LITIGATION SUPPORT TIP OF THE NIGHT

RBAC stands for role based access control. This is a security protocol which is commonly used in large organizations. The key concept is that permission to perform operations and access to objects are assigned to specific roles, rather than individuals. Users are not assigned permissions directly. The right to a particular role must be authorized for an individual user.

Flat RBAC allows a user to have the permissions of multiple roles. Hierarchical RBAC incorporates Flat RBAC, and allows for one role to be inherited from another role. Constrained RBAC incorporates hierarchical RBAC, but separates duties - more than one person is required to complete a task. Symmetric RBAC involves permission role review - an admin must periodically adjust permissions.

The National Institute of Standards and Technology (NIST) has established a national RBAC standard, depicted in the below diagram.

Zero Trust refers to an approach to cyber security that operates on the premise that an organization should never trust any outside user, device, network, or application. The Zero Trust security framework was created by Forrester Research. It is based on segmenting network, user and device access. User access must be authenticated and repeatedly monitored.

Privileged Access Management (PAM) is limited by using temporary tokens rather than fixed passwords. Zero Trust employs user and entity behavior analytics (UEBA) to detect unusual activity by users than may indicate a threat. Zero Trust has six key tenets:

1. Identity verification - of people and machines. Each admin should have a unique account.

2. Contextualization of requests - A database admin should not have rights to all databases.

3. Secure admin environment - server access should not be permitted from workstations.

4. Grant Least Privilege - additional rights are granted as the need to perform certain tasks arises.

5. Adaptive control - stronger verification should be required if someone with the correct user name and password logins in from an unfamiliar location.

6. Audit everything - sessions should be monitored in real time. Documentation of user activity can track which users typically perform which actions and spot suspicious activity.

Windows uses a document link library, Crypt32.dll, to keep track of trusted certificate authorities. There's a flaw in the .dll (which Microsoft recently posted a patch for) which allows it to incorrectly approve malicious software and web sites. The vulnerability is named CVE-2020-0601. Windows updates are not vulnerable to a CVE-2020-0601 attack, so there's no danger in updating your operating system with files that have been incorrectly authorized.

This is the first time that the National Security Agency has made a Windows vulnerability public. The United States government follows a Vulnerabilities Equities Process in determining whether or not to disclose computer security flaws to the public.

Information about CVE-2020-0601 is posted in the National Vulnerability Database. NIST assigned the vulnerability a common vulnerability scoring system score of 8.1 on a scale of 10.