Just Tech Me At
Kali Linux Practice Lab:
Access Control for Cybersecurity
April 13, 2023
(updated July 10, 2023)
Table of Content
- Introduction
- Linux Commands and Tools
- Conclusion
- FAQ
Cybersecurity is the protection of computer systems and networks from attack by malicious actors. Many companies achieve their cybersecurity initiatives through the use of blue and red teams. Blue teams provide defensive protection of a system, network, or application. The red team's objective is primarily offensive with activities geared towards simulated attacks on a system, network, or application in order to identify vulnerabilities and weaknesses. Together, red and blue teams play a critical role in keeping systems and data safe from intrusion.
This series of articles will cover some of the aspects of blue team (defensive) operations. While there are many components of blue team operations, these articles will address 4 key activities of defensive cybersecurity and give you foundational knowledge on the topic. The activities are as follows:
We'll now explore some of the most commonly used Linux commands employed by blue teams for access control.
Disclaimer: This site does not any encourage unethical hacking behavior. In fact, the cybersecurity articles posted on the website focus on defensive security (blue team operations). Vulnerability exploitation is not a topic covered on this website. If you haven't already done so, start your cybersecurity journey by reading and understanding ethical hacking concepts.
Access Control
Access Control is another critical component of cybersecurity. Below is a description of commands commonly utilized for access control.
Defensive Activity:
Manage who is authorized to access data and resources.
Linux Commands
There are many commands that can be used for access control in Linux. Here are 7 commands that can be useful in accomplishing the task. They can be used to manage user accounts, assign permissions to files and directories, and control access to system resources. Each command has many options and variations. Consult the manual pages to determine which ones work best for your needs.
Additionally, Linux distributions often include graphical user interfaces for access control management, such as the GNOME User Accounts tool and the KDE System Settings tool.
1. chmod
chmod - used to change the permissions of files and directories. The syntax for the command is chmod [permissions] [file/directory].
There are two methods for specifying file and directory permissions: Absolute Mode and Symbolic Mode. To make a file read only to the members of its assigned group using symbolic mode, issue the following command:
chmod g=r some_file.txt #symbolic modeLearn more about Absolute Mode and Symbolic Mode with Comptia.
2. chown
chown - used to change the ownership of files and directories. The syntax for the command is chown [owner:group] [file/directory].
The chown command typically requires the use of root permissions (sudo/root). Simply owning the file will not give you permission to transfer ownership of that file.
sudo chown [new_owner] someFile.txt3. adduser or useradd
adduser - used to create a new user account. The syntax for the command is adduser [username]. The useradd command is also available.
- The adduser command is higher level and not available on all Linux distributions. The command adds a user to the system with standard settings.
- The useradd command is lower level and available on all Linux distributions. It requires additional parameters to set up the account entirely.
adduser vs useradd
The commands typically require the use of root permissions (sudo/root).
sudo adduser [new_username]To learn more about the difference between adduser and useradd, try linuxandubuntu.com.
4. passwd
passwd - used to change the password for a user account. The syntax for the command is passwd [username].
The passwd command is interative. The process of changing a password requires verification of current password before changing and validating a new password.
To change a password, issue the following command:
passwd [username]To expire a password effective immediately, issue the following command:
passwd -e [username]To to set a password to expire after a specified number of days, the -i option can be used. The following command will set the password to expire in 2 days:
passwd -i 2 [username]5. su
su - used to switch to another user account. The syntax for the command is su [username].
The su command will require that you have the password credentials of the user to which you want to be switched.
su [username]6. sudo
sudo - used to execute a command with administrative privileges. The syntax for the command is sudo [command].
One example of an instance where sudo would be utilized is package installation. If you are not working under root user mode (whoami does not indicate root user) but have root credentials, you can issue the following command:
sudo [apt install] [package_to_install]The Difference Between sudo and su
| sudo | su |
|---|---|
| Allows you to issue commands as another user without changing your identity. | Switches you to a particular user. |
| An entry in /etc/sudoers is required to execute. | Root user is the default if a username is not specified. |
| sudo asks for your password. | su asks for the password of the user to whom you are switching. |
7. groups
groups - used to display the groups that a user belongs to. The syntax for the command is groups [username].
groups [username]Conclusion
Access control is a critical component of cybersecurity and information security in general. The linux commands mentioned in this article aid in the security process by placing restrictions on who is authorized to access company data and resources. To learn more about access control and the four types of access control, see the Citrix article "What is access control?"
Frequently Asked Questions (FAQ)
Q1: What is access control in the context of cybersecurity?
