4: 3 Authorization Flashcards
Principle of Least Privilege
individual should have minimal access needed to perform their job duties
2 benefits of Principle of Least Privilege
Minimizes potential damage from insider attack
Limits ability of attacker to do damage if they get access to an account
Separation of duties
Critical business functions should require involvement of two people, to limit the ability to perform fraud.
Privilege Creep
Users change from one job to another, gain new privileges but not lose old privileges
MAC
Mandatory Access Control, users themselves can not modify permissions that are set based on labels. Most strict, compares documents security level to user security level.
DAC
Discretionary Access Control- permissions may be set by owners of files, computers, other resources i.e. NTFS in Windows
Access Control list
Table containing user names and the permissions granted to each
Levels of Access Control
Full Control, Read, Read/Execute, Write, Modify
Implicity Deny
any action which is not explicitly granted should be denied
RBAC
Roles based access control-
Permissions grouped together into roles, user assigned to those roles. If a new role needs a permission, can just grant permission to role and not all the users
ABAC
Attribute-based access control-
More generalized, administrators right security policies based on attributes of user, policy and situation
Conditional access restrictions i.e. location based control, time based controls
Database access control
Create database users who then authenticate using specific technologies
SQL Server Authentication
Utilizes database user’s local user accounts
Windows authentication
Users windows accounts in underlying OS that may use active directory
Mixed Authentication
Allows both SQL Server and Windows Authentication
