Logical Security – CompTIA A+ 220-1102 – 2.1

There are many techniques to enhance the logical security on your computing systems. In this video, you’ll learn about least privilege, access control lists, multi-factor authentication, email filtering, and more.

Least privilege is an important concept in IT security because it determines exactly what type of data is accessible to an individual user. Ideally, we would set up rights and permissions so that a single person would have access to only the necessary data to be able to perform their job function. This is not only security at the user level, but it also provides security for your applications.

If malware happens to be installed on a system, it would only have the rights and permissions associated with that particular user. That’s a good example of how least privilege might be able to contain the destructive nature of malicious software. We also don’t want our users to run with administrative rights. This would obviously provide them with access to data that they should not have access to, but it also allows all applications and malware to be able to do whatever they would like to do on your network.

Another good logical security technique is to use access control list or ACLs. An access control lists can allow or disallow access through a network or allow or disallow access to an object in an operating system. You often see ACLs used on a router to determine what traffic should go through a network address translation or be managed by quality of service. We can also set ACLs on a router to be able to control what traffic should be allowed or disallowed through a particular interface.

If you were to look at an ACL on a router, you would see a number of different criteria that we can use to filter out this traffic. We could use a source IP address, destination IP address, TCP port number, UDP port number, or ICMP, or other type of protocol. Traffic that goes through the router will go through this list to see if any of this traffic matches an existing access control list. And then we can look at the disposition of this ACL to determine whether this traffic should be allowed through the router or if it should be dropped.

And as I’ve mentioned, an ACL can be used in an operating system to allow or disallow access to a file, a directory, applications, or any object in that operating system. When logging into a device, we commonly use a username and a password. That password is an authentication factor. It’s a unique value that is something we only know or we only have access to that proves that we are who we say we are.

There are many different types of authentication factors some are something you are something you have, something somewhere you are, and something you do. We can use one or many of these authentication factors during the login process to really confirm that you are the right person logging in to this account. You might carry around a pseudo random token generator like this one that gives a different number on the screen every 30 to 60 seconds.

You would use this during the login process you would add your username and password. You will then hit the button on this device and then put in whatever code showed up on the screen. We refer to this as something you have because you must have this device with you to be able to complete the login. There are also software versions of these token generators. I use one on my desktop and on my mobile devices so that I can connect from wherever I happen to be.

This is still considered something you have because you have to have your phone with you to be able to use the app that then provides you with the code. This can save you money because you don’t have to give people separate physical code generators. They can simply install a piece of software on their smartphone and now they always have that software wherever they happen to go.

Another type of authentication can come from SMS or the short message service. This is effectively text messaging that is used to send you the code instead of using an app or an external token generator. To log in, you would submit your username and password, which would then send you a text message with another code that you would then input on a separate screen. This confirms that you are the one that has your phone with you and you have now authenticated using this additional authentication factor.

This is perhaps not the most secure form of an authentication factor because there are ways for a third party to gain access to that authentication code without having your phone. One of the ways to get around this is your attacker will contact your phone company and have them reassign your number to their phone. Then whenever the SMS message is sent out, it’s not going to your phone, but instead going to the attacker’s phone.

Attackers can also spoof the source of an SMS message or they can intercept the message that’s being sent to you. This obviously creates a less secure form of authentication, which is why some organizations will not use SMS, and prefer using a secure app on their smartphone. Instead of receiving an SMS text message, you might receive a voice call. On the voice call, a computer will talk to you and tell you what the code happens to be and then you would type that code into your login screen.

This has exactly the same problems as an SMS, however, because if somebody does gain access to your phone number then they can receive that call instead of you. And of course that phone call might be intercepted or forwarded to another phone which effectively has the same problem as authenticating with an SMS. Another common logical security technique is blocking any unsolicited email. We commonly do this at the email gateway that we’re using for our organization.

Sometimes we can do this with servers that we have on site or we may be providing this email filtering in the cloud. This allows us to see all of the emails going in and out of our organization. We can see if there are any attachments. We can scan those attachments to see if they might be malicious. And then we can decide what to do with this email if we feel it poses a security risk.