Based in Denver, CO, Agile Ideation collects the thoughts and experiences of Ed Schaefer. His posts explore agile and devops related topics as he works to maximize team effectiveness and minimize waste through continuous learning, coaching and empowering teams.

Access Controls


When one thinks about security, one of the first things that comes to mind is external attackers trying to find an opening and work their way into the primary system. While these types of attacks should certainly be of concern, users with too much access can cause just as many, if not more, problems for a system or network. Access controls are a way of restricting user access and limiting abilities to make changes to the system. These controls can be used to ensure a user does not install an application or even open certain file types that could potentially be harmful. An excellent example of an access control that most people are familiar with is the User Access Control feature in newer versions of Microsoft Windows. This control pops up a warning box when any program attempts to create or modify aspects of the machine. For so called ‘power’ users this feature may seem annoying, but for a less savvy user this feature could make the difference between being protected from or infected by a virus.

While it is easy to understand why user access must be restricted, how severe these restrictions should be for whom and how to implement the restrictions can be a tricky and complicated process. To simplify the planning of such a system models of access control can provide the essential framework. There are four primary access control models: Mandatory Access Control (MAC), Discretionary Access Control (DAC), Role Based Access Control (RBAC) and Rule Based Access Control (RBAC). In Mandatory Access Control there is an administrator who has full control over security and access restrictions. Users do not have any ability to determine restrictions or security levels in MAC. This is almost completely opposite with the Discretionary Access Control model. In DAC the user is responsible for defining levels of access and restrictions on who can view edit or even who is completely restricted. The ‘who’ DAC looks at is typically based on some type or grouping or perhaps by security clearance. In the case of varying security clearances DAC will allow anyone with higher privileges to view any file that lower privilege levels are granted, but nothing restricted to higher levels only.

MAC and DAC were two of the original approaches to access control, but modern technology and processing speeds has allowed two newer approaches to be more common. One of the most widely used by organizations today is Role Based Access Control. With this methodology a rule set is created based on a specific role; all individuals in that role are granted access based on the set rule set. This makes it trivial to adjust the role if an individual changes positions and responsibilities within the organization. Additionally if rules need to be modified or changed for an entire group of people, this is done simply by changing restrictions on the role itself. This would save time and money relative to rule sets being set up for individual people. Similar is Rules Based Access Control in which a set of rules are in place on an application or file, the role an individual has is compared against the rule set and if the proper permissions are in place access is granted.

One often underestimated aspect of access control and restriction is physical. Physical vulnerabilities take many forms and possible harm spans a range from malicious attack to natural disaster. The term physical security brings to mind heavy doors, barred windows, security guards and video cameras. These are all aspects of a certain type of physical security, but there truly is much more. If an intruder is able to get past secure gates and locked doors, physical theft or destruction should still not be easy. Many college students use laptop locks to add just enough disincentive to turn an attacker away. For an organization a lock is simply not enough. A persistent attacker may attempt to dismantle the hardware to steal a specific component such as a hard drive. Even worse would be an attacker destroying data and hardware. All machines should be physically secured in some type of locked, ventilated cage to prevent both intrusion and damage. This step could also prevent damage in the event of a natural disaster, even something as simple as a tree crashing through a window. Additional protection in the form of waterproofing or shock absorption could also be good ideas depending on the most common local natural disasters. Redundancy is also an important piece of physical access controls as redundant backups must be sufficient to protect all data and be in separate locations in the event of physical harm. These must also be protected so they are not stolen or just as important modified without sufficient permission.

A final aspect of access control methodology that is becoming more entwined with physical access control is logical access control methods. Logical access control methods are actually a part of nearly every form of access control as this is the portion that identifies users, access and restrictions. As a part of physical access logical access controls could include key cards, fingerprint or retinal scans, even voice identification. In a rule-based access control system the set of permissions on an object in the form of an access control list is one type of logical access control. The policies created for a specific role in the form of groups are another example of a logical access control. Any restrictions placed on a user are also examples of logical access controls; an excellent example is the old AOL account set up page. This would allow a parent to set restrictions not only on the amount of time allotted, but the time of day it can be used, in addition to setting web access based on a certain rule set that categorized web sites. The most commonly used form of logical access control is the password, though it is also one of the most vulnerable. It is often considered unsafe to record a password; so many users create something easy to remember, which often means it is not a strong password. If a user can generate a sufficiently secure password and protect it, an attacker has no chance of gaining access.

It is important for users to understand why access controls are put in place. Far too often access controls appear to be a way to restrict someone from something, and rarely understood as a way to protect not just an organization but the user as well. Access controls exist at many levels of an organization and it is important to tie these together whenever possible to provide the best experience for the user and the least amount of time and energy on set up and maintenance. It is important to combine access controls in ways that even if one or more aspects is able to be bypassed, additional layers are in place that will ensure an attacker cannot gain complete and total access.



Common Attacks