Transcription of Access Control Methodologies - Jones & Bartlett …
1 2 CHAPTERA ccess Control MethodologiesAfter reading this chapter, you will be able to: Understand Access Control basics Discuss Access Control techniques Recognize and compare Access Control models Contrast various identification and authentication techniques Recognize common attacks and implement controls to prevent themThis chapter presents various methods and techniques for controllingusers Access to system resources. You ll learn about different approaches tohelp ensure that only authorized users can Access secured resources. Thischapter also covers the basics of Access Control , general methods and tech-niques used to manage Access to resources, and some common attacks thatare launched against Access Control of Access ControlAccess Control is a collection of methods and components used to protectinformation assets.
2 Although some information is and should be accessibleby everyone, you will most likely need to restrict Access to other Control supports both the confidentiality and the integrity propertiesof a secure system. The confidentiality property protects information fromunauthorized disclosure. You use Access Control to ensure that only author-ized users can view information. The integrity property protects informationchapple02 10/12/04 7:59 AM Page 2526 CHAPTER 2 Access Control Methodologiesfrom unauthorized modification. Access Control gives you the ability to dic-tate what information a user can both view and you can implement a sound Access Control policy, you must firstdevelop a plan.
3 Here are a few questions you need to answer: How do I separate restricted information from unrestrictedinformation? What methods should I use to identify users who request Access torestricted information? What is the best way to permit only users I authorize to accessrestricted information? Where do I start? and ObjectsAccess Control is all about, well, controlling Access . First, let s define a fewterms. The entity that requests Access to a resource is called the subjectofthe Access . A subject is an active entity because it initiates the Access resource a subject attempts to Access is called the objectof the object of an Access is the passive part of the Access because the subjecttakes action on the object.
4 So, the goal of a sound Access Control policy is toallow only authorized subjects to Access objects they are permitted toaccess. It is possible to be an authorized subject but not have Access to a spe-cific PrivilegeOrganizations use several general philosophies to design Access controlrules. The least secure philosophy (read this as most dangerous ) is to giveeveryone Access to all objects by default. Then, you restrict Access to onlythe objects you define as being sensitive. Sounds simple, right? Well it issimple; simple to implement and simple to compromise. The main prob-lem with this philosophy is that you must be absolutely sure you restrict allsensitive objects.
5 This is harder than it sounds. A little sloppy administra-tion can leave large security philosophy, which exists at the opposite end of the spectrum, ismuch safer and more secure. The philosophy ofleast privilegestates that achapple02 10/12/04 7:59 AM Page of Access Control27subject should be granted only the permissions necessary to accomplishrequired tasks and nothing more. This approach often requires moreadministrative maintenance, but it provides more security than more per-missive strategies. Least privilege helps to avoid authorization creep,which is a condition in which a subject gets Access to more objects than wasoriginally intended.
6 The most common causes of authorization creep areineffective maintenance and poor security philosophy you decide on the most appropriate Access Control philosophy for yourorganization, you can begin to choose the best way to allow subjects toaccess objects. The mechanisms you put into place to allow or disallowobject Access are called controls. A Control is any potential barrier that pro-tects your information from unauthorized Access . Controls safeguard yourinformation from threats. There are many types of controls, often organizedinto several categories. Table lists several common Control Control CategoriesControl CategoryDescriptionExampleAdministrative Logical (also called technicalcontrols)PhysicalPolicies and procedures designedto enforce security rulesObject Access restrictions imple-mented through the use of soft-ware or hardwarePhysical Access to hardware limited Hiring practices Usage monitoring and accounting Security awareness training User identification and authenti-cation Encryption Segregated network architec-ture Fences Walls Locked doorschapple02 10/12/04 7.
7 59 AM Page 2728 CHAPTER 2 Access Control MethodologiesSound Access Control involves choosing the right controls for your organiza-tion that will protect and support your security Control TechniquesYou should choose the Access Control technique that best fits your organi-zation to provide the highest degree of security. Different techniques pro-vide varying levels of security, depending on what the organization addition to the level of security each technique provides, carefully con-sider the impact to your users. A grand security scheme will fail if it is sodifficult to work with that users commonly try to circumvent it.
8 Considerthe techniques covered in the following section, Access Control Designs, and how each technique could be used in a specific environment. Considerthe environmental impact of each technique. Adopt stringent strategiesonly when absolutely necessary. Remember, a security strategy that is sostrict as to encourage users to search for loopholes actually degrades secu-rity instead of increasing of the following techniques differs in the way objects and subjects areidentified, and how decisions are made to approve or deny an accessrequest. First, we look at several models of Access Control and some of thecharacteristics of each model.
9 Then we consider and compare several com-mon Control DesignsAn Access Control design defines rules for users accessing files or refer to a user, or any entity, that requests Access as a subject. Each sub-ject requests Access to an entity called an object. An object can be any entitythat contains data or resources a subject requests to complete a can be files, printers, or other hardware or software entities. Theaccess Control type in use for a particular request has the responsibility ofevaluating a subject s request to Access a particular object and returning ameaningful response. Let s look at three common Access Control Access ControlMandatory Access controlassigns a security labelto each subject andobject.
10 A security label is an assigned level of sensitivity. Some examples ofsensitivity levels are public, sensitive, and secret. Tables and list com-chapple02 10/12/04 7:59 AM Page Control Techniques29 TABLE Data Classifications, from Lowest Sensitivity to HighestClassificationDescriptionUnclassi fiedSensitive but unclassified (SBU)ConfidentialSecretTop secretData that is not sensitive or classifiedData that could cause harm if disclosedData for internal use that is exempt from the Freedomof Information ActData that could cause serious damage to national securityData that could cause grave damage to national securityTABLE Data ClassificationsClassificationDescription PublicSensitivePrivateConfidentialData not covered elsewhereInformation that could affect business and public confi-dence if improperly disclosedPersonal information that could negatively affect per-sonnel.
