Lesson 22-Privilege Management

1
Lesson 22-Privilege Management
2
Objectives

• Upon completion of this lesson, the learner will
  be able to
• Describe the differences between user, group, and
  role management.
• Explain the advantages of single sign-ons.
• Compare and contrast centralized privilege
  management and decentralized privilege
  management.
• Describe and explain the different auditing types
  (privilege, usage, and escalation).
• Describe the methods of managing access (MAC,
  DAC, and RBAC).

3
Privilege Management - Background

• Privilege management is the process of
  restricting a user's ability to interact with the
  computer system.
• Earlier, anyone with physical access to computer
  systems had fairly significant rights to the
  system and could typically access any file or
  execute any application.
• Later, it became obvious that some way of
  separating and restricting users was needed.

4
Background

• Privilege management is a part of modern
  operating systems and computer operations.
• Everything a user can do to, or with, a computer
  system is part of privilege management.

5
User, Group, and Role Management

• Users
• For the effective management of privileges of
  many people on the same system, there must be a
  mechanism to separate people into distinct
  entities (users).
• Groups
• It is convenient and efficient to group users
  when granting different people (groups) access to
  something at the same time.
• Roles
• It is useful to grant or restrict access based
  upon a person's job or function within the
  organization (role).

6
User

• A user
• Is a single individual, such as Vic Maconachy.
• Is the lowest level addressed by privilege
  management addresses access, rights, and
  capabilities.
• Is given a userida unique alphanumeric
  identifier to log on or access the system.
• The scheme for selecting userids should be as
  follows
• They must be unique to each user.
• They must be easy to remember and use.

7
User

• The administrator assigns specific permissions to
  a user with a specific userid.
• Permissions control what users are allowed to do
  on a system
• The files they may read.
• The files they may write.
• The files they may modify.
• The programs they may execute.

8
Special Users

• Special user accounts
• Do not match one-to-one with a real person.
• Are reserved for special functions.
• Have much more access and control over the
  computer system than the average user.

9
Special Users

• Special users are
• Administrator account in Windows
• Root account in UNIX
• Administrator and root accounts are known as
  superusers.
• Due to the power these accounts possess, they
  must be protected with strong passwords that
  cannot be easily guessed.

10
Groups

• A group
• Is a collection of users with common criteria,
  such as a need to access a particular dataset or
  a group of applications.
• Can have one or more users, and each user can
  belong to one or more groups.

11
Group Inheritance

• When a group is assigned permissions to access a
  particular resource, adding new users in that
  group will automatically have access to that
  resource.
• Users inherit permissions of the group as soon
  as they are assigned to that group.

12
Role

• A role is synonymous with a job or a set of
  functions.
• Rights and privileges can be assigned to the
  role.
• Anyone assigned to fulfill that role will
  automatically have the correct rights and
  privileges to perform their tasks.

13
Single Sign-On

• Single Sign-On (SSO) is an authentication process
  that allows a user to enter a single userid and
  password.
• In the single sign-on process
• Users sign in to the single sign-on server.
• The single sign-on server then provides
  authentication information to any resource the
  user accesses during that session.
• The server interfaces with the other applications
  and systemsthe user does not need to log on to
  each system individually.

14
Effective SSO

• To be effective and useful, all applications
  should be able to access and use the
  authentication provided by the single sign-on
  process.

15
Management

• The two approaches to rights and privilege
  management are
• Centralized
• Decentralized

16
Centralized Management

• Centralized management brings the authority and
  responsibility for managing and maintaining
  rights and privileges into a single group,
  location, or area.

17
Advantages of Centralized Management

• The advantages of centralized management are
• Fewer people must be trained on tasks associated
  with privilege management.
• It is easier to implement new capabilities and
  processes centrally.
• It is easier to audit and manage.
• It ensures a consistent approach.

18
Disadvantages of Centralized Management

• The disadvantages of decentralized management
  are
• It is difficult to implement changes quickly.
• It adds bureaucracy and is less flexible.
• It usually requires dedicated personnel and
  resources.
• It slows the functions at remote offices.

19
Decentralized Management

• Decentralized management spreads the authority
  and the capability to manage privileges and
  rights.
• This is similar to each user or department
  controlling their own access to information
  systems and associated resources.

20
Advantages of Decentralized Management

• The advantages of decentralized management are
• The model is highly flexible, as changes can be
  made whenever needed.
• It does not require a dedicated set of personnel
  and resources.
• It reduces bureaucracy.

21
Disadvantages of Decentralized Management

• The disadvantages of decentralized management
  are
• It produces different approaches in each
  department and office.
• It is more difficult to manage, audit, and
  maintain.
• It increases the risk of security breach and
  corruption.
• It requires more users to be trained on the same
  tasks.

