Access Rights and Access Controls in the Workstation Domain
You learned in the previous sections how important it is to implement the correct controls in the Workstation Domain. Proper security controls limit access to objects based on a user’s identity. Access control methods may be based on the permissions granted to a user or group, or they may be based on a user’s security clearance. Either way, access rights start with knowing which user requests access to an object and what the user’s identity permits him or her to do.
Most computers require you to log on before you can access any resources on the computer. Even systems set up to automatically log on are actually logging on to a predefined user account. The first step in logging on is to provide a user ID or username. Providing user credentials or claiming to be a specific user is called identification. Simply identifying yourself is not enough. If all you have to do is claim to be a user, anyone can claim to be a system administrator and gain permission to carry out potentially harmful actions. Operating systems require users to follow the identification step with authentication. Authentication is the process of providing additional credentials that match the user ID or username. Only the operating system and the real user should know the authentication credentials. The most common authentication credential is the password. Other options include security tokens and biometric characteristics. When you provide the correct user ID and authentication credentials, you are logged on to your user account.
As the operating system logs you on, it looks up security authorization information and grants you access permissions based on your identity. (Authorization refers to the access rights allowed.) There are two main approaches for authorizing users to access objects. Both approaches evaluate whether a user, also called a subject, has the permission to access some resource, also called an object. Access objects can be files, directories, printers, or any resource. There are other methods as well, but two methods are the most common ones you’ll encounter.
The first access method uses access control lists (ACLs), which are lists of access permissions that define what each user or security group can do to each object. Each object uses ACLs or permissions to define which users can access it. The object’s owner can grant access permissions to any desired user or group. Because granting access is at the owner’s discretion, this type of access control is called discretionary access control (DAC).
The second type of access control is not based on specific permissions but on the user’s security clearance and the object’s classification. Organizations that use this type of access control assign a specific classification to each object. Security classifications used by the U.S. government, for example, include Top Secret, Secret, Confidential, and Unclassified. Other governments and nongovernmental organizations use slightly different classifications, but most classification schemes are similar. Each user receives a security clearance that corresponds to one of the classifications in use. The operating system grants access to objects based on a user’s security clearance and the requested object’s classification. For example, a user with a Secret clearance can access Secret, Confidential, and Unclassified objects but cannot access Top Secret objects. Because there is no discretion involved in granting access, this access method is called mandatory access control (MAC).
Type II authentication is generally stronger than Type I, and Type III is generally stronger than either Type I or Type II. You can make the authentication process even stronger by using more than one type at the same time. Using two types of authentication is called two-factor authentication and using more than two types is called multifactor authentication. Using more than a single authentication type strengthens the process by making it more difficult to impersonate a valid user.
Regardless of the access control method you use, the end result is the ability to restrict access to objects by user account. Access control methods enable you to define an access control strategy that allows you to define controls to support your security policy.