CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [224]
Now suppose the utility crashed in the middle of its operation. Theoretically, this could create a situation where the user was left with the elevated privileges and could do things on the system that they otherwise could not. A privilege escalation attack looks for vulnerabilities on the system that could create this situation and then takes advantage of them.
Single Sign-On Initiatives
One of the big problems that larger systems must deal with is the need for users to access multiple systems or applications. This may require a user to remember multiple accounts and passwords. The purpose of a single sign-on (SSO) is to give users access to all the applications and systems they need when they log on. This is becoming a reality in many environments, including Kerberos, Microsoft Active Directory, Novell eDirectory, and some certificate model implementations.
Single sign-on is both a blessing and a curse. It’s a blessing in that once the user is authenticated, they can access all the resources on the network and browse multiple directories. It’s a curse in that it removes the doors that otherwise exist between the user and various resources.
In the case of Kerberos, a single token allows any “Kerberized” applications to accept a user as valid. The important thing to remember in this process is that each application that wants to use SSO must be able to accept and process the token presented by Kerberos.
Active Directory (AD) works off a slightly different method. A server that runs AD retains information about all access rights for all users and groups in the network. When a user logs on to the system, AD issues the user a globally unique identifier (GUID). Applications that support AD can use this GUID to provide access control.
Figure 8.10 illustrates this process in more detail. In this instance, the database application, e-mail client, and printers all authenticate with the same logon. Like Kerberos, this process requires all the applications that want to take advantage of AD to accept AD controls and directives.
FIGURE 8.10 AD validating a user
In this way, the user doesn’t have to have separate sign-on, e-mail, and application passwords. Using AD simplifies the sign-on process for users and lowers the support requirements for administrators. Access can be established through groups, and it can be enforced through group memberships.
On a decentralized network, SSO passwords are stored on each server and can represent a security risk. It’s important to enforce password changes and make certain passwords are updated throughout the organization on a frequent basis.
Privilege Decision Making
The process of making decisions about privilege is important. It must be clear and unambiguous to be effective. In the case of a highly centralized environment, a single department or person is responsible for making decisions about access that affect the entire organization. In a decentralized environment, decision making is spread throughout the organization.
The people who are the most aware of the security needs should conduct the decision-making process. This process can involve everyone in the organization.
If someone is unable to accomplish the work they need to do, then the security system isn’t working. On the other hand, it’s important that personnel receive access only to the information they really need. Establishing a standardized policy or set of policies is important; these policies, and their effects, must be well documented and enforced.
Many operating systems automatically replicate or send changes in access throughout an organization. A single change in a user’s access may inadvertently give them access to sensitive information. Careful study of privileges is needed for an effective security policy.
From time to time, individuals may need special access to information that they