Security and the System Administrator
Security and the System Administrator
William Hugh Murray
24 East Avenue
Suite 1362
New Canaan, CT 06840
(203)966-4769
WHMurray@sprynet.com
© Deloitte & Touche 2000
Page 1
Security and the System Administrator
Bio
William Hugh Murray
Bill Murray is information system security consultant to
Deloitte & Touche. He has more than thirty-five years
experience in data processing and more than twenty in
security.
During more than twenty-five years with IBM his management
responsibilities included development of access control
programs, advising IBM customers on security, and the
articulation of the security product plan.
In 1987 he received the Fitzgerald Memorial Award for
leadership in data security. In 1989 he received the Joseph
J. Wasserman Award for contributions to security, audit and
control.
Mr. Murray holds the Bachelor of Science degree in Business
Administration from Louisiana State University, and is a
graduate of the Jesuit Preparatory High School of New
Orleans.
© Deloitte & Touche 2000
Page 2
Security and the System Administrator
Abstract
Everything that business or government does with computers or
communications becomes part of the social and economic infra-structure of the
twenty-first century. Much of the configuration and operation of this novel and
critical infrastructure will be in the hands of the system and network
administrators. They are often the first to be called when the infrastructure is
stressed or breaks, but their training is often on-the-job, remedial, and late.
Although they understand the weaknesses and limitations of their materials all
too well, they are rarely taught how to compensate for those weaknesses. Out of
necessity, their security approach tends to be reactive and remedial.
This presentation will provide system and network administrators with a set of
broadly applicable strategies and proactive approaches they can use to protect
systems from outside interference and contamination, provide appropriate
application con-trols, and protect their networks from undesired traffic.
Among other things, it will address policy and service-level agreements; when
to plan and for what; effective use of access controls; strong network
perimeters and how to compensate for leaks; and how to use weak materials to
build strong systems.
© Deloitte & Touche 2000
Page 3
Security and the System Administrator
Security Objectives
 Protect Applications from Interference or Contamination
 Preserve Confidentiality, Integrity, and Availability of Data
 Protect employees from temptation and suspicion
 Preserve the continuity of the business
 Protect Management from Charges of Imprudence
© Deloitte & Touche 2000
Page 4
Security and the System Administrator
Cost of Losses
$
Security
© Deloitte & Touche 2000
Page 5
Security and the System Administrator
Cost of Losses
$
Cost of Security
Security
© Deloitte & Touche 2000
Page 6
Security and the System Administrator
Cost of Losses
$
Cost of Security
Total Cost
Security
© Deloitte & Touche 2000
Page 7
Security and the System Administrator
Character of Costs
Cost of Losses:
Cost of Security:
 infrequent
 frequent
 irregular
 regular
 uncertain
 certain
 unexpected
 budgeted
 threatening
 cost of doing business
© Deloitte & Touche 2000
Page 8
Security and the System Administrator
Sources of loss
© Deloitte & Touche 2000
Page 9
Security and the System Administrator
Other sources of loss
 All acts by outsiders
 malicious programs

Trojan Horses

Viruses

Logic bombs

Worms

Other
 espionage
© Deloitte & Touche 2000
Page 10
Security and the System Administrator
Jacobson’s Window
Frequency
Lo
Consequences
© Deloitte & Touche 2000
Hi
Lo
Hi
Page 11
Security and the System Administrator
Jacobson’s Window
Frequency
Lo
Consequences
© Deloitte & Touche 2000
Hi
Lo
Empty
Hi
Page 12
Security and the System Administrator
Jacobson’s Window
Frequency
Lo
Consequences
© Deloitte & Touche 2000
Lo
Hi
Trivial
Hi
Page 13
Security and the System Administrator
Jacobson’s Window
Frequency
Lo
Consequences
© Deloitte & Touche 2000
Hi
Lo
Hi
Fire
Fraud
Earthquake
Page 14
Security and the System Administrator
Jacobson’s Window
Frequency
Lo
Consequences
© Deloitte & Touche 2000
Hi
Lo
Hi
Insurance &
Planning
Page 15
Security and the System Administrator
Jacobson’s Window
Frequency
Lo
Consequences
© Deloitte & Touche 2000
Hi
Errors &
Omissions
Lo
Hi
Page 16
Security and the System Administrator
Jacobson’s Window
Frequency
Lo
Consequences
© Deloitte & Touche 2000
Hi
Security &
Management
Lo
Hi
Page 17
Security and the System Administrator
Characterization of Threats and Vulnerabilities
 natural v.
man-made
 accidental v.
intentional
 insiders v.
outsiders
 passive v.
active
 manual v.
automatic
 trial and error v.
systematic
 local v.
global
© Deloitte & Touche 2000
Page 18
Security and the System Administrator
Attacks & Attackers
 “social engineering”
 guessing
 short dictionary or sweet list
 long dictionary
 exhaustive
 browsing
 eavesdropping
 spoofing

