5.3 Implement appropriate security
controls when performing account management
Mitigates issues associated with users with
multiple account/roles
An administrator need two accounts one is a standard account
which has normal privileges that every other employee has this
account should be used to perform every day work (regular work
by employee) and other is an administrative account which should
be configured to have only special privileges needed to perform
assigned administrative function this should not be used to
perform regular work.
This forces user to employ the correct account for the task
given at hand. This also limits the amount of time the administrative
account is in use and prevents it from being used when administrative
access is a risk for example when administrator account is used
to access internet, open email or for general file transfer.
For users having multiple roles each role should have its
own administrative user account. This could mean a user can
have single standard account and one or more administrative
accounts. This puts extra burden on the user to keep authentication
distinct. Use of multifactor authentication will improve security
and will prevent single password from being defined for each
account.
Account policy enforcement : Passwords used
should be strong which consists of eight or more characters
which include at least 3 types of characters (uppercase, lowercase,
letters, numerals ans keyboard symbols) its should not contain
common words, users real name, user name or email address. These
features can be implemented as a requirement through account
policy enforcement
Password Complexity: Password policy contains
requirement for minimum password length, maximum password age,
minimum password age, password history retention and some sort
of complexity requirement. Passwords are considered strong if
consists of eight or more characters which include at least
3 types of characters (uppercase, lowercase, letters, numerals
ans keyboard symbols) its should not contain common words, users
real name, user name or email address.
Expiration: Password should automatically
expire after a fixed period of time forcing the user to change
it. Commonly this duration is 90 days.
Recovery: Password recovery option is not
good for security. When a password is forgotten, it should be
changed. Ability to recover a password requires that password
storage mechanism should be reversible.
Length: Password length is an important
factor to determine password strength. Passwords of 7 character
can be cracked in with in few hours, 8 to 9 character password
can be cracked with in few days to weeks. Passwords of 10 or
more characters can tough to crack.
Disablement: Disablement or account expiration
is an often unused feature it automatically disables an user
account at a specific time on specific day. This features can
be used for temporary workers or interns whose employment will
expire at a specific known date. These accounts can be re enabled
and new expiration date can be set.
Lockout: If a user tries to login into an
account with wrong password after a set number of login attempts
with wrong password account is locked. This is set as 3 to 5
failed attempts in 15 minutes. Only administrator can unlock
the account.
Group Based Privileges : It is assignment
of a privileges or access to a resource to all members of a
group as a collective. This grants every member of the group
the same level of access to specific object. Group based privileges
are common in many operating systems including Linux and Windows.
Each object has 3 types of permissions those for owner, those
for group of the owner, and other users. When using group privileges,
it is important to consider whether it violates the principle
of least privilege.
6. Cryptography
6.1 Summarize general cryptography
concepts
Non-repudiation : Non-repudiation ensures
that the sender, as well as the receiver cannot refute having
sent or received a message. For example, you receive an email
from your perspective employer. By using an unsigned email,
it might so happen that your employer later denies having sent
any such email. Non-repudiation ensures that neither the sender
nor the receiver can deny the transmission or the reception
of a message respectively. It prevents either the sender or
the receiver of messages from denying having sent or received
a message
Digital Signatures and Encryption
-
Digital signature ensures that the sender cannot repudiate
having sent the message at a future date.
-
Encryption ensures that the message cannot be read by
any person who do not have matching key to decode the coded
message
-
Hashing ensures that the message is not tampered with,
during transit or storage. Note that Hashing not necessarily
encode or encrypt a message.
Secret-key encryption : Secret-key encryption
is also known as single-key or symmetric encryption. It involves
the use of a single key that is shared by both the sender and
the receiver of the message. Typically, the sender encrypts
the message with a key and transmits the message to the recipient.
The recipient then decrypts it by using a copy of the same key
used to encrypt it. The disadvantages of using symmetric encryption
over asymmetric encryption are given below:
-
Inability to support non-repudiation: Since both the
sender and receiver use the same key, it is difficult to
determine who is the sender, should a dispute arise.
-
Impractical for web commerce: Imagine thousands of customers
buying goods and services over the Internet. If symmetric
encryption standard is used, one unique private key-pair
needs to be used for each user. It is therefore, impractical.
-
Another major difficulty is with the transmission of
private key. With symmetric encryption, the private key
needs to be transmitted to the other party for decryption,
which may pose security risk.