IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [access-control]

A security mechanism which enforces policy describing which requesters may perform operations on specified objects. There are typically multiple types of operations. Common operations include: read, write, execute, append, create, and delete.

581 questions
37
votes
5 answers

The teacher logged me in as administrator for doing a short task, is the whole system now compromised?

I worked today with our teacher who logged me into a computer as admin. We had a task that required admin rights. A few seconds later he was talking to other students in our classroom, but I was able to reset the administrator password with…
tungsten
  • 421
  • 1
  • 5
  • 19
21
votes
7 answers

If a Windows laptop with an encrypted hard disk is stolen, can the contents be accessed by a professional hacker?

In other words, how easy is it to break into Windows without having the passwords for any of the users configured in the computer?
user3251930
  • 319
  • 1
  • 2
  • 4
13
votes
3 answers

What are the advantages/disadvantages of attribute-based access control?

An example attribute would be "employee is currently located in the US" and is trying to access a document that requires the person to be accessing the document in US territory.
knguyeniii
  • 131
  • 1
  • 1
  • 3
7
votes
2 answers

Using a single application for user and admin (with different auth methods) vs separating them into two applications

I am creating a human resource management application that allows access from both employee and HR administrator. Now, I'm faced with a best practice issue. There would definitely be two users: Employee and HR Admin. I would just like to ask if it…
dagitab
  • 73
  • 1
  • 5
6
votes
1 answer

Mandatory vacation as a security control?

I recently came across the concept of mandatory vacation as a management security control. Employees are forced to take at least one week of consecutive vacation to provide the company to audit their work and possibly discover fraudulent behavior by…
Stef Heylen
  • 1,736
  • 1
  • 14
  • 16
5
votes
1 answer

Memory Protection Unit/MMU in context of multiple cores and security issues

There is a chipset I am working with that utilizes an ARM cortex -A7 as the Application processor and an ARM 9 Baseband processor. I had a major concern since the ARM cortex A7 is utilizing android that the MPU and/or MMU could be subverted to see…
Dave Powell
  • 151
  • 3
5
votes
1 answer

Clark Wilson Integrity Model: Rules

What is the conceptual difference between certification rules and enforcement rules in the Clark Wilson model? Am I on a wrong path when I assume that certification rules ensure external integrity and enforcement rules ensure internal integrity?
Chris
  • 905
  • 1
  • 6
  • 8
4
votes
1 answer

Restricted Access through Box and log commands

I want to solve following problem. Please share your ideas or directly product name that capable to solve this. Our system administrators need to connect customer's servers but I don't want to share SSH, VPN etc information with sys admins. Also I…
Mehmet Ince
  • 258
  • 1
  • 9
3
votes
3 answers

Should I give developers admin rights or leave as power users?

In my organization we are in the process of upgrading everyone to Windows 7.We have all of our users configured as power users. The issue we are running into is this: Should we give developers local admin rights or only modify the files that need to…
mrizz10
  • 31
  • 1
  • 2
2
votes
1 answer

Is a long, random string in a URL considered adequate protection from unauthorised access?

I have recently had to submit a number of confidential PDF documents to a website. These documents contain more than enough information to use in identity theft, and I can conceive how others using the same site would upload even more…
Cybergibbons
  • 1,251
  • 2
  • 9
  • 21
2
votes
1 answer

Difference between password expiration and account expiration

If a password expires, the user can't access the account. If the account expires, the user can't access the account... So, what's the difference? Just that in the case of an expired account, I'd need to enable it back?
user15194
2
votes
3 answers

Why are UNIX-like ACLs not a form of MAC

What is the reason for UNIX-like access permissions (both the traditional user-group-others and extended ACLs) being classified as a form of DAC (Discretionary Access Control) system and not MAC (Mandatory AC)? What would be required for them to be…
peterph
  • 370
  • 1
  • 8
2
votes
2 answers

How can a manager delegate work to their PA if password sharing is not authorised?

Everyone talks about the importance of delegation. But how can a manager delegate work if password sharing is verboten under the organisation’s IT Security Policy? This means that the PA would have no access to his email account, no access to cloud…
daikin
  • 1,069
  • 1
  • 8
  • 9
2
votes
1 answer

Access Flags for Handles

The handles window in process Explorer has a column Access which supposedly determines the access rights of that particular handle. I am not able to get any documentation on how to read the flags and what each bit means. Any resource to point me in…
sudhacker
  • 4,320
  • 5
  • 25
  • 35
2
votes
3 answers

Example of decentralized access control?

Classical server-client architectures implement classical centralised access-control. The problem with that is that administrator with root access has full control over it what may represent unacceptable risk in some scenarios. There are multiple…
Draif Kroneg
  • 263
  • 2
  • 6
1
2 3