Access Control Fundamentals

In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.

16. Access Control Assurance

16.1. Basic Concepts

Accountability is the method of tracking and logging the subject’s actions on the objects.

Auditing is an activity where the users/subjects' actions on the objects are monitored in order to verify that the sensitivity policies are enforced and can be used as an investigation tool.


Advantages of Auditing
  • To track unauthorized activities performed by individuals.
  • Detect intrusion.
  • Reconstruct events and system conditions.
  • Provide legal resource material and produce problem reports.

Note: A security professional should be able to access an environment and its security goals, know what actions should be audited, and know what is to be done with that information after it is captured – without wasting too much disk space, CPU power & staff time.


What to Audit?
  • System-level events
    • System performance
    • Logon attempts (successful and unsuccessful)
    • Logon ID
    • Date and time of each logon attempt
    • Lockouts of users and terminals
    • Use of administration utilities
    • Devices used
    • Functions performed
    • Requests to alter configuration files
  • Application-level events
    • Error messages
    • Files opened and closed
    • Modifications of files
    • Security violations within application
  • User-level events
    • Identification and authentication attempts
    • Files, services, and resources used
    • Commands initiated
    • Security violations


Review of Audit Information
  • Audit trails can be reviewed manually or through automated means.
  • Types of audit reviews
    • Event oriented: done as and when an event occurs.
    • Periodic: done periodically to access the health of the system.
    • Real-time: done with the help of automated tools as and when the audit information gets created.
  • Audit trail analysis tools: These tools help in reducing/filtering the audit log information that is not necessary and provides only the information necessary for auditing.
  • Types of audit trail analysis tools
    • audit reduction tools: these tools reduce the amount of information within an audit log, discard mundane tasks information and record system performance, security, and user functionality information that are necessary for auditing.
    • Variance – detection tools: these tools monitor computer and resource usage trends and detect variations unusual activities, e.g., an employee logging into the machine during odd hours.
    • Attack signature – detection: these tools parse the audit logs based on some predefined patterns in the database. If a pattern matches any of the patterns or signatures in the database, it indicates that an attack has taken place or is in progress.
    • Keystroke monitoring.


Protecting Audit Data and Log Information
  • Audit logs should be protected by implementing strict access control.
  • The integrity of the data should be ensured with the use of digital signatures, message digest tools, and strong access control.
  • The confidentiality can be protected with encryption and access controls and can be stored on CD-ROMs to prevent loss or modification of the data. The modification of logs is often called scrubbing.
  • Unauthorized access attempts to audit logs should be captured and reported.