IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [access-control]

A security mechanism which enforces policy describing which requesters may perform operations on specified objects. There are typically multiple types of operations. Common operations include: read, write, execute, append, create, and delete.

572 questions
123
votes
12 answers

Is there a legitimate reason I should be required to use my company's computer? (BYOD prohibited)

I just got a new job at a medium-sized (~100 employees) company and one of the first things I was told is that I cannot use my own computer, because I need to be able to connect to their network, access files, etc. I didn't think that made much…
Marcus McLean
  • 1,249
  • 2
  • 8
  • 8
85
votes
9 answers

Comparison Between AppArmor and Selinux

I was reviewing several different comparisons of AppArmor and SELinux which include: Why I Like AppArmor More Than SELinux SELinux and AppArmor: An Introductory Comparison From these articles I conclude that AppArmor is better than SELinux based…
Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
81
votes
8 answers

Risks of giving developers admin rights to their own PCs

I need to convince my internal IT department to give my new team of developers admin rights to our own PCs. They seem to think this will create some security risk to the network. Can anyone explain why this would be? What are the risks? What do IT…
carolineggordon
  • 928
  • 1
  • 7
  • 8
80
votes
4 answers

Can an identity provider impersonate me? (Can Facebook post Stack Overflow questions under my name?)

There are multiple mechanisms (some now defunct) that allow me to access service A (the Relying Party / RP) using a token granted by service B (the Identity Provider / IdP). Typically these replace a username-and-password login. Examples of IdP…
lofidevops
  • 3,550
  • 6
  • 23
  • 32
76
votes
8 answers

Why is email often used as the ultimate verification?

In many services, email can be used to reset the password, or do something that is sensitive. Sensitive data is also quite often sent to you by email, e.g. long links that enable access to your account or similar. However for most people, their…
Teipekpohkl
  • 973
  • 1
  • 3
  • 7
74
votes
1 answer

What is the difference between RBAC and DAC/ACL?

What are the benefits of each, and when should I choose one over the other? Are there situations where these should be merged? Do you have examples of common usages? And what about MAC, where does that fit in?
AviD
  • 72,138
  • 22
  • 136
  • 218
71
votes
10 answers

Why avoid shared user accounts?

I know its best practice not to allow shared user accounts, but where is this best practice defined? Is it an ISO standard or something? What is the reasons to always create per person accounts?
Steve Venton
  • 749
  • 1
  • 5
  • 5
60
votes
4 answers

Are there DRM techniques to effectively prevent pirating?

A question on Skeptics.SE asks whether current DRM techniques effectively prevent pirating: Is DRM effective? The question for IT Security is: Can DRM be made effective, and are there any examples? One approach that has been discussed here leverages…
MrHen
  • 703
  • 1
  • 5
  • 5
56
votes
11 answers

Why is it bad to connect internal systems to the Internet?

We have an intranet system we use to book, track and process invoices for our core business. My boss would like to move this system to the Internet to make it "accessible everywhere". However, I feel this is not wise. Are there some reasons that…
Toby Leorne
  • 611
  • 5
  • 5
54
votes
8 answers

I'm an IT consultant. Should I discourage a client from telling me his password?

I'm an IT consultant. One client has known me for a few years. He wants me to do some work on his kids' laptop again. I'll need to log into his kids' Windows user account. (I'm guessing that multiple kids share one account.) This time, he wants to…
unforgettableidSupportsMonica
  • 662
  • 6
  • 17
51
votes
8 answers

Why am I allowed to access protected Windows files when I boot Ubuntu from USB?

How come I'm allowed to reboot a computer that I don't own, put in a USB, boot ubuntu from it and then access all files stored on the drives available (even critical files such as system files on C drive in Windows)? Isn't there a way to prevent…
Force444
  • 697
  • 1
  • 6
  • 12
51
votes
1 answer

Why can you bypass restricted WiFis by adding "?.jpg" to the URL?

I recently read an article on Hacking a commercial airport WLAN. It's basically about circumventing paid airport WiFi redirections (they redirect you to a certain URL when you type something in the address bar). You just add ?.jpg and tada, you've…
JohnPhteven
  • 613
  • 1
  • 6
  • 5
50
votes
5 answers

How does a country block its citizens from accessing a site?

Following Turkey's recent social site blocks, I am wondering how can you efficiently accomplish that as a country. Similar for a big company. Blocking IPs → easy to circumvent, (proxys, tunnels, etc) Blocking/Redirecting DNS → type the address or…
blended
  • 2,841
  • 3
  • 15
  • 16
48
votes
10 answers

Global variables and information security

I get the impression that it is a programming best practice to create variables in specific scopes (like a function scope) and avoid global scope to make things more modular and better organized. However I'm not sure if there is also a security…
user123574
43
votes
8 answers

Is it a bad idea to bypass login wall for a specified IP address?

I have a website that is available on the public internet. The website requires authenticated login before any of the content can be accessed. I've been asked if I can remove the login wall for users on a single static IP (the organisation's office)…
tommarshall
  • 539
  • 4
  • 5
1
2 3
38 39