted approach complicates defense and requires integrated physical, technical, and administrative controls.

Mitigating Physical and Administrative Bypass

Security programs must address physical and administrative risks through layered controls.

  • Implement strict visitor management and enforce badge usage at all entry points.

  • Train employees to recognize tailgating and challenge unknown individuals.

  • Use tamper-evident seals and alarms on physical security devices.

  • Conduct regular access rights audits and promptly revoke unnecessary permissions.

  • Develop clear policies on credential handling, social engineering resistance, and reporting suspicious behavior.

  • Employ background checks and monitor for insider threat indicators.

  • Use multifactor physical access controls, such as biometrics combined with badges.

Case Studies Highlighting Physical and Administrative Bypass

  • In one incident, attackers gained access to a corporate data center by posing as delivery personnel and tailgating employees. Once inside, they accessed servers by exploiting lax password policies and disabled alarms.

  • Another case involved an insider who copied sensitive customer data over months by abusing administrative privileges and avoiding detection due to inadequate user activity monitoring.

  • Social engineering attacks targeting help desk staff have repeatedly led to unauthorized password resets, demonstrating weaknesses in administrative authentication procedures.

Physical and administrative methods to bypass access controls present serious risks that are often underestimated compared to purely technical attacks. Attackers exploit human behavior, procedural weaknesses, and physical security gaps to gain unauthorized access.

Security professionals must adopt a holistic approach, combining technical safeguards with strong physical controls, rigorous administrative policies, employee training, and continuous monitoring. Only through an integrated defense strategy can organizations effectively reduce the risk of access control bypass and protect critical assets.

Detection, Prevention, and Response to Access Control Bypass

In the previous parts of this series, we explored the variety of methods attackers use to bypass access controls, spanning technical exploits, physical breaches, and administrative weaknesses. Recognizing these methods is only the first step. The ultimate goal for security professionals is to effectively detect, prevent, and respond to such bypass attempts to protect organizational assets. This article delves into practical strategies and best practices for detecting access control bypass, implementing preventive measures, and establishing robust incident response processes.

The importance of a proactive security posture cannot be overstated. Access control systems serve as critical gates to safeguard sensitive data, infrastructure, and services. However, no control is impenetrable. Adopting a proactive security posture means anticipating potential bypass attempts and implementing layered defenses to mitigate risks. Detection, prevention, and response form a continuous cycle that enhances an organization’s security maturity. Early detection limits damage, prevention reduces attack surface, and effective response minimizes recovery time.

Detecting attempts to bypass access control requires comprehensive monitoring across technical, physical, and administrative domains. Audit logs from authentication servers, operating systems, applications, and network devices provide invaluable data. Monitoring logs for anomalous patterns, such as repeated failed login attempts, logins outside normal hours, or access from unusual IP addresses, can signal potential bypass attempts. Centralized log management and Security Information and Event Management (SIEM) systems help aggregate and analyze logs in real time, enabling faster detection.

User Behavior Analytics (UBA) tools establish a baseline of normal user activity and flag deviations. For example, if a user suddenly accesses sensitive files they normally do not use or logs in from an unusual location, UBA can alert administrators to possible compromise or insider misuse. UBA enhances detection of sophisticated bypass methods, including insider threats and compromised accounts.

Physical access logs from badge readers, biometric systems, and CCTV footage support investigation of unauthorized entry or tailgating incidents. Integrating physical security data with IT systems enables correlation of physical and logical access events. Regular review of physical access records helps identify patterns of suspicious behavior and potential collusion.

Integrating threat intelligence feeds into security monitoring platforms provides real-time updates on emerging bypass techniques, vulnerabilities, and attack indicators. This allows security teams to adjust detection rules proactively.

Prevention focuses on minimizing vulnerabilities and increasing barriers to unauthorized access. Implementing multi-factor authentication (MFA) is one of the most effective defenses. Combining something the user knows (password), has (token or smartphone), or is (biometrics) significantly reduces the risk of credential-based bypass. Password policies should enforce complexity, expiration, and account lockouts to prevent brute force or password spraying attacks.

Users and services must be granted the minimum level of access necessary to perform their tasks. Overprovisioning increases risk by expanding the potential impact of compromised accounts. Role-based access control (RBAC) and attribute-based access control (ABAC) models facilitate granular permission management aligned with least privilege.

Ensuring systems and applications are promptly updated protects against known exploits that bypass access controls. Automated patch management tools and vulnerability scanners help maintain a secure environment.

Securing physical entry points with robust locks, biometric readers, and mantraps deters unauthorized access. Enforcing strict visitor policies and training personnel to detect tailgating reduces physical bypass risk. Deploying surveillance cameras with wide coverage and real-time monitoring improves the detection of suspicious activities.

