American Dynamics Intellex Policy Manager, Руководство пользователя

Страница: 37 / 44

Security Concepts for Policy Manager
User’s Guide 31
What do you want to access?
Returning to the example of JSmith, who has an access card, we now know that the information
(credentials) stored on the card is sufficient for the access control system to recognize
(authenticate) JSmith. JSmith wants to use his credentials to gain access to the back door.
Since JSmith used the card reader at the back door, the system considers it (the back door) to be
the current target object (JSmith wants to get in and check his e-mail.) Now the system
has two
pieces of information: it knows who JSmith is, and it knows what JSmith wants to access (the back
door).
What do you intend to do with it once you have it?
In this simple example, it is obvious what JSmith intends to do with the back door since he can
only open it. Now the system has successfully answered all three questions:
• Who are you, and are you who you say you are? (JSmith, YES)
• What do you want to access? (The back door)
• What do you intend to do with it once you have it? (Open it)
But the system still needs more information to determine if JSmith can enter the building. It must
consult a database for a list of valid users who have been granted access to the back door (maybe
JSmith can access the building only through the employee entrance). In network security, that
database may be the local SAM database or an Active Directory server.
Assuming that there is a database and it has a back door entry, the access control system can
translate our three general questions into a specific query:
Can JSmith open the back door?
Now the request can be fully processed, and JSmith can either get to work or not get to work.
Security descriptors
In Windows security, the database above is called a security descriptor. A Windows security
descriptor represents the security environment for a single securable object or group of objects (for
instance, a file or all files.) It contains specific permissions that are pertinent to that object (read
and write for a file), as well as certain general permissions considered pertinent to all objects. It
also contains a list of users or groups who are granted or denied access, as well as which
permissions the access applies to (for example, JSmith has read, but not write, permission.)
If JSmith were using his computer to access a specific file on a server, Windows security gathers
the information to answer our basic questions and then performs the same translation. In this
case, the query becomes:
Can JSmith access the file Forcasts.xls on MyFileServer?
The system first authenticates JSmith. If that succeeds, it retrieves the security descriptor for the
file JSmith wants to access (Forcasts.xls) and checks to see:
• If he has explicit access, in which case his unique descriptor appears in the security
descriptor
Or
• If he has inherited access based on his group memberships.
If he has permission, he gets the file.
Policy Manager and Intellex Advanced Security use the same mechanisms. In addition to some
instrument-specific information such as the unit name, MAC address, etc., the instrument’s
security environment contains a list of security descriptors
that it makes available to the operating