22
Decentralized/Centralized Model

• In reality, most companies use a combination
  approach.
• It is more efficient to decentralize control away
  from the main corporate office and let each
  office location handle its own privilege
  management tasks.
• Within each office, privilege management is
  usually centralized to a specific group of
  individuals (often the system administrators or
  security personnel).
• On a macro scale, the company as a whole is
  decentralized, while on a micro scale, each
  office is centralizedit just depends on the
  level of examining the organization.

23
Auditing

• Privilege auditing
• Usage auditing
• Escalation auditing

24
Auditing

• Auditing is referred to any actions or processes
  used to verify the assigned privileges and rights
  of a user, and any capabilities used to create
  and maintain a record showing who accessed a
  particular system and what actions they
  performed.
• Records showing which users accessed a computer
  system and what actions they performed are called
  audit trails.

25
Privilege Auditing

• Privilege auditing is the process of checking the
  rights and privileges assigned to a specific
  account or a group of accounts.
• Each user account, group, and role is checked to
  ensure that rights and privileges are assigned.
• These results are then compared with the
  expected results to see the difference between
  the two.

26
Privilege Auditing

• Privilege auditing
• Ensures that users have the correct privileges
  and rights to perform their jobs.
• Follows the trust but verify philosophy of
  double-checking each account, group, and role to
  ensure administrators have performed their jobs
  correctly.

27
Usage Auditing

• Usage auditing
• Is the process of recording who did what and
  when.
• Creates a record showing who has accessed
  specific computer systems and what actions that
  user performed during a given period of time.
• Can also be applied to datasets, specific
  applications, or databases, and it is very
  commonly used in accounting systems,
  transaction-based systems, and database
  management systems.

28
Usage Auditing

• Usage auditing is
• Usually performed by a process that records
  actions and stores them in a file for later
  analysis.
• Common in both UNIX and Windows operating systems.

29
Logging Flexibility

• Audit policy options available in the Windows
  2000 operating system are flexible.
• There are several audit policies that can be
  enabled with success and failure criteria.
• The successful access to a particular file or a
  logon failure can be audited.

30
Logging Flexibility
Audit Policy settings under Windows 2000
31
Usage Auditing

• In case of a security event, the events such as
  which accounts were compromised and what actions
  were performed can be recreated.

32
Escalation Auditing

• If users need more privileges, they need to
  switch to the administrator or root account.
• In the normal course of operations, certain users
  elevate their privilege level, and this is
  acceptable behavior.
• Any privilege escalation outside the
  administrator group is likely a security breach.

33
Escalation Auditing

• Escalation auditing looks for those unexpected or
  unauthorized increases in rights or privileges
  and can help security administrators determine
  when they have happened.

34
Escalation Auditing

• Escalation Auditing
• In this auditing log file, the user Zack logs
  on to the system and attempts to switch to the
  root account.
• He fails once and then succeeds, becoming root.
  He has all the rights and privileges associated
  with that account.
• The security administrator needs to ensure Zack
  has legitimate access to the root account, and
  that he is authorized to elevate his privileges.

A sample of a usage-auditing log from a Red Hat
Linux system
35
Access Control

• Mandatory access control (MAC)
• Discretionary access control (DAC)
• Role-based access control (RBAC)

36
Mandatory Access Control

• MAC controls access to information based on three
  criteria
• Sensitivity of that information.
• Whether or not the user is operating at the
  appropriate sensitivity level.
• Whether or not the user is authorized to access
  that information.

37
Mandatory Access Control

• Each piece of information and every system
  resource (files, devices, networks, and so on) is
  labeled with its sensitivity level (such as
  Public, Engineering Private, Jones Secret).

38
Mandatory Access Control
Logical representation of mandatory access control
39
Mandatory Access Control

• Access control and sensitivity labels are
  required in a MAC system.
• Administrators define the labels and assign them
  to users and resources.
• Users must then operate within their assigned
  sensitivity and clearance levels.
• Users do not have the option to modify their own
  sensitivity levels or the levels of the
  information resources they create.

40
Discretionary Access Control

• Discretionary access control is the process of
  using file permissions.
• Optionally, access control lists (ACL) are used
  to restrict access to information based on a
  user's identity or group membership.
• The discretionary part of DAC means that a file
  or resource owner has the ability to change the
  permissions of that file or resource.

41
Discretionary Access Control

• Under UNIX operating systems, file permissions
  consist of three distinct parts
• Owner permissions (read, write, and execute)
• Group permissions (read, write, and execute)
• World permissions (read, write, and execute)

42
Discretionary Access Control

• DAC for UNIX Environment.
• A user can read, write, and execute a file (rwx)
• The members of the group can read and write a
  file but not execute it (rw-).
• Others have no access to a file and cannot read,
  write, or execute the file.

43
Role-Based Access Control

• RBAC manages access and privileges based on the
  user's roles.
• In this method, first, the activities that must
  be performed and the resources that must be
  accessed by specific roles are determined.
• After roles are created, and the rights and
  privileges associated with those roles are
  determined, users can then be assigned one or
  more roles based on their job functions.