Humans are often the weakest link. Continuous training programs educate employees on password hygiene, phishing recognition, social engineering tactics, and incident reporting procedures. Empowering users to act as security advocates reduces administrative bypass risks.

Default credentials must be changed immediately, and system configurations hardened following best practices. Periodic reviews of user accounts and permissions ensure stale or excessive access is revoked timely manner.

Despite preventive measures, breaches and bypass attempts may occur. A well-defined incident response plan (IRP) enables swift action to contain and remediate incidents. Develop an IRP that includes clear roles, communication channels, and escalation procedures. Train incident response teams on access control bypass scenarios and conduct regular drills. Maintain updated asset inventories and documentation for quick identification during incidents.

When an alert or suspicion arises, promptly analyze logs, user activities, and physical access records. Determine the scope and nature of the bypass attempt or breach. Forensic analysis may involve recovering deleted logs, examining malware, or interviewing personnel.

Isolate affected systems or user accounts to prevent lateral movement or data exfiltration. Temporarily disable compromised credentials and revoke access rights if needed. Physical containment may involve securing facilities or restricting entry.

Remove malware, patch vulnerabilities, and reset passwords to eliminate attack vectors. Restore systems from known-good backups if necessary. Gradually restore normal operations while monitoring for residual threats.

Conduct a thorough review to identify root causes, weaknesses exploited, and lessons learned. Update security policies, controls, and training accordingly. Incident documentation and reporting support compliance and inform future defense strategies.

Security technologies complement human efforts by automating detection and enforcing controls. Endpoint Detection and Response (EDR) tools monitor devices for suspicious activities indicating access control bypass. Identity and Access Management (IAM) solutions centralize authentication, authorization, and auditing. Network segmentation limits attacker movement if access controls are bypassed. Privileged Access Management (PAM) solutions control and monitor the use of high-level accounts. Security Orchestration, Automation, and Response (SOAR) platforms streamline incident handling.

Balancing security with usability is crucial; overly restrictive controls may lead users to find workarounds. Insider threats remain difficult to detect and prevent without fostering a strong security culture. Advanced attackers continuously evolve bypass techniques, requiring adaptive defenses. Coordination between physical security, IT, and human resources teams enhances effectiveness.

Access control bypass is a persistent threat that requires vigilance across technical, physical, and administrative domains. Security professionals must implement layered defenses, leverage technology, and foster a security-aware culture to detect and prevent unauthorized access effectively. By combining strong authentication, continuous monitoring, comprehensive training, and well-practiced incident response plans, organizations can reduce their attack surface and respond promptly when breaches occur. This holistic approach is essential not only for CISSP certification mastery but for real-world security resilience.

Final Thoughts

Access controls are fundamental to securing any organization’s assets, but they are not foolproof. Attackers continuously develop new techniques to bypass these controls, exploiting weaknesses in technology, processes, and human factors. Understanding these methods deeply is crucial for any security professional aiming to defend their environment effectively.

A strong security posture combines multiple layers of defense—technical safeguards, physical protections, and administrative controls—while emphasizing ongoing monitoring and user education. Detection capabilities, such as behavioral analytics and integrated logging, enable early identification of suspicious activities. Prevention requires enforcing strong authentication, applying the principle of least privilege, maintaining up-to-date systems, and fostering a security-aware culture. When breaches do occur, a well-rehearsed incident response plan ensures rapid containment, investigation, and recovery.

Ultimately, security is a continuous journey rather than a fixed state. Organizations must remain vigilant, adapt to evolving threats, and regularly reassess their access control strategies. This dynamic approach, backed by a thorough understanding of bypass methods, strengthens defenses and minimizes risks in an increasingly complex digital landscape.

Mastering these concepts not only prepares candidates for CISSP certification but also equips security professionals to protect their organizations from real-world threats effectively.

Related posts:

  1. Mastering CISSP Fundamentals: The Pillars of Information Security Leadership
  2. CISSP Essentials: Understanding Technical Physical Security Controls
  3. Centralized Access Control Unveiled: A CISSP Guide to Unified Security Systems
  4. Private Key Security Explained: A CISSP Study Resource
  5. Mastering SETA: A CISSP Guide to Security Education, Training, and Awareness
  6. CISSP Guide: Implementing Access Control with Accountability
  7. Mastering Operations Controls for CISSP Certification
  8. CISSP Essentials: Understanding Centralized Access Control
  9. CISSP Security Guide: Identifying Exploits and Attack Vectors
  10. Comprehensive CISSP Guide: Terminal Access Controller Access Control System (TACACS)
img