![]() ![]() Managing permissions is not something to take lightly: you can’t juggle them every now and then, hoping things run smoothly. You can probably tell implementing mandatory access control is time-consuming. However, a need-to-know basis is always the core element behind mandatory access control implementation. Who gets access to each tier depends on how the company runs things – and the type of employee we’re talking about. These three names, albeit slightly different, mean the same thing under a MAC system. For example, IBM prefers other terms, such as restricted, confidential, and internal. Nothing happens if the name changes as long as the meaning behind them remains the same. These tiers are names that help allocate resources better. You can get access if you’re cleared to do so by management. ![]() These security tiers have different names, though most companies choose the following terms: confidential, secret, and top secret. Most places choose to set up MAC policies in three tiers. How Do Companies Set Up Mandatory Access Control Policies In short, MAC deals with vertical access, and LPP deals with horizontal access and segmentation. At the same time, it also reduces user faculties (e.g., allowing users to read a report but preventing them from editing or deleting it). In contrast, the least-privilege principle prevents users from accessing files they don’t need (e.g., stops someone in sales from accessing an HR report). However, MAC prevents people from accessing sensitive information above their heads. They both limit user access in one way or the other. Mandatory access control and the least-privileged principle sound similar – because they are. MAC restricts vertical access, while the least-privilege principle restricts vertical and horizontal access. It’s important to note some companies implement both MAC and LPP – but they’re not the same thing. At the same time, it restricts several faculties when necessary. It divides a company’s structure into different departments and prevents users from one department from accessing the files of another. It’s a great tool to prevent privilege escalation attacks as well as damage caused by threat actors with stolen credentials. It’s a barrier that prevents users from reaching above their heads and grabbing something they shouldn’t see, so to speak. MAC restricts user access to privileged information and sensitive data. How can you deal with that scenario? Simple! Mark the report as top secret under MAC and grant access to top-tier executives alone. It’d be terrible if everyone in the company could access it, though it should remain in the company’s data center for security reasons. Imagine company executives released a classified report on Q1 earnings. Instead of putting a stamp on a folder, mandatory access control administrators rank files in importance and assign access to users (depending on their task and role in the company). That’s what MAC is: branding different information so it never falls under the wrong hands. They do so online and offline: this type of system is often the reason why dossiers are marked as top secret or similar. Military branches and federal agencies often employ mandatory access control. It also prevents hackers from accessing information via a privilege escalation attack. MAC prevents people from leaking documents or sharing them (and leaking them by mistake). Once access is granted, that person can read the report – but they can’t share it with other people who don’t have access. So, for example, someone who needs to access a confidential report has to request access from the administrator. In other words, it puts an administrator as the front and center of data, someone who will assign employees the ability to access information based on how important said information is. Mandatory access control is a restrictive strategy that assigns access to files and information under a centralized authority. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |