2- Logical Access Control Flashcards
Logical access controls
Logical access controls are used to control whether and how subjects (usually persons) are able to access objects (usually data).
The ways that logical access controls work
• Subject access - Determine the identity of the subject that is requesting access and validate or reject that request.
• Service access - Used to control the types of messages that are allowed to pass through a control point. Can permit or denied message type.
Ex : Firewall
Access control concepts
- Subject: someone or something that needs access
- Object: The things that the subject wants to access
- Fail closed: Means that all accesses will be denied if the access control fails.
- Fail open: Means that all accesses will be permitted upon failure.
- Least privilege: - concept that an individual user should have the lowest privilege possible that will enable them to perform their task
- Segregation of duties - One person should not have all privileges
- Split Custody - Concept of splitting knowledge of a specific object or task between two persons.
Access control methods
- Mandatory Access Control (MAC) - Used to control access to object by subjects. User cannot ride this type of access.
- Discretionary Access Control (DAC) - Owner of an object is able to determine how and by who the object may be accessed.
Access control treats.
- Malware: A malicious code used to perform unauthorized actions on target systems.
- Eavesdropping: network or sniffing tools to listen to network communication
- Logical bombs: A set of instructions that is designed to perform some damaging action when a specific event occurs.
- Back door: A section of code that permits someone to bypass access control and data or function.
- Scanning attacks: Attacked performs an active or passive scanning in an attempt to discover weak access controls. Exp: port scanning; war dialing ( search for unprotected moderms); War driving (look for vulnerable Wireless access poin)
- Race conditions : Known as time-of-check/time-of-use attack ; the attacker is attempting to exploit the small window of time that sometimes exists between the time that a resource is requested and when the resource is available for use.
Access control vulnerabilities
- Unpatched systems: Security patches are designed to remove specific vulnerabilities.
- Default system setting - often include unnecessary services that increase the chances that an attacker can find a way to break into a system
- Default password
- Incorrect permission settings
- Vulnerabilities in utilities and applications
- Application logic : software applications that are aceesible via internet
How are of information-based resources accessed
The majority of information-based resources are accessed via TCP/IP networks;
What is the main points of entry in information system
The internal corporate LAN. A user who can connect to the corporate LAN is able to logically reach computing resources in the organization—subject to the access controls associated with each resource.
What an organization could do to protect corporate access (network)
By controlling access to LAN
What is the biggest issue when controlling access to LAN
The ability for nonorganization-owned computers to connect to the network and access network-based resources.
Risks that created when computers are connected to the organization’s network.
- Exposure to malware
- Eavesdropping - Non-organization computers can be loaded with sniffers
- Open Access via WI-FI
Network Access control (NAC)
Network protocols used to control access to network resources
NAC and protocol 802.1X
Network access protocol used to control whether a system is permitted to connect to corporate network resources.
They use an authentication mechanism to determine if each new device is permitted to connect.