bg_image
header

Role Based Access Control - RBAC

RBAC stands for Role-Based Access Control. It is a concept for managing and restricting access to resources within an IT system based on the roles of users within an organization. The main principles of RBAC include:

  1. Roles: A role is a collection of permissions. Users are assigned one or more roles, and these roles determine which resources and functions users can access.

  2. Permissions: These are specific access rights to resources or actions within the system. Permissions are assigned to roles, not directly to individual users.

  3. Users: These are the individuals or system entities using the IT system. Users are assigned roles to determine the permissions granted to them.

  4. Resources: These are the data, files, applications, or services that are accessed.

RBAC offers several advantages:

  • Security: By assigning permissions based on roles, administrators can ensure that users only access the resources they need for their tasks.
  • Manageability: Changes in the permission structure can be managed centrally through roles, rather than changing individual permissions for each user.
  • Compliance: RBAC supports compliance with security policies and legal regulations by providing clear and auditable access control.

An example: In a company, there might be roles such as "Employee," "Manager," and "Administrator." Each role has different permissions assigned:

  • Employee: Can access general company resources.
  • Manager: In addition to the rights of an employee, has access to resources for team management.
  • Administrator: Has comprehensive rights, including managing users and roles.

A user classified as a "Manager" automatically receives the corresponding permissions without the need to manually set individual access rights.

 


Firewall

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet, to prevent unauthorized access to or from the internal network.

Firewalls can be implemented in various forms:

  1. Network Firewall: This type of firewall is typically deployed at the perimeter of a network, such as between an organization's internal network and the internet. It examines packets of data as they pass through, filtering them based on predefined rules to allow or block traffic.

  2. Host-Based Firewall: Host-based firewalls are installed on individual computers or devices to control traffic at the device level. They provide an additional layer of defense by filtering traffic based on specific rules configured for that host.

Firewalls operate based on different filtering methods:

  • Packet Filtering: Packet-filtering firewalls examine packets of data as they pass through the network based on criteria such as source and destination IP addresses, port numbers, and protocols. They make decisions to allow or block packets based on predefined rules.

  • Stateful Inspection: Stateful inspection firewalls keep track of the state of active connections and use this information to make decisions about whether to allow or block traffic. They maintain a record of the state of connections, such as TCP handshakes, and only allow traffic that corresponds to legitimate, established connections.

  • Proxy Firewalls: Proxy firewalls act as intermediaries between clients and servers, intercepting and inspecting traffic before forwarding it to its destination. They can provide additional security by hiding the internal network's IP addresses and applying advanced security measures such as content filtering and application-layer inspection.

Firewalls are a fundamental component of network security and help protect against unauthorized access, data breaches, malware infections, and other cyber threats by enforcing access control policies and filtering potentially harmful traffic.

 


Content Security Policy - CSP

Content Security Policy (CSP) is a security mechanism implemented in web browsers to prevent cross-site scripting (XSS) attacks and other types of injection attacks. CSP allows website operators to define a policy that determines which resources can be loaded from a website and from where they can be loaded.

The CSP policy can include various types of restrictions, including:

  1. Allowed sources for scripts, images, stylesheets, fonts, and other resources.
  2. Restrictions on the execution of inline scripts and inline styles.
  3. Setting security policies for specific types of resources, such as enabling HTTPS or using non-trusted HTTP sources.
  4. Reporting mechanisms to receive reports on violations of the CSP policy.

By using CSP, website operators can reduce the risk of XSS attacks by restricting the execution of unauthorized code. However, developers need to carefully ensure that the CSP policy is configured properly, as a too restrictive policy may potentially impact legitimate functions of the website.

 


Cross-Site Scripting - XSS

Cross-Site Scripting (XSS) is a security vulnerability in web applications where attackers inject malicious code (typically JavaScript) into web pages that are then executed by other users of that website. This often occurs by the attacker inserting the malicious code into input fields or parameters of a web page, which is then passed on to other users without proper filtering.

There are various types of XSS attacks, including:

  1. Reflected XSS: The malicious code is inserted into a URL and passed on to a user who then clicks on that URL. The application processes the input and executes the code, resulting in an attack.

  2. Persistent XSS: The malicious code is stored permanently in the database or on the server and is served to all users visiting the affected page.

The impacts of XSS attacks can be diverse, including:

  • Theft of cookies and session information to access user accounts.
  • Redirection to phishing pages or malware downloads.
  • Manipulation of content on the website to display fake messages or deceive users.
  • Exploitation of browser vulnerabilities to take over user accounts or execute further malicious code.

To protect against XSS attacks, web developers should properly validate and sanitize user inputs before displaying them on the website. Additionally, security mechanisms like Content Security Policy (CSP) can be implemented to prevent the execution of malicious code. Users should also exercise caution and avoid clicking on suspicious links or entering information on insecure websites.

 


SQL-Injection - SQLI

SQL injection (SQLI) is a type of attack where an attacker injects malicious SQL code into input fields or parameters of a web page, which is then executed by the underlying database. This attack method exploits vulnerabilities in input validation to gain unauthorized access to or manipulate the database.

An example of SQL injection would be if an attacker enters an SQL command like "OR 1=1" into the username field of a login form. If the web application is not adequately protected against SQL injection, the attacker could successfully log in because the injected SQL command causes the query to always evaluate to true.

SQL injection can have various impacts, including:

  1. Disclosure of confidential information from the database.
  2. Manipulation of data in the database.
  3. Execution of malicious actions on the server if the database supports privileged functions.
  4. Destruction or corruption of data.

To protect against SQL injection attacks, web developers should employ secure programming practices, such as using parameterized queries or ORM (Object-Relational Mapping) frameworks to ensure all user inputs are handled securely. Additionally, it's important to conduct regular security audits and promptly install security patches.

 


Injection

Injection refers to a security vulnerability in an application software where an attacker injects malicious code into a request that is then processed by the application. This code is often in the form of SQL code, shell commands, or other scripts used to gain unauthorized access, manipulate data, or take control of the affected system.

The most common form of injection is SQL injection (SQLI), where attackers inject SQL commands into web forms, URL parameters, or other input fields processed by a web application. Successful SQL injection allows attackers to manipulate database queries and access confidential information.

Other types of injections include Cross-Site Scripting (XSS), where malicious JavaScript code is injected into web pages, and Command Injection, where attackers inject shell commands into an application that are then executed on the server. Injections pose a serious threat to the security of applications and require appropriate security measures such as input validation and the use of parameterized queries to prevent attacks.

 


Broken Access Control

Broken Access Control refers to a vulnerability in the security configuration of an application or system that allows an attacker to access resources they shouldn't have permission to access. This vulnerability occurs when access control mechanisms are not properly implemented or enforced.

Broken Access Control typically occurs when:

  1. User permissions are not correctly checked before granting access to a resource.
  2. Direct accesses to URLs, files, or other resources are possible without access control checks.
  3. Access controls are based on outdated or inadequate authentication or authorization methods.
  4. Faulty configurations or inadequate security policies allow an attacker to bypass or escalate permissions.

This vulnerability can have serious consequences as it can allow an attacker to access sensitive data, manipulate systems, or perform other malicious actions for which they shouldn't have permission. To avoid Broken Access Control, it's crucial to implement a robust access control strategy that ensures only authorized users can access the appropriate resources and that all accesses are properly checked and enforced.