AccessControl

Purpose

An AccessControl object represents some access restriction, commonly login functionality.

Connections

AccessControl and Neighboring Objects
AccessControl and Neighboring Objects

 

ObjectConnectionDescriptionFunction
HostAuthorizationDenotes that there is a login prompt to access the Host.A missing AC results in automatic "login" (or represents that no login is needed).
RouterAuthorizationDenotes that there is a login prompt to access the Router.A compromise of the administration network will compromise the router directly without an access control.
ServiceAuthorizationDenotes that there is a login functionality to access the Service.A compromise of the administration network will compromise the router directly without an access control.
UserAccountNon-Root AuthorizationA User Account connects to an Access Control object stating that the access control functionality has an active user account present.A connection to a UserAccount object represents the user account needed to bypass the AccessControl. It is mandatory to have at least one connection (either root or non-root) to a UserAccount.
UserAccountRoot AuthorizationA User Account connects to an Access Control object stating that the access control functionality has an active user account present.A connection to a UserAccount object represents the user account needed to bypass the AccessControl. It is mandatory to have at least one connection (either root or non-root) to a UserAccount.

Attack Steps and Defenses

Attack Steps and Defenses
Attack Steps and Defenses

 

Attack StepDescriptionLeads to
AccessThe possibility to reach the AccessControl functionality (but not traverse it).AccessControl: ExtractPasswordRepository
AccessControl: NonRootLogin
AccessControl: RootLogin
Extract Password RepositoryThe possibility to read the passwords accepted by the AccessControl.UserAccount: GuessOffline
Non Root LoginLogging in via the AccessControl using a non-root user account.Host: UserAccess
Router: Compromise
Service: ApplicationLogin
Service(shell): NonRootLogin
Root LoginLogging in via the AccessControl using a root user account.Host: Compromise
Router: Compromise
Service: ApplicationLogin
Service(shell): RootLogin

 

DefenseDescriptionImpactDefault
BackoffBackoff is a contention control mechanism that reacts to failed login attempts and can delay or disrupt many consecutive tries.The probability of GuessOffline AttackStep can be reduced if coupled with NoDefaultPasswordOn
EnabledEnabled denotes that the Access Control mechanism is enabled and authenticates users for access to the connected asset.If connected to a Service, Access Control can reduce the TTC of DeployExploit and prevent GuessOfflineOn
Hashed Password RepositoryA Hashed Password Repository stores no passwords in clear text. Instead, one-way cryptographic hashes are stored to protect the password but still allow authentication.Reduces the probability of GuessOffline.On
No Default PasswordsA special case of password guessing is the use of default passwords which are created for new accounts and software products. No Default Passwords denotes that all default passwords are removed.Reduces the probability of GuessOnlineOff
Password Policy EnforcementProactive password checkers and filters can enforce password policies which force users to create more complex password. In securiLang, Password Policy Enforcement denotes a checker with at least 8 character, one lowercase, one uppercase, one special sign and one number.Prevents GuessOffline coupled with Hashed Password Repository and GuessOnline coupled with NoDefaultPasswordsOff
SaltingSalting appends a random value to the password hash that makes the password cracking more difficult.Prevents GuessOffline coupled with HashedPasswordRepository.On