Security Governance and Access Control Notes

Access Control Overview

  • Definition: Access control defines the actions allowed for authorized users, mediating every access attempt to system resources.
  • Regulation: Determines who can interact with information and what operations they can perform.
  • Subjects: Active entities requesting permission, which include authorized/unauthorized users, applications, and systems.
  • Objects: Passive entities holding data such as files, applications, or networks.

NTFS File System Permissions

  • Permissions in NTFS include:
    • Full Control: Access to all actions, including file deletion and permission changes.
    • Modify: Read, write, and delete files/folders.
    • Read & Execute: Open files and run programs.
    • List Folder Contents: View contents of a folder without modifying files.
    • Read: Open and view files without modifying them.
    • Write: Create and modify files but not delete them.
    • Special Permissions: Custom combinations for specific security needs.

Role-Based Access Control (RBAC)

  • RBAC: Allows data owners to define access based on user roles.
  • Open-Source Framework: Designed for Linux kernel security, providing granular control over files, processes, users, and devices.

Modules of Access Control

  1. Mandatory Access Control (MAC): Managed by security policies, e.g., Windows Mandatory Integrity Control (MIC).
  2. Privacy Module (PM): Protects sensitive data, e.g., Data Loss Prevention (DLP) in Windows.
  3. Function Control (FC): Regulates system calls a process can execute, e.g., Windows Defender Exploit Guard.
  4. File Flag (FF): Manages file properties to prevent unauthorized changes, e.g., Windows File Attribute System.
  5. Malware Scan (MS): Monitors processes for malicious behavior, e.g., Windows Defender Real-Time Protection.
  6. Role Compatibility (RC): Access is restricted based on assigned user roles, e.g., Active Directory Group Policies.
  7. Security Information Modification (SIM): Controls access to security settings, e.g., Windows Security Policy Editor.
  8. Authentication (Auth): Manages user authentication at the kernel level, e.g., Windows Local Security Authority (LSA).
  9. Access Control List (ACL): Offers fine-grained permission control for files, e.g., Windows NTFS ACLs.

Network Trust Models

  • Types:
    • Internet: Global network, external services like the WWW.
    • Intranet: Private network for organization members, protected by firewalls.
    • Extranet: Restricted network allowing external user access for collaboration.
    • Demilitarized Zone (DMZ): A buffer between internal networks and the internet, preventing unauthorized access.

Security Best Practices

  • Align security programs with industry standards.
  • Utilize proven methods to achieve desired outcomes.
  • Categories of security principles include:
    • Defense-in-Depth: Multiple security layers protecting assets.
    • Risk-Based Controls: Measures based on Threat + Vulnerability + Impact.
    • Least Privilege: Minimum necessary access rights to perform roles.

Authentication-Authorization-Accounting (AAA)

  • Authentication: Verifies user identities.
  • Authorization: Defines access levels for authenticated users.
  • Accounting: Logs user activity for monitoring.
  • Separation of Duties: Prevents critical responsibilities from being assigned to a single user.

Security Controls

  • Categories of controls:
    • Management Controls: Policies for risk/security management.
    • Technical Controls: Security mechanisms in hardware/software to prevent unauthorized access.
    • Operational Controls: Security measures executed by personnel.

References

  • Various resources provided, including blogs, Microsoft documentation, and videos on Windows security policies and controls, illustrating practical applications of the discussed theories.