A1: Access control refers to the security measures and mechanisms put in place to manage and regulate access to systems, networks, applications, and data. It ensures that only authorized individuals or entities can gain access to resources, while unauthorized access is prevented or restricted.
Q2: Why is access control important for cybersecurity?
A2: Access control plays a critical role in cybersecurity for several reasons:
- Data protection: It helps protect sensitive information by limiting access to authorized users, reducing the risk of data breaches and unauthorized disclosure.
- Risk management: Access control helps mitigate the risk of unauthorized activities, such as system misuse, data alteration, or unauthorized changes.
- Regulatory compliance: Many industry regulations and data protection laws require organizations to implement access control measures to protect personal and sensitive data.
- Incident response: Access control assists in tracing and investigating security incidents by maintaining audit trails and logs of user activities.
Q3: What are the different types of access control?
A3: Access control can be categorized into three primary types:
- Physical access control: Controls physical entry to premises, including measures like locks, biometric systems, access cards, and video surveillance.
- Logical access control: Controls access to computer systems, networks, and applications through user authentication, password policies, access rights, and role-based access control (RBAC).
- Administrative access control: Involves managing access privileges, defining policies, and implementing security controls through administrative procedures and governance frameworks.
Q4: What are the key components of access control?
A4: The key components of access control typically include:
- Identification: Verifying the identity of users or entities seeking access, usually through usernames, email addresses, or digital certificates.
- Authentication: The process of validating the claimed identity using credentials, such as passwords, biometrics, or multi-factor authentication (MFA).
- Authorization: Granting or denying access rights and privileges to authenticated users based on their roles, responsibilities, and permissions.
- Auditing and monitoring: Capturing and recording user activities, access attempts, and system events for audit purposes and detecting suspicious behavior or policy violations.
Q5: What is role-based access control (RBAC)?
A5: Role-based access control (RBAC) is a widely used access control model that assigns permissions and access rights based on predefined roles. Users are assigned specific roles, and access privileges are granted based on those roles, simplifying the management of access control in larger organizations.
Q6: How can access control be enforced in an organization?
A6: Access control can be enforced through several measures, including:
- Strong authentication mechanisms: Implementing strong passwords, multi-factor authentication (MFA), or biometric authentication to ensure only authorized users can access systems.
- Principle of least privilege (PoLP): Granting users the minimum privileges necessary to perform their tasks and limiting access to sensitive data or critical systems.
- Regular access reviews: Conducting periodic reviews of user access rights and permissions to ensure they align with current roles and responsibilities.
- Monitoring and alerting: Implementing monitoring systems to detect and respond to unauthorized access attempts or suspicious activities.
- Employee awareness and training: Educating employees about access control policies, best practices, and the importance of safeguarding access credentials.
Q7: What are access control frameworks?
A7: Access control frameworks provide a structured approach to implementing access control measures within an organization. Examples include the NIST RBAC model, the ABAC (Attribute-Based Access Control) model, and the Zero Trust framework. These frameworks offer guidelines, methodologies, and best practices for designing and implementing access control solutions.
Q8: Can access control be automated?
A8: Yes, access control can be automated using identity and access management (IAM) systems, which centralize access control policies, user provisioning, and authentication mechanisms. IAM solutions simplify user administration, ensure consistent access controls, and enable efficient enforcement of access policies.
Q9: What are some common access control challenges?
A9: Common access control challenges include:
- Balancing security and usability: Striking a balance between strong security measures and user convenience to ensure access controls do not hinder productivity.
- Identity and credential management: Managing user identities, access privileges, and credentials across diverse systems and applications.
- Access control complexity: Dealing with complex access control requirements in large organizations, such as managing multiple user roles, permissions, and entitlements.
- User lifecycle management: Ensuring access rights are promptly granted or revoked as per user onboarding, changes in roles, or offboarding processes.
Q10: How does access control contribute to a defense-in-depth security strategy?
A10: Access control forms a vital layer in a defense-in-depth security strategy. By controlling access to systems and data, it helps protect critical assets from unauthorized access and reduces the attack surface. Access control complements other security measures, such as firewalls, intrusion detection systems, and encryption, to create a multi-layered defense against cyber threats.
Related Articles
For more articles on Cybersecurity, see the following:
- Vulnerability Assessment for Cybersecurity
- Patch Management
- Network and System Monitoring for Cybersecurity
- The Fundamentals of Cybersecurity
- Kali Linux (Kali Purple)
- VPN Detection: Exploring Government and Industry Security Concerns
Get Started In Cybersecurity
Let Tutorials Point get you on your way. Visit and enroll today!
