Users’ access to the organization’s information systems is the next layer of control, composed of the network, host, application and database components. For the moment, we will use the case where the user is at work in the organization’s office, i.e., they have gone through the physical perimeter. Now they must gain access to the information system, much like gaining access to a container protecting information. The sign on requires the user to identify who they are (the userid) and validate that identity through something they know or have (e.g., password, pin, access card with chip). This process may have to be repeated in order to access different computers or to access specific applications. The risk to confidentiality, integrity and availability of information within the information system is reduced by the strength of the access controls, making it more difficult for unauthorized users to gain access. Today two-factor authentication has become necessary due to the high capabilities possessed by many threat agents.
Access administration is an important component of maintaining the difficulty for unauthorized users to gain access. It is quite natural to desire the ability to quickly authorize users to have access to everything they need to do their job. But if not managed properly, they may have access to systems not required for their job, increasing risk to confidentiality, integrity and availability. But often overlooked is the need to remove access when it is no longer required. Over a long career in a large organization, individuals gradually build up a large collection of authorized accesses. Even in organizations with careful screening practices, there is some small frequency of insiders who may become motivated to steal sensitive information. With poorly managed access, the information is effectively 100% vulnerable to these insiders. Obviously, they are continuing to act despite the deterrence of prosecution if they are caught.
High privilege accounts used by system operators and trusted processes are a necessary to manage and operate hosts. Like the special containers needed to protect security systems within the data center, these accounts need special controls to limit their use. Accounts with passwords are also needed to run business system applications, but there is the obvious problem of changing passwords regularly, and the need to have the password available to applications that initiate other processes.
Copyright © 2019 Christopher T. Carlson
Return to Defense in Depth