Understanding Privilege Management

The concept of privilege refers to levels of access authority over resources and actions within your network. The level at which privileges may be managed is often referred to as the granularity of access control . Several levels of granular access control are possible:

  • User based Within a user-based model, permissions and access denials are uniquely assigned to each account. Within a peer-to-peer network, such as a workgroup, this is the form of access control used.

  • Group based In group-based access control schemes, permissions and access denials are assigned to groups, and user accounts are made members of these groups to control aggregate access permissions for each account based on the combined permissions inherited from its group memberships. Access control over large numbers of user accounts may be easily accomplished by managing the access permissions on each group, which are then inherited by the group's members.

  • Role based Role-Based Access Control (RBAC) involves a variation of the group-based access control method. Each defined role is given the proper access permissions necessary for the defined role, and then roles are assigned to the appropriate user accounts. Access control is accomplished by assigning roles to the proper accounts and changing permissions on each role as required.

Single Sign-On

For a long time, it was thought that for each server on the network to remain secure, users should maintain a different user account and password for each server. The premise being that if a user's account was compromised, it would only allow access to one server and therefore would reduce the impact of the compromise. This concept worked well when networks were small and servers were few. But what happens when users have to access 10, 20, or even 100 different servers? Maintaining a separate username and password for each server becomes unmanageable. This is mostly because users now write down their passwords because they can't remember so many different ones, and the whole purpose of multiple user accounts and passwords becomes a security risk. Thus single sign-on (SSO) came into being. Users sign on or log on to a network once and can access any desired network resource, regardless of the operating system managing it. SSO is designed to make the life of both users and administrators easier. Network administrators benefit by being able to have a single set of users to track and grant privilege to. In addition, help desk calls are reduced because account lockouts and password resets won't occur as frequently.

graphics/alert_icon.gif

One benefit to an authentication databasesupported method of access control is that an account may be granted privileges over resources located throughout an enterprise scenario. A single sign-on (SSO) solution allows users to authenticate once and then access resources throughout a network based on the account's access control list (ACL).


Centralized Versus Decentralized

Security management is based on one of two models: centralized or decentralized. Both the group-based and role-based methods of access control require a centralized database of accounts and roles or groups to which these are assigned. This database may be maintained on a single, central server that must then be contacted by servers providing resources when an account's proper ACL must be verified for access to a resource. Centralized privilege management is more secure because all privilege assignments and changes made to existing accounts are done through one department or group. The drawback to the centralized model of privilege management is the ability to scale. As the company and network grow, it becomes more and more difficult to keep up with the tasks of assigning and managing network resource access and privileges.

Decentralized security management is less secure but more scalable. Responsibilities are delegated, and employees at different locations are made responsible for managing privileges within their administrative areas. Decentralized management is less secure because more people are involved in the process, and a greater possibility for errors exists.

Most companies use a hybrid network-management approach. Management may decide to centralize the creation of user accounts while decentralizing resource access and privilege assignment to the owners of the servers and data.

Managing Access Control

Access control may be managed in several ways, depending on whether access rights must be strictly enforced for all accounts or they may reflect changes in the network environment. Some of the more common access control configurations include the following:

  • Mandatory Access Control ( MAC ) Control is determined by the security policy of the system. The system makes access determinations by comparing the labels of the user and the object. Users have little control or influence over the data or the environment. The object owner cannot override the security.

  • Discretionary Access Control ( DAC ) Control is determined by the data owner. The creator/owner of a file can determine who has access to the file. The basis of DAC is the use of ACLs. These lists are enforced by the operating system but are determined by the owners and set by the network administrator.

  • Role-Based Access Control ( RBAC ) In this type of access control, it is determined what job functions each employee performs and then access is assigned based on those functions. Role-Based Access Control is also known as nondiscretionary access control . Users are assigned roles and then permissions are assigned to the roles.

Monitoring Access Use

After you have established the proper access control scheme, it is important to monitor changes in access rights. Auditing user privileges is generally a two-step process that involves turning auditing on within the operating system and then specifying the resources to be audited . After enabling auditing, you also need to monitor the logs that are generated. Auditing should include both privilege and usage. Auditing of access use and rights changes should be implemented to prevent unauthorized or unintentional access or escalation of privileges, which might allow a guest or restricted user account access to sensitive or protected resources. Figure 11.1 provides an example of an auditing policy configured to log privilege use and account management.

Figure 11.1. An example of a Windows audit policy configured for the monitoring of privilege use and account management.

graphics/11fig01.gif

graphics/tip_icon.gif

When configuring an audit policy, it is important to monitor successful as well as failed access attempts. Failure events allow you to identify unauthorized access attempts; successful events can reveal an accidental or intentional escalation of access rights.




Security+ Exam Cram 2 (Exam SYO-101)
Security+ Certification Exam Cram 2 (Exam Cram SYO-101)
ISBN: 0789729105
EAN: 2147483647
Year: 2005
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net