1 00:00:00,520 --> 00:00:03,330 Outside of hashing, encryption and general privacy, 2 00:00:03,330 --> 00:00:06,950 it's best to think about who has access to what pieces of your data. 3 00:00:06,950 --> 00:00:08,420 It seems like a really easy topic, but 4 00:00:08,420 --> 00:00:11,810 it's one that often requires a lot more thought than you might have expected. 5 00:00:11,810 --> 00:00:13,850 Let's start at the beginning, you have users and 6 00:00:13,850 --> 00:00:17,760 they have accounts that they can log into, but how do they do that logging in? 7 00:00:17,760 --> 00:00:21,350 This process, known as authentication, can have a lot of different implementations. 8 00:00:21,350 --> 00:00:22,860 It could be done through a standard log in form, 9 00:00:22,860 --> 00:00:25,780 where they enter a user name or e-mail address and a password. 10 00:00:25,780 --> 00:00:29,290 They can be logging in through a third-party site, like Facebook or Octa. 11 00:00:29,290 --> 00:00:31,560 Or maybe you authenticate users against an internal service, 12 00:00:31,560 --> 00:00:34,640 like LDAP, which allows for an internal collection of user names and 13 00:00:34,640 --> 00:00:36,750 passwords, like you might find on a LAN or intranet. 14 00:00:37,780 --> 00:00:40,291 This is a good place to talk about two factor authentication. 15 00:00:40,291 --> 00:00:42,670 You've probably heard of this, and likely even used it. 16 00:00:42,670 --> 00:00:44,680 But if you haven't, here's the general idea. 17 00:00:44,680 --> 00:00:46,880 You log into a service with your username and password. 18 00:00:46,880 --> 00:00:50,450 That service then expects a time sensitive code from you, that you get through either 19 00:00:50,450 --> 00:00:54,340 a code generator, like Google's authenticator app, or by SMS. 20 00:00:54,340 --> 00:00:57,650 There's an old adage about authentication that should require three things. 21 00:00:57,650 --> 00:01:00,710 Something you are, something you have and something you know. 22 00:01:00,710 --> 00:01:03,579 Two factor auth covers as you might expect, two of these things. 23 00:01:03,579 --> 00:01:05,610 There's something you know, is your password. 24 00:01:05,610 --> 00:01:07,290 There's something you have, is your phone or 25 00:01:07,290 --> 00:01:09,730 device that gives you the two factor auth code. 26 00:01:09,730 --> 00:01:12,570 If you get your code from your phone and your phone requires a finger print 27 00:01:12,570 --> 00:01:15,630 to access it, that could fulfill the third requirement something you are. 28 00:01:15,630 --> 00:01:20,070 There are also modern devices like UB key that uses a bio-metric print 29 00:01:20,070 --> 00:01:22,960 like your thumb print to generate a two factor off code, 30 00:01:22,960 --> 00:01:25,910 some systems even use other bio-metric items like voice or 31 00:01:25,910 --> 00:01:29,551 face recognition too but the security of these systems is still in flex. 32 00:01:29,551 --> 00:01:32,430 Okay, so there are authenticated, logged in. 33 00:01:32,430 --> 00:01:35,770 Now comes the second consideration in this arena, authorization. 34 00:01:35,770 --> 00:01:39,840 Now that you know who the user is, what are they allowed to do and see? 35 00:01:39,840 --> 00:01:41,865 For example, once you log into your Google account, 36 00:01:41,865 --> 00:01:44,560 you're only allowed to see the documents you have created in Google Docs or 37 00:01:44,560 --> 00:01:47,290 those that have been explicitly shared with you. 38 00:01:47,290 --> 00:01:50,610 Two modern solutions to this are database based access control lists, 39 00:01:50,610 --> 00:01:54,880 or ACLs, and role based access control, or RBAC. 40 00:01:54,880 --> 00:01:59,010 These two systems assign users different access levels or roles, and then based on 41 00:01:59,010 --> 00:02:03,480 the level or role, determine if the user can access a given object or area. 42 00:02:03,480 --> 00:02:06,190 Roles simply define access in a way that lets you assign one or 43 00:02:06,190 --> 00:02:07,960 more roles to a specific user. 44 00:02:07,960 --> 00:02:09,410 This allows you to control access for 45 00:02:09,410 --> 00:02:13,220 groups or teams in a more organized way, rather than having to explicitly define 46 00:02:13,220 --> 00:02:15,240 every single thing an individual needs to access. 47 00:02:16,440 --> 00:02:20,050 When working with OAuth authentication services, the authorization information 48 00:02:20,050 --> 00:02:23,990 that you receive about a particular user is expressed as a set of claims. 49 00:02:23,990 --> 00:02:27,950 A claim can be a role these are belongs to, a resource they can access, or 50 00:02:27,950 --> 00:02:29,725 an action they can perform. 51 00:02:29,725 --> 00:02:32,995 Probably the most common ACL that most people encounter is the granting of 52 00:02:32,995 --> 00:02:36,215 privileges and a database like Postgrass or MySQL. 53 00:02:36,215 --> 00:02:39,585 You grant read, write, or both accesses to particular user or 54 00:02:39,585 --> 00:02:42,447 role on a particular table, tables, or databases, 55 00:02:42,447 --> 00:02:46,707 ensuring that your database users only have privileges on tables that they need 56 00:02:46,707 --> 00:02:50,551 access to, is one of the first steps you can take on ensuring that data. 57 00:02:50,551 --> 00:02:54,015 Obviously the implementation of such a system is beyond the scope of this course 58 00:02:54,015 --> 00:02:57,580 but their common components and many modern day frameworks and CMSs. 59 00:02:57,580 --> 00:03:01,070 Using and enforcing SCL and RBAC systems, helps to minimize 60 00:03:01,070 --> 00:03:04,030 the damage that can happen when a single account is compromised. 61 00:03:04,030 --> 00:03:06,240 If the account doesn't have access to all of your data and 62 00:03:06,240 --> 00:03:07,710 really what account should? 63 00:03:07,710 --> 00:03:10,900 The damage done should be constrained to just what the compromised account has 64 00:03:10,900 --> 00:03:14,130 access to, if you're using such a system, be sure to do an audit 65 00:03:14,130 --> 00:03:17,390 of your user accounts, roles, and what each has access to. 66 00:03:17,390 --> 00:03:19,500 It's rare that any one account should have total and 67 00:03:19,500 --> 00:03:20,920 complete access to all of your data.