Skip to main content

Authentication & Access

Security Modes

Multilevel Mode

  • Designed for systems that handle data of varying classifications within a single system.
  • Not all users have the clearance to access all data.
  • Example: In a government organization, a system might contain both "Confidential" and "Top Secret" documents. A user with "Confidential" clearance can access only the "Confidential" documents, while a user with "Top Secret" clearance can access both.

Multilevel is like a library with sections: kids, general, and restricted. Depending on your library card (clearance), you can access different sections.

Compartmented Mode

  • More stringent than Multilevel.
  • Users must have clearance, and explicit need-to-know for ALL the information they can access.
  • Example: During the Manhattan Project, even though many scientists and engineers worked on different parts of the project, they were only privy to the specific details of their own task and were unaware of the full scope or even the project's end goal: building an atomic bomb. This compartmentalization ensured the project's secrecy.

If access is granted to a system to an employee who valid-need-to-know for all the information except one thing, then it's not Compartmented Mode, it's System High mode!

System High Mode

  • Definition: Each user must meet certain requirements to access information on the system.
  • Requirements:
    • Valid security clearance.
    • Access approval for ALL info processed by the system.
    • Valid need-to-know for at least SOME information on the system.
  • Example: A corporate intranet where all employees can access general files, but certain sensitive files are restricted.

Offers the most granular control over resources and users among the modes.

Compartmented Mode

  • More stringent than Multilevel.
  • Users must have clearance, and explicit need-to-know for ALL the information they can access.
  • Example: During the Manhattan Project, even though many scientists and engineers worked on different parts of the project, they were only privy to the specific details of their own task and were unaware of the full scope or even the project's end goal: building an atomic bomb. This compartmentalization ensured the project's secrecy.

If access is granted to a system to an employee who valid-need-to-know for all the information except one thing, then it's not Compartmented Mode, it's System High mode!

Multi-Factor Authentication (MFA)

Multi-factor authentication requires two or more of the following methods to validate a user's identity:

  • Something you know: This often refers to something memorized, like a PIN or password.
  • Something you have: This can be a physical or digital token. Examples include a smart card, a security token, or a trusted device, like your smartphone with an authentication app.
  • Something you are: These are biometrics. Examples include fingerprints, retina scans, or voice recognition.

Rights, permissions, and privileges are allocated to users based on their established identity. If a user possesses rights to a resource, they are provided authorization to use or access it.

Authentication (AuthN) vs. Authorization (AuthZ)

  • AuthN (Authentication):
    • Definition: The process of verifying a user's identity, proving that they are who they claim to be.
    • Example: Logging into an email account with a username and password.
  • AuthZ (Authorization):
    • Definition: The process that comes after authentication. It determines the permissions or rights an authenticated user has, dictating what they can and cannot do within a system.
    • Example: Once logged into the email account (after authentication), a user might have the authorization to read, send, or delete emails.

Access Control Types

  1. Mandatory Access Control (MAC):
    • Description: Uses a system-enforced access policy where individual object owners can't set access. Operates based on labels assigned to every object and subject.
    • Hierarchical Environment: Classifications are assigned in a structured order, ranging from low to high security.
    • Compartmentalized Environment: Focuses on specific clearances over domains or compartments rather than individual objects.
    • Hybrid Environment: A mix of both hierarchical and compartmentalized systems where security levels possess sub-compartments.
    • Key Point: Every object and subject in the MAC model has one or more predefined labels, with the system determining access based on these labels.
    • Software Example: SELinux in Linux employs MAC by assigning labels to every file, process, port, etc., and uses these labels to enforce policy decisions.
  2. Discretionary Access Control (DAC):
    • Description: Object owners have the discretion to define accessibility.
    • Software Example: NTFS in Windows or ext4 in Linux allow file creators to set permissions.
  3. Non-discretionary Access Control:
    • Description: Enforces system-wide access restrictions.
    • Software Example: Windows Group Policy enforces controls like preventing all users in a specific OU from using USB storage.
  4. Rule-based Access Control:
    • Description: Access is based on predefined rules.
    • Software Example: Cisco's Access Control Lists (ACLs) in their IOS or firewall solutions like pfSense. Additionally, Windows Group Policy can be viewed as implementing rule-based controls in the context of domain environments.
  5. Role-Based Access Control (RBAC):
    • Description: Access is based on defined job roles, each associated with specific permissions.
    • Example: Azure roles such as "Global Admin", "Access Admin", or "Security Reader" allow individuals occupying these roles to access specific resources or perform certain tasks.
    • Key Point: Users in RBAC are granted access based on their job function, ensuring they have the necessary permissions to execute their roles effectively.

