Security in Computing Authorization, Cheat Sheet of Computer Security

Download Security in Computing Authorization and more Cheat Sheet Computer Security in PDF only on Docsity!

AUTHORIZATION

WHAT IS AUTHORIZATION?

Authorization is a security mechanism used to determine user privileges or access levels related to system resources, including computer programs, files, services, data and application features. Authorization is normally preceded by authentication for user identity verification. System administrators are typically assigned permission levels covering all system and user resources. There are a variety of types of authorization systems, including user rights, role-based authorization, access control lists, and rule-based authorization.

TYPES OF AUTHORIZATION

• User Rights
• Role Based Authorization (RBAC)
• Access Control Lists (ACLS)
• Rule Based Authorization

USER RIGHTS

User rights is a security feature that controls that user can use which resources and what actions can he perform over those resources. A systems administrator assigns a permission to let a user access a resource and assigns a right to let a user perform a task which affects the entire system. Other user rights are implicit and are rights that are granted to default groups that are created by the operating system instead of by administrators. These rights cannot be removed. In the typical implementation of a UNIX system, implicit privileges are granted to the root account. This account is authorized to do anything on the system.

FOLLOWING ARE THE THREE PRIMARY RULES ARE DEFINED FOR RBAC : (a) Role assignment: A subject can exercise a permission only if the subject has selected or been assigned a role. (b) Role authorization: A subject's active role must be authorized for the subject. This rule ensures that users can take on only roles for which they are authorized. (c) Permission authorization: A subject can exercise a permission only if the permission is authorized for the subject's active role. This rule ensures that users can exercise only permissions for which they are authorized.

THE ADVANTAGES OF USING RBAC :

• It restricts access to sensitive information thereby

reducing the potential of data breach.

• It ensures that the users have what they need and

nothing more. This keeps the network safe.

(a) File Access Permissions  (^) Both Windows and UNIX systems use file permissions to manage access to files (b) Windows File Access Permissions  (^) The Windows NTFS file system maintains an ACL for each file and folder.  (^) The ACL is composed of a list of access control entries (ACES).Each ACE includes a security identifier (SID) and the permission(s) granted to that SID. c) UNIX File Access Permissions  Traditional UNIX file systems do not use ACLs. Instead, ACLS are offered in addition to the traditional UNIX file protection scheme.  (^) ACEs can be defined on a file and set through commands. These commands include information on the type of entry (the user or the ACL mask), the user ID (UID). group ID (GID), and the (permissions). (d) ACLs for Network Device  (^) ACLS are used by network devices to control access to networks and to control the type of access granted.  (^) Specifically, routers and firewalls may have access control list that specify which ports on which computers can be accessed by incoming communications.

RULE BASED AUTHORIZATION Rule-based authorization requires the development of rules that stipulate what a specific user can do on a system. These rules provide information like which user can access which resource. In a small system and networks, rule-based authorization may not be too difficult to maintain, but in larger systems and networks, it is very tedious and difficult to administer.