Having a good understanding and effective implementation of authorization is paramount to have adequate control over your information.
We will discuss some key principles, threats and what you can do to prevent these threats to materialize.
To have control over who can do what, it is important to clearly identify who is the user. This is achieved by adequate user authentication,. Wanna learn more? See our blogpost “Authentication: know who is who“.
So now we know who the user is. But what can the user do, or more important what is the user allowed to do on the system? This is where authorization comes into play.
Authorization defines what a user is allowed to do. Often this is obtained by granting users roles based upon group memberships, which are often nested in other groups… And this is where the true challenge slumbers, having clear insights in what a user is allowed to do, having that transparency is key to good governed information processing.
Which threats can be executed by compromising the authorization?
The adversary is trying to maintain their foothold.
Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
The adversary is trying to gain higher-level permissions.
Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, erroneous configurations, and vulnerabilities. Examples of elevated access include:
These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.
The adversary is trying to manipulate, interrupt, or destroy your systems and data.
Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.
It is important to know that the functions becoming available to the hacker or adversary can all be exploited to achieve his objectives. These objectives can affect all aspects of your organization:
NoCode-X has an effective, fine grained, transparent built-in user management including the authorization. There are some key concepts which helps your business to organize the authorization.
This structure allows users to be managed in a standard organizational manner, which reflects to your organization’s needs.
A user can have fine grained access to multiple applications across organizations, when he received explicit grants to those functions.
Do you have questions on security principles, cyber resilience or NoCode do not hesitate to contact us.
Leave a Comment