Scenario 1:
Consider going for an event which you are invited to attend, but certain dress codes are not permissible or allowed into the main venue. Now it means you can go to the party, but in other to gain access into the main venue, you have to be properly dressed for the event or occasion. Right ?
Here we are considering permissions from a single-perspective (Legitimate or invited guest).
Now Let’s Take This A Bit Further:
Scenario 2:
You are not invited to the party, and even if you managed to get into the vicinity by hook or trick, there is someone (A security Guard) put emplace, to truncate the entrance to uninvited guest, and guest invited who are inappropriately dressed into the main venue.
In this scene, we are considering permissions from a multi-perspective (Legitimate guest improperly dressed, and Uninvited guest).
Breaking it Down into a Simple Terminology:
(WebApplication Example):
Scenario 1:
We could consider it to be, registered users of an organization web application could gain access to the web application with their credentials, but access to certain functionality such as changing non-editable information e.g. changing information like Phone and SSN numbers are not allowed (not properly dressed to get into the main venue; not permitted to effect such changes).
They can attend the party, but only certain dress code are allowed into the main venue, they can gain access to the web application, but limited permissions are granted to what an ordinary user can perform.
Scenario 2:
A hacker compromises the account of a legitimate user (gaining access to the party by hook or trick), but due to enhanced security the hacker is truncated to provide a 2FA verification (prove their legitimacy), which they have no access to.
However, they found a trick to bypass the 2FA verification (by tricking the security with false invitation). With further checks in place, they are now faced with a final restriction, which is the editing and updating of information’s such as phone and SSN numbers.
The changing of these information’s are not allowed, due to the user tied to that compromised account not having permissions to do so ( bypassed the uninvited guest security but cannot bypass not properly dressed to get into the main venue; not permitted to effect such changes).
Understandably, with these two Contrast, How Do we Now Define Permissions in Cybersecurity?
Permissions can be defined as security rules implemented on a web application, files, Endpoint Devices, Endpoint Infrastructure, Physical Structure, which grants access to specific professionals (authorized persons), or limits rights to what a specific user or entity can perform, such as changing the component or being able to access the component where these permissions are configured, implemented or necessary. – Fixitgearware Security 2024.
What TRIAD of the CIA, does a Compromise in Permissions Affect.
The Triad of Cybersecurity as we know has to do with Confidentiality, Integrity, and Availability.
To be able to understand what TRIAD, of cybersecurity that would be impacted by a compromise in permissions, we have to first understand “What and Where” these permissions are implemented.- FixitGearWare Security 2024
Compromise of Permission From A Server Room Perspective:
Whenever an employee or hacker have access to a physical server room which they are not supposed to have access to, we can say they have compromised the Confidentiality (You are not supposed to see what is inside the server room, but you did.)
In retrospect, to various cyber incidents that we know, if the Hacker then manipulates the information contained in any of the servers in the server room, we can then say the Integrity of information contained in that server has been compromised.
Let’s assume, the hacker then takes it a step further to destroy these servers, it then implies that these servers will not be available to legitimate users. Empirically, We can then pass a judgement on the Availability of the Cybersecurity TRIAD, being compromised.
Furthermore, finalizing our verdict we can then conclude that the entire TRIAD (Confidentiality, Integrity, and Availability), has been compromised, from a Server Room Perspective.
Compromise of Permission From A Web-Application Legitimate User Perspective:
By default, all users web-information provided during registration are viewable from the “User Profile” belonging to that specific user. So, since they are legitimate user, Confidentiality is not affected in this scenario.
However, if the user is able to edit these sensitive information belonging to them, in other to falsify their bio-data, and successfully achieved this, it implies that the user can provide a false information to the organization.
This implies that the information can’t be reliable, and for certain Integrity, has been compromised.
On the other hand, Availability, would not be compromised by this legitimate user, even if they delete their account, because the organization web-application allows users to close their accounts, if they desire to. In this light of understanding, we can say only Integrity of the Cybersecurity TRIAD, can and has only been compromised, from a Legitimate User perspective.
But, if we consider other perspective like a hacker, then we would have to extend it further to a broader perspective of first what type of hacker they are (Ethical or Non-Ethical), then we can now be able to deduce what TRIAD, has been impacted.
As a cybersecurity professional, it is important to understand cybersecurity in depth, and know how things are interconnected or relate with one another, and also understand that permissions are not limited to web-applications only. It could be as simple as Read, Write, Execute, Append to a file or application, to a more complex situation, such as permissions not allowed to restricted areas for example A Server Room.
And with this, we have concluded this article, and we hope you have come to understand Permissions, from a general Cybersecurity perspective, and how we can link a compromise in permissions to identify the Cybersecurity TRIAD impacted. Thanks for the Read.
Put your comments below in the comment section on your thoughts about this.
Find this article and information helpful? Show some love and support “Click-Here”