Module 2d: Cybersecurity P3 (Principles, Practices and Processes)
Administrative access controls (AAA)
-Authentication: first A in AAA represents authentication. Authentication verifies the identity of each user, to prevent unauthorized access. Users prove their identity with a username or ID. In addition, users need to verify their identity by providing one of the following: Something they know (such as a password). Something they have (such as a token or card). Something they are (such a fingerprint). In the case of two factor authentication, which is increasingly becoming the norm, the system requires a combination of two of the above rather than just one to verify someone's identity. -Authorization: determine which resources users can access, along with the operations that users can perform. Authorization can also control when a user has access to a specific resource. For example, employees may have access to a sales database during work hours, but the system locks them out afterhours. -Accounting: keeps track of what users do — including what they access, the amount of time they access resources, and any changes they make. These services provide the primary framework to control access, preventing unauthorized access to a computer, network, database or other data resource.
Authentication methods
-What you know Passwords, passphrases or PINs are all examples of something that the user knows. Passwords are the most popular method used for authentication. Users need to use different passwords for different systems because if a criminal cracks the user's password once, the criminal will have access to all of the user's accounts. A password manager can help you create and use strong passwords — and means that you do not have to remember each of these passwords, either. -what you have Smart cards and security key fobs are both examples of something that users have in their possession that can be used for authentication purposes. -who you are Unique physical characteristics, such as a fingerprint, retina or voice, which identify a specific person are called biometrics Physiological characteristics — fingerprints, DNA, face, hands, the retina or ear features. Behavioral characteristics — patterns of behavior such as gestures, voice, gait or typing rhythm.
When to implement authorization
Authorization is automatic and does not require users to perform additional steps after authentication. System administrators have set the network up to implement authorization immediately after the user authenticates.
A member of the accounting team left their security key fob on the train on their way to work. The cybersecurity team is keen to ensure this won't lead to a security breach if it happened again. Now is a great chance to put your knowledge into action. Advise @Apollo by selecting the most suitable multi-factor authentication combination to prevent such a security breach from the list below. A.Smart card, PIN and security key fob B.Security key fob and smart card C.Password and PIN D.Fingerprint, PIN and security fob
D.Fingerprint, PIN and security fob
Providing Accountability
Data retention, media disposal and compliance requirements all provide accountability. Many laws require the implementation of measures to secure different data types. These laws guide an organization on the right way to handle, store and dispose of data. The education and awareness of an organization's policies, procedures and related laws can also contribute to accountability.
Physical access controls
actual barriers deployed to prevent direct physical contact with systems. The goal is to prevent unauthorized users from gaining physical access to facilities, equipment and other organizational assets. determines who can enter (or exit), where they can enter (or exit) and when they can enter (or exit). Here are some examples of physical access controls: -Guards to monitor the facility. -Fences to protect the perimeter. -Motion detectors to detect moving objects. -Laptop locks to safeguard portable equipment. -Locked doors to prevent unauthorized access. -Swipe cards to allow access to restricted areas. -Guard dogs to protect the facility. -Video cameras to monitor a facility by collecting and recording images. -Mantrap-style entry systems to stagger the flow of people into the secured area and trap any unwanted visitors. -Alarms to detect intrusion.
implementing accountability
consists of technologies, policies, procedures and education. Log files provide detailed information based on the parameters chosen. For example, an organization may look at the log for login failures and successes. Login failures can indicate that a criminal tried to hack an account, and login successes tell an organization which users are using what resources and when.
Authorization
controls what a user can and cannot do on the network after successful authentication. After a user proves their identity, the system checks to see what network resources the user can access and what they can do with the resources.
identification
enforces the rules established by the authorization policy. Every time access to a resource is requested, the access controls determine whether to grant or deny access.
Logical access controls
hardware and software solutions used to manage access to resources and systems. These technology-based solutions include tools and protocols that computer systems use for identification, authentication, authorization and accountability. Logical access control examples include: -Encryption is the process of taking plaintext and creating ciphertext. -Smart cards have an embedded microchip. -Passwords are protected strings of characters. -Biometrics are users' physical characteristics. -Access control lists (ACLs) define the type of traffic allowed on a network. -Protocols are sets of rules that govern the exchange of data between devices. -Firewalls prevent unwanted network traffic. -Routers connect at least two networks. -Intrusion detection systems monitor a network for suspicious activities. -Clipping levels are certain allowed thresholds for errors before triggering a red flag.
Federated Identity Management
multiple enterprises that let their users use the same identification credentials to gain access to the networks of all enterprises in the group. Unfortunately, this broadens the scope and increases the probability of a cascading effect should an attack occur.
Admin Access controls
policies and procedures defined by organizations to implement and enforce all aspects of controlling unauthorized access -Policies are statements of intent. -Procedures are the detailed steps required to perform an activity. -Hiring practices define the steps an organization takes to find qualified employees. -Background checks are a type of employee screening that includes information of past employment verification, credit history and criminal history. -Data classification categorizes data based on its sensitivity. -Security training educates employees about the security policies at an organization. -Reviews evaluate an employee's job performance.
What is accountability?
traces an action back to a person or process making this change to a system. Accountability then collects this information and reports the usage data. The organization can use this data for such purposes as auditing or billing. The collected data might include the log-in time for a user, whether the user login was a success or failure, or what network resources the user accessed. This allows an organization to trace actions, errors and mistakes during an audit or investigation.
Multi-factor authentication
uses at least two methods of verification — such as a password and something you have. Multi-factor authentication can reduce the incidence of online identity theft because it means knowing a password will not give cybercriminals access to a user's account.