Cybertek Defense

Control Types

Control types can be used in security polices to prevent and lower the risks in attacks. Control types can be a physical device or a piece of software. Other types of controls could also be a physical wall or fence protecting your building or biometric security doors. Overall, controls are a great way to protect the inner-diameter of your belongings from outside users. We will discuss many types of controls used within businesses throughout this article.

In a business, there are three types of controls that are used, Managerial, Operational, and Technical.

Physical Controls

There are many types of physical controls that can be used in any environment. Most physical controls are made to prevent unauthorized users into an area or room without their consent.

Access Controls

With technology improving everyday, we have the ability to incorporate different types of hardware and software to provide means of access for our users. The most common type of access controls we use today are biometric and credentials. For any type of access control we have Identification, Authentication, and Authorization. Each type of access control allows the user to confirm their identity with the piece of hardware or software.

Step 1: Identification – Identify the user through use of an account. This could be associated with a card or any type of alphanumeric system which is given to the end user as their virtual ID. This is a way to match the identity of the user and provide access to the system.

Step 2: Authentication – Once the user has submitted their identification, they will then have to authenticate their identity. Authentication is usually provided by entering credentials such as a password or PIN.

Step 3: Authorization – A user that is created in a system has to be provided a form of authorization or be put in a group that has permissions of access to something. If John Doe is a member of the Financial Department group in active directory, he will ONLY be provided access to the files within the Financial Department.

Discretionary Access Controls

Every computer today has some form of access controls. We know that access controls are a way to prevent unwanted users from gaining access to a file, building, or room. In Windows, we can use access controls to prevent or have specific levels of access to a file or folder.

The properties of every file and folder in Windows offers different types of security depending on the specific user and what they need to access. The permissions used for each file or folder are given to either a specific user or group in the system.

As noted with “Special Permissions”, not all files and folders will have “Full Control” selected. Folders in Windows such as the ProgramData folder might be locked down to “Read” permissions for end users other than Administrators. While Administrators might have “Full Control” permissions.

Mandatory Access Controls

Mandatory access controls are different levels of security for determining the level of damage that could be inflicted on a file or system. We commonly see these controls within government agencies or high level departments that need to protect the integrity over their information.

4 Levels of Security

Other Types of Controls

Role-Based Access Controls – Specific users have control of a single system. An example could be that only the network admins have access to the firewalls while help desk does not.

Rule-Based Access Controls – Creating a rule for when users can having access to any system during a specific time throughout the day.

Attribute Access Controls – Common controls found in active directory to allow users to a specific folder for viewing but only allow certain people within the department to have read/write attributes while others only have read attributes.

Group-Based Access Controls – Another common control found in active directory to allow specific groups (users/members of a business that categorized into groups) to have the same attributes or permissions to a file or folder.

Exit mobile version