Lesson 2: Understanding Access Control Models

Lesson 2: Understanding Access Control Models

Once users are authenticated on your network and the computers connected to your network, you must provide them with access to resources so they can accomplish the tasks of their job, but limit their access to provide them only access rights to what they need. This also applies to any other object that needs access to another, as when an application or process needs to interact with another. Administration of this access control requires you understand the access control models currently in use.


After this lesson, you will be able to

  • Understand what discretionary access control is

  • Understand what mandatory access control is

  • Understand what role-based authentication is

  • Understand the difference between a secure hash function, symmetric key, and asymmetric key

Estimated lesson time: 20 minutes


This lesson covers three concepts of access control:

  • Discretionary access control (DAC).

    The owner of an object (such as a process, file, or folder) manages access control at his or her own discretion.

  • Mandatory access control (MAC).

    Access to an object is restricted based on the sensitivity of the object (defined by the label that is assigned), and granted through authorization (clearance) to access that level of data.

  • Role-based access control (RBAC).

    Access is based on the role a user plays in the organization. For instance, a human resources manager would need access to information that a department manager would not need access to, and both would need access to some common information.

With DAC, the owner of an object sets the access permissions at his or her discretion, whereas with MAC and RBAC, access to the information is regulated by a formal set of rules. You need to utilize access control concepts when you are setting access to all computerized processes and files.

You apply access control in every state that information is found in your enterprise. This includes computerized data as well as hard-copy files, photographs, displays, and communication packets. You also must consider that employees travel carrying information with them. Information can be revealed through drawings, notes made while waiting for a plane, casual conversations that can be overheard, viewing the information on the employee's laptop while working in a public place. It is important that you know what is protected, as well as what is not protected. In addition, you should consider what can be protected and what is out of your control.

DAC

Discretionary access control is used by the owner of a file to restrict a user's access to that file. With DAC, an access control list (ACL) is maintained that lists the users with access and what type of access they have. ACLs can be stored as part of the file, in a file, or in a database.

You need to be aware of the many risks associated with DAC. These risks are inherent because there is no centralized administration, as each file owner controls the access level to his or her personal files. Some owners might not be security conscious, and as a result, they might either inadvertently or intentionally allow all users to modify any file they own. Some of the risks that you must be aware of and will have to mitigate include the following:

  • Software might be executed or updated by unauthorized personnel.

  • Confidential information might be accidentally or deliberately compromised by users who are not intended to have access.

  • Auditing of file and resource accesses might be difficult.

The assumption of DAC is that the owner or administrator of the information has the knowledge, skill, and ability to limit access appropriately and control who can see or work with the information.

Managing Users with Groups

On a large network or a small one, one of your tasks when managing a secure environment is to provide users with access to the resources they need. With the number of computers on a corporate network, and the number of users that need access to networked resources, managing access control can be a challenge. To manage users in this environment, you must manage groups of users as opposed to individual users by grouping users together and assigning permissions to groups rather than individuals.

With discretionary authentication, the ACL can become quite large if individual users are added. This can become difficult to manage and can impact the overall system performance as well. In addition, as users leave or change positions, their access capabilities change. Using groups with intuitive names to populate ACLs and adding users to the groups is a better, more secure management technique.

MAC

Mandatory access control is a nondiscretionary control also known as multilevel security. You classify all users and resources and assign a security label to the classification. Access requests are denied if the requestor's security label does not match the security label of the resource. MAC is typically used only by organizations with high security requirements and clear policies and procedures, such as the military.

A classification level specifies the level of trust associated with the resource, and there are three major classification levels: top secret, confidential, and unclassified. Classification levels have an implicit level of trust with higher classifications. For example, confidential classification has an implicit trust with top secret; therefore a person with top secret access also has access to resources that are labeled as confidential.

Access is granted to the user if his or her classification is equal to or higher than the classification of the resource he or she wishes to access. MAC techniques reduce the need for you to maintain ACLs because the access decision logic is built into the classification hierarchy.

Although MAC and RBAC assume a set of formal rules, they differ in the management approach. With MAC, information is categorized according to sensitivity and not subject matter. Data about the same general subject matter can have multiple sensitivity ratings. People and processes within this type of management structure are determined by the kinds of sensitivity levels they are allowed to access.

RBAC

In role-based access control, information is categorized according to subject matter, which might reflect some sensitivity criteria inherent in the environment. Persons and processes are identified for access to the information by the role they play within the enterprise. For example, people in the budget department could access and use sensitive budget data, whereas people in other parts of the enterprise would be denied access to such information.

RBAC is an alternative to DAC and MAC, giving you the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure. Each user is assigned one or more roles, and each role is assigned one or more privileges that are given to users in that role. You can assign a collection of users to a single role. For example, you might assign an administrative role to one or more system administrators responsible for maintaining your enterprise server.

Roles are mapped to a particular resource or a particular user group. When roles are mapped to a resource, the resource name defined in the role is verified and then it is determined if access is permitted to proceed. When roles are mapped to a group, the role group is compared with the group associated with a resource to determine whether the operation is permitted to proceed. Such role-based access control requires that a list of roles be maintained and that mappings from role to user or user group be established.

Exercise: Identifying Authentication Methods

In this exercise, match the authentication methods in the left column with the correct definitions in the right column.

  1. RBAC

  2. DAC

  3. MAC

  1. Permits the owner of an object (such as a process, file, or folder) to manage access control at his or her own discretion.

  2. Access to an object is restricted based on the sensitivity of the object (defined by the label that is assigned), and granted through authorization (clearance) to access that level of data.

  3. Access is based on the role a user plays in the organization.

Lesson Review

  1. With discretionary access control (DAC), there is no mechanism for creating and enforcing rules regarding access control. Access is configured at the discretion of the owner of the object. (True or False?)

  2. Which description best fits role-based access control (RBAC)?

    1. Access control is configured at the discretion of the object's owner.

    2. Access to an object is restricted based on the sensitivity of the object and granted though authorization.

    3. Access is granted based on the user's role.

  3. Which description best fits discretionary access control (DAC)?

    1. Access control is configured at the discretion of the object's owner.

    2. Access to an object is restricted based on the sensitivity of the object and granted though authorization.

    3. Access is granted based on the user's role.

  4. Which description best fits mandatory access control (MAC)?

    1. Access control is configured at the discretion of the object's owner.

    2. Access to an object is restricted based on the sensitivity of the object and granted though authorization.

    3. Access is granted based on the user's role.

Lesson Summary

  • Access control is the process of limiting access to systems and resources to those who require access. That access is limited to just the access permissions needed by the user to perform the tasks he or she needs to perform.

  • DAC permits the owner of an object (such as a process, file, or folder) to manage access control at his or her own discretion. A security limitation with this model is that there is no mechanism for creating and enforcing rules regarding access control. The access controls are configured at the discretion of the owner of an object.

  • With MAC, access to an object is restricted based on the sensitivity of the object (defined by the label that is assigned), and granted through authorization (clearance) to access that level of data.

  • With RBAC, access is based on the role a user plays in the organization. For instance, a human resources manager would need access to information that a department manager would not need access to, and both would need access to some common information.



Security+ Certification Training Kit
Security+ Certification Training Kit (Pro-Certification)
ISBN: 0735618224
EAN: 2147483647
Year: 2002
Pages: 55

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net