In any technological infrastructure, laying out the rules, regulations and protocols for access control is of paramount importance. As the name indicates, access control allows a system architect to ensure the prevention of unauthorized access of important resources, privileges and data. In today’s world, the vulnerabilities that can be present in a system are increasing exponentially as modern hackers continue to find new security loopholes. During the development of an architecture, framework or enterprise software solution, after we have identified the assets, we need to search for the possible vulnerabilities and threats that could be targeted by people with sinister intentions.
In this article, the rudimentary tenets of security access control are explained along with possible ways to ensure rigorous security in a system.
Assets of a System
Before we can find risks, mitigate them and make our system secure, we need to identify the most important assets of our system. An access control’s definition would not make any sense if we didn’t know the assets that we want to limit access to.
In the domain of information security, asset can be defined as any device, data or component that supports data-related activities in a system. Assets include software (support systems, critical applications), hardware (routers, switches, servers, RAIDs) and confidential information (user pertinent data). The protection of assets from theft, destruction, disclosure and unauthorized access is mandatory.
The process of asset classification begins with their identification. Once identified, we perform the accountability process, followed by schema creation and eventually the classification schema implementation. Identifying assets is a fairly simple task; you just have to figure out the components of your infrastructure that are “critical” for your system’s availability.
Once we are able to figure out the critical assets that are essential for the safe running of the business, we are able to make sound decisions to ensure high security levels (that are mandatory to ensure maximum protection). Additionally, it also allows system engineers to determine the redundancy levels that would be required in order to ensure complete backup capability in case of catastrophe. Broadly, we can categorize assets into the following types:
All the information pertinent to your business and system will fall under this type. The information can be organized or classified (and even collected) in different forms. Let’s see some examples:
Files: These can contain the updated data regarding transactions.
Databases: All the information regarding the employees, company resources, finances and clientele, etc., can be found in the databases. The availability, integrity and confidentiality of databases is of paramount importance.
As the name indicates, physical assets consist of the tangible and visible equipment of a system. They can include:
Computers, mainframes, servers, laptops, etc.
Data communication tools like routers, EPABXs, fax machines and modems
Media storage devices
Software assets are arguably the most important, and ensuring their security should always be a top priority. They can be further divided into two categories:
System software: All the operating systems, database management systems, development utilities and tools, software suites and office suites, etc., fall under the system software category.
Application software: The application software represents the implementation of business rules of a system. Normally, the application software takes time in implementing and is often regarded as the most important asset of a system. Any small flaw in the application software asset can cause significant chaos to the system.
Last but certainly not of least importance, the services offered by a system are also important assets. They can include:
Consumer services that have been offered by a firm
Communication services, e.g., VAS (Value added services), WAN (Wide area network) or voice communication, etc.
Once we have been able to identify the assets of our system, we need to find out their corresponding “Values.” An asset can best be valued by the owner of the asset. Only when we are able to value an asset are we able to find the extent to which we must go to ensure its security. This encompasses the replacement value (along with the penned down value). Once we have truly valued an asset, we will be able to go about identifying the measures that are needed to ensure its adequate protection.
Now that we know the most important assets of our system, we can try to determine the possible risks that can be present. The risk identification process can be long (and should be long), and if done the right way, it can go a long way to ensuring the development of a sound infrastructure. A brief overview of the risk identification process can be:
The identification of potential risk items by the Risk Integrated Product Team (RIPT). Using prior experience, subject matter expertise, readiness level determination techniques, programmatic constraints and (good old) brainstorming, important infrastructural risks can be identified.
Once identified, we need to figure out whether the risks are acceptable or not. The accepted ones should be written down for further assessment.
The root causes for the risks are to be identified.
Risk analysis should be performed to isolate the cause and determine the possible consequences and effects of the risk.
Plan the risk mitigation progress.
The most common risks in the domain of cyber security are:
Inability to deal with the various penetration attacks
Inability to detect viruses and Trojans
Inadequately sophisticated authentication and authorization procedures
Poorly maintained and scarcely updated access control lists
Use of easily decipherable cryptographic techniques
Identifying and understanding the possible vulnerabilities in a system is of critical importance. Vulnerabilities transcend risks in importance and danger because they often remain undetected. Once identified, vulnerability analysis procedures need to be carried out to ensure maximum protection of a system from the bad guys (hackers, etc.). The key actions that need to be taken are:
Understand the most common source of attacks: To do so, you need to do adequate research of your domain to be able to discover loopholes in your system. See how similar systems have been targeted in the past and ensure that your access control security guard doesn’t let any unauthorized entity through.
Make a list of all the possible vulnerabilities: Sophisticated vulnerability assessment tools can also be used during this process. Microsoft Baseline Security Analyzer is a good example.
Assess the vulnerabilities and ensure maximum removal: Most of the vulnerabilities can get targeted, leading to loss of sensitive data among other resources. It’s therefore of great significance to ensure that the maximum number of vulnerabilities are removed.
More information regarding detecting vulnerabilities in a system can be found here.
Identifying Threats and Ensuring System Protection
It’s possible for the system to possess certain sources of threat, even after adequate risk mitigation and vulnerability assessment procedures. Threat modeling is hence a substantially important step in the system development process. The three different techniques that can be used to model threats are:
Software-centric threat modeling: We figure out the possible threats in a system software by drawing data-flow diagrams, use-case diagrams and sequence diagrams.
Asset-centric threat modeling: As the name indicates, this threat modeling process begins after the asset identification procedure.
Attacker-centric threat modeling: We find threats whilst keeping the possible attackers in mind.
There are many ways to mitigate threats to a system. These include:
Access Control Lists
An ACL or an access control list is a list that contains Access control entries (ACE). An ACE represents a trustee and also signifies the access rights that are allowed, audited or denied for the specific trustee. There are two different types of access control lists, namely the DACL or the SACL.
The discretionary access control list (DACL) maintains the collection of trustees that have been denied or allowed access to a specific object. A system access control list (SACL), on the other hand, maintains the number of access attempts that have been made for an object.
Both DACLs and SACLs should be maintained for a system and should be periodically monitored and updated.
MFA or multi-factor authentication is another method to ensure the sanctity and security of a system. With MFA, a user only gets granted access to a resource once they have presented different pieces of evidence to the authenticating entity. Normally, the requestor of access has to present possession (something they own), inherence (who they are) and knowledge (something they are aware of) to the system.
Data encryption via the most unbreakable cryptographic algorithms can also help a security architect in ensuring the integrity and security of the system. The RSA algorithm can be considered a recommended choice for this purpose. The Kerberos V5 protocol is an ideal choice for systems that require communication between authenticated servers and clients.
Sophisticated password policies should also always be in place to ensure security and stringent access control. Even though a strong password policy is a nuisance for the users, it has become an absolute necessity today.
The objective of this article is to make readers aware that secure access control has become a necessity for architectures or organizations or systems. If the processes of asset identification, risk mitigation, vulnerability analysis and threat prevention are paid extra heed to during the development (and maintenance) of a system, then access to valuable resources can be excellently controlled.