Site Loader

The process of providing access to authorized users or legitimate users and denying access to unauthorized user is known as Access Control. Operating System (OS) is responsible for doing it. It is a multi- step process, starting with identification and authentication. The two main types in which access control is divides are Physical (Limit access to building, IT assets, Server rooms etc) and logical access controls (Limit access to Organization network, servers, Internet services, Data, files etc).The 4 main categories in which access control is divided are as follows:Mandatory access control (MAC) – This is the most common strategy used in Military. Like access is provided to subject based on the classification of information (Unclassified, classified, restricted, secret and top secret). E.g. access to top secret information related to national security should have a clearance of highest level.54rDiscretionary access control (DAC) – It means access is granted to resources based on user’s settings. E.g.: ACL’sRole-based access control (RBAC) – Normally windows do not use it directly. OS of windows use it as combination of DAC and RBAC.Rule-based access control- It allows user to access a specific group based on their rule.Access controls rules must be taken into account in order to protect applications, information assets, IT Resources etc against unauthorized access which could result in compromise of confidentiality, integrity and availability of data and IT Resources.Various aspects of an access control policy:Access control basically works on principle of least privilege. It allows users to basically what they really need to complete their work and stop those accessing unauthorized data, files, server, network etc. A week access control policy leads to data compromise or data disclosure etc while in opposite side of it if we have make strong ACLs restrict folders or files and application control limit access to data than data breach/modification can be difficult for any kind of attack. The most common and manageable way to implement principle of least privilege is creating users group which represent roles in your company/firm.Another main aspect of access control policy is while implementing it we should have to focus on Identification (via User ID, Identification no or name), Authentication (via password, Biometric, Token no etc) and Authorization (permission and rights to access).The need for designing procedures for simple tasks such as creating or modifying access controls:To manage system activities associated with access to information, data, files, network, user access management, configuration, monitoring etc we should need to create access control procedure/policies/guidelines etc. With these procedures we can restrict unauthorized access to any information and can also protect information CIA (Confidentiality, Integrity & availability). Using procedure:You can define which users or groups can log on to groups of computers.It allows you to define user or group-based access control lists (ACLs).Data compromised can be minimized.Removal of access rights while termination of an employment.Create a procedure guide that provides clear instructions that anyone with a basic technical knowledge base can follow.Active Directory allows us to define which users or groups can log on to groups of computers.AD also allows us to define user or group-based access control lists (ACLs).Active Directory can deploy ACLs that restrict object access by user or group.Based on these features of AD we can provide rights/permissions to users and groups which are categorized as follows (reference taken from Text book – Solomon, M. (2014). Security strategies in Windows platforms and applications)Read-only- Limited user rights, prevented from making most system changes like users.Read-write- Managers have read and write permissions usually.Administrator/Full Access- Limited administrative rights, including the ability to install software and manage users, and extensive file and folders access permissionsSuper Admin- Unrestricted access to the computer’s resourcesSteps need to follow in procedure:Create new groups with a name ShopFloor, Managers and HRManager in the Active Directory.Create new user(s) with different names for example-SFUser01, SFUser02, HRUser01, HRUser02, SFManager etcAdd the newly created users- SFUser01, SFUser02 to ShopFloor Group, HRUser01, HRUser02 to HRManager group, SFManager to Managers group.Add the required permissions/privileges read, read/write, Administrator to ‘Managers, HRManagers and ShopFloor groups.The permissions assigned to these groups will automatically be given to their group members.In case any new user will be added to any of these group in upcoming future than he/she will get the same rights/permissions which already existing users had.For detailed procedure guide please refer to the attached .Design the procedures for collecting and storing documented access control changes.Auditing is a process of gathering performance information on which OS has taken actions and stored this information of later detailed analysis. Similarly here in case of access control, auditing makes a record of allowed access and denying access requests. AGULP it is an approach which provides a way for managing any no. of users predictably. It really helps in storing information of access control change procedure in case of large no of users in a networkFollowing are the steps of Auditing which makes a procedure for collecting and storing documented access control changesFirst step is enabling auditing- it stores windows audit event notes in event logsNext step is to view and analyze the event log files- It uses the window event viewer to access logs.All the policies/procedure and guidelines of access control changes should be stored in main server location. Also it should be only viewed, modify and updated by authorized person. This document should be marked as classified document in the server and principal of least privilege should be applied on it. Only company’s main think tank and security chief officers etc are allowed to change anything it.

Post Author: admin

x

Hi!
I'm Lewis!

Would you like to get a custom essay? How about receiving a customized one?

Check it out