Understanding authorization

- [Instructor] Authorization is the final step in granting a user access to a resource. Once an individual successfully authenticates to a system, authorization determines the privileges that the individual has to access resources and information on that system. There are many different authorization approaches and we'll discuss those in this course. First, let's talk about two general principles of authorization that lead to strong security. The first of these is the principle of least privilege. This principle states that an individual should only have the minimum set of permissions necessary to accomplish their job duties. Least privilege is important for two reasons. First, least privilege minimizes the potential damage from an insider attack. If an employee turns malicious, the damage they can cause will be limited by the privileges assigned to them by job role. It's unlikely, for example, that an accountant would be able to deface the company website because an accountant's job responsibilities have nothing to do with updating web content. Second, least privilege limits the ability of an external attacker to quickly gain privileged access when compromising an employee's account. Unless they happen to compromise a system administrator account, the attacker will find themselves limited by the privileges of the account that they steal. The second important principle is separation of duties. This principles states that sensitive business functions should require the involvement of at least two people. This reduces likelihood of fraud by requiring collusion between two employees to commit fraud. One common example of separation of duties is found in accounting departments. One way that employees might steal funds from the organization is to set up fake vendors in the system and then issue checks to those vendors for services that were never rendered. To prevent this, organizations typically separate the ability to set up a new vendor and issue a check to a vendor and say that no employee should ever have both of those privileges. Organizations should watch out for privilege creep when trying to follow the principles of least privilege and separation of duties. Privilege creep occurs when users change from one job to another and gain new privileges associated with their new responsibilities but never lose the privileges from the job that they left. Over time, an employee who moves around from role to role in the organization make gain substantial privileges in this way. Consider the example of Alice. Alice starts as a clerk in the accounting department where she's responsible for issuing checks to vendors. There she has the privilege of issuing checks. After a few years, Alice receives a promotion to a supervisory accountant position and gains responsibility for setting up new vendors on the system. Nobody ever takes away her older privileges. She now has the ability to both set up a new vendor and issue checks. A violation of both least privilege and separation of duties. Organizations looking to preserve the principles of least privilege and separation of duties should perform regular account reviews. These may come in both manual and automated forms. For example, an automated process might run every time a user is granted new privileges to ensure that the new privilege won't violate any separation of duties requirements. The organization may supplement these automated rules with quarterly access reviews, where managers review the permissions assigned to each employee for compliance with the principle of least privilege. Maintaining authorization systems is a critical task for security professionals. The exam might contain a question asking you to review a scenario and describe what authorization principle is being discussed. Be sure to know the difference between least privilege and separation of duties so that you're ready for those exam questions.