Certification

  • Definition: The systematic technical evaluation of each component within a computer system to verify its alignment with security standards.
  • In simpler terms: It's like checking if each piece of a puzzle fits with the security picture we want.

Accreditation

  • Definition: The formal endorsement of a certified configuration by a designated authority.
  • In simpler terms: Once the system passes its "security test" (certification), an authoritative figure gives it a formal thumbs-up.

Security Policy

The role is to inform and guide the design, development, implementation, testing, and maintenance of some particular system.

We start with our organisation security policy and that gives us the rules that we need to adhere to designing and implementing a solution to resolve a problem. It could be an organisation, it could be a governing body. PCIEDSS for example gives out information relating to credit card data for example.

Privilege & Accountability

Principle of Least Privilege (PoLP)

  • Definition: Ensures that users or processes are granted only the permissions they need to perform their specific job function and nothing more.
  • Applications:
    • System Processes:Processes
      • "Only vital processes should run in supervisory or privileged mode to reduce the risk of malicious activities."
      • "Web servers must disable directory indexing to ensure only necessary access is granted and to prevent unintended disclosure of file and directory information."
    • Role-Based Access Control (RBAC): Assigning permissions based on roles within an organization. For instance, a data analyst might have read access to a database but not write or delete permissions.

Separation of Privilege

  • Definition: Requires multiple conditions or checks before a particular privilege is granted or an action is performed.
  • Applications:
    • System Operations: Requiring two separate keys or tokens to decrypt sensitive data.
    • Role Separation: An individual may have approval authority for a transaction, but a different individual must execute or finalize it. For instance, in financial institutions, a person requesting a funds transfer might not be the same person authorizing or executing it. 

Remember: Accountability ensures that an audit trail exists to trace operations back to their source. If permissions are granted at a higher level we know who or what did a certain operation (due care). 

Shadowed Passwords

  1. Traditional Password Storage: In early Unix systems, user account information, including hashed passwords, was stored in the /etc/passwd file. Because many applications and tools required read access to the /etc/passwd file to function properly (e.g., to map user IDs to user names), the file had to be world-readable. This presented a security concern because anyone could obtain the hashed versions of passwords and attempt offline password cracking attacks against them.

  2. Shadow Passwords Introduction: To address this vulnerability, the concept of shadow passwords was introduced. With this mechanism, actual hashed passwords are moved to a separate file called /etc/shadow, which is only readable by the root user. The /etc/passwd file still exists but no longer contains the actual password hashes. Instead, a placeholder is often put in the password field of the /etc/passwd file.

  3. Security Benefits:

    • Limited Access: Only privileged users (e.g., root) can access the /etc/shadow file, which minimizes the risk of password hashes being exposed to potential attackers.
    • Additional Metadata: The /etc/shadow file contains additional metadata for each account, such as password expiration details, account lockout details, and more.

  4. Working Mechanism:

    • When a user logs in, the system will look up the username in /etc/passwd to get the account's basic details.
    • The system then checks /etc/shadow for the hashed password corresponding to that username.
    • The system hashes the password provided by the user during the login process and compares it to the hash stored in /etc/shadow. If they match, the user is authenticated.
Back to top