password grabbers

Trojan Horses
© Deloitte & Touche 2000
Page 19
Security and the System Administrator
Targets
 Targets of Opportunity

highly visible

low cost of attack

unknown value of success
© Deloitte & Touche 2000
Page 20
Security and the System Administrator
Cost of Attack
 Work
 Access
 Indifference to detection
 Special Knowledge
 Time to corrective action
Any one can reduce the requirements for any of the others; there
is enough of these in the world to break any system.
© Deloitte & Touche 2000
Page 21
Security and the System Administrator
Cost of Attack
 Work
 Access
 Indifference to detection
 Special Knowledge
 Time to corrective action
Any one can reduce the requirements for any of the others; there
is enough of these in the world to break any system.
© Deloitte & Touche 2000
Page 22
Security and the System Administrator
Cost of Attack
 Work
 Access
 Indifference to detection
 Special Knowledge
 Time to corrective action
Any one can reduce the requirements for any of the others; there
is enough of these in the world to break any system.
© Deloitte & Touche 2000
Page 23
Security and the System Administrator
Targets
 Targets of Opportunity

highly visible

low cost of attack

unknown value of success
 Targets of Choice

expected value of success

greater than expected cost of attack
© Deloitte & Touche 2000
Page 24
Security and the System Administrator
Value of Success
 Computer time
 Data, information, knowledge, application
value
 Access to other networks
 Identity
 Anonymity
 Trust or confidence
© Deloitte & Touche 2000
Page 25
Security and the System Administrator
Cost to Victim
 Loss of confidentiality
 Loss of integrity
 Loss of reliability and trust
 Loss of use
 Liability to third parties
 Loss of resources for restoration
© Deloitte & Touche 2000
Page 26
Security and the System Administrator
Cost of System Security is measured in :
Generality
Flexibility
Performance
And Functionality
Get used to it!
© Deloitte & Touche 2000
Page 27
Security and the System Administrator
Courtney’s Laws
 Nothing useful can be said about security except in the
context of an application and an environment.
 Never spend more money eliminating a vulnerability
than tolerating it will cost you.
 There are management solutions to technical problems
but there are no technical solutions to management
problems.
© Deloitte & Touche 2000
Page 28
Security and the System Administrator
Efficient Security Measures:
 safe environment
 management direction
 supervision
 accountability
 copies of the data
 access control
 secret codes (crypto)
 contingency planning
© Deloitte & Touche 2000
Page 29
Security and the System Administrator
Policy
 A statement of management’s intent
 Expressed as objectives or practices
 Translated to access control policy
 Mapped to a system policy
© Deloitte & Touche 2000
Page 30
Security and the System Administrator
Why Systems Fail?
 Poor Design
 Inadequate Materials
 Poor Fabrication
 Poor Maintenance
 Improper Operation
 Abuse and Misuse
© Deloitte & Touche 2000
Page 31
Security and the System Administrator
Sufficient Conditions for the Success of a Virus
Large population of similar machines
Sharing within the population
A place for the virus to store the replica
A way for it to get itself executed
(Creates replicas faster than they are
destroyed)
© Deloitte & Touche 2000
Page 32
Security and the System Administrator
Enterprise
Security in the 90s
 Inadequate expression of management intent
 Multiple signons, ids, and passwords
 Multiple points of control
 Unsafe defaults
 Complex administration
 Late recognition of problems
We are being overwhelmed once more!
© Deloitte & Touche 2000
Page 33
Security and the System Administrator
Recommendations
 Prefer single application or
single user system to multiapplication multi-user (think
servers)
 Scan for viruses in and out
 Scan for viruses on desktop and
servers.
 Scan for viruses
 Hide operating systems from
the network
 Layer your defenses.
 Restrict write access….
 ….to a single process per object
 Restrict read access to mutable
objects…..
 …. to those who can change
them
 Application end-to-end
encryption (PPTP, L2TP, other)
© Deloitte & Touche 2000
Page 35
 Prefer application-aware
composed firewalls between
layers.
 Man the walls!
 Economy of Logon
 Client-side strong
authentication
Security and the System Administrator
Strong Authentication
 Two kinds of evidence from list of

something one person knows (e.g., pass-phrase)

has, (token)

is, (biometric, e.g., visage)

or can do (e.g., speech)
 At least one of which is resistant to replay
© Deloitte & Touche 2000
Page 36
Security and the System Administrator
“We are not building toy systems anymore.”
© Deloitte & Touche 2000
Page 37