Security and the System Administrator Security and the System Administrator William Hugh Murray 24 East Avenue Suite 1362 New Canaan, CT 06840 (203)966-4769 WHMurray@sprynet.com © Deloitte & Touche 2000 Page 1 Security and the System Administrator Bio William Hugh Murray Bill Murray is information system security consultant to Deloitte & Touche. He has more than thirty-five years experience in data processing and more than twenty in security. During more than twenty-five years with IBM his management responsibilities included development of access control programs, advising IBM customers on security, and the articulation of the security product plan. In 1987 he received the Fitzgerald Memorial Award for leadership in data security. In 1989 he received the Joseph J. Wasserman Award for contributions to security, audit and control. Mr. Murray holds the Bachelor of Science degree in Business Administration from Louisiana State University, and is a graduate of the Jesuit Preparatory High School of New Orleans. © Deloitte & Touche 2000 Page 2 Security and the System Administrator Abstract Everything that business or government does with computers or communications becomes part of the social and economic infra-structure of the twenty-first century. Much of the configuration and operation of this novel and critical infrastructure will be in the hands of the system and network administrators. They are often the first to be called when the infrastructure is stressed or breaks, but their training is often on-the-job, remedial, and late. Although they understand the weaknesses and limitations of their materials all too well, they are rarely taught how to compensate for those weaknesses. Out of necessity, their security approach tends to be reactive and remedial. This presentation will provide system and network administrators with a set of broadly applicable strategies and proactive approaches they can use to protect systems from outside interference and contamination, provide appropriate application con-trols, and protect their networks from undesired traffic. Among other things, it will address policy and service-level agreements; when to plan and for what; effective use of access controls; strong network perimeters and how to compensate for leaks; and how to use weak materials to build strong systems. © Deloitte & Touche 2000 Page 3 Security and the System Administrator Security Objectives Protect Applications from Interference or Contamination Preserve Confidentiality, Integrity, and Availability of Data Protect employees from temptation and suspicion Preserve the continuity of the business Protect Management from Charges of Imprudence © Deloitte & Touche 2000 Page 4 Security and the System Administrator Cost of Losses $ Security © Deloitte & Touche 2000 Page 5 Security and the System Administrator Cost of Losses $ Cost of Security Security © Deloitte & Touche 2000 Page 6 Security and the System Administrator Cost of Losses $ Cost of Security Total Cost Security © Deloitte & Touche 2000 Page 7 Security and the System Administrator Character of Costs Cost of Losses: Cost of Security: infrequent frequent irregular regular uncertain certain unexpected budgeted threatening cost of doing business © Deloitte & Touche 2000 Page 8 Security and the System Administrator Sources of loss © Deloitte & Touche 2000 Page 9 Security and the System Administrator Other sources of loss All acts by outsiders malicious programs Trojan Horses Viruses Logic bombs Worms Other espionage © Deloitte & Touche 2000 Page 10 Security and the System Administrator Jacobson’s Window Frequency Lo Consequences © Deloitte & Touche 2000 Hi Lo Hi Page 11 Security and the System Administrator Jacobson’s Window Frequency Lo Consequences © Deloitte & Touche 2000 Hi Lo Empty Hi Page 12 Security and the System Administrator Jacobson’s Window Frequency Lo Consequences © Deloitte & Touche 2000 Lo Hi Trivial Hi Page 13 Security and the System Administrator Jacobson’s Window Frequency Lo Consequences © Deloitte & Touche 2000 Hi Lo Hi Fire Fraud Earthquake Page 14 Security and the System Administrator Jacobson’s Window Frequency Lo Consequences © Deloitte & Touche 2000 Hi Lo Hi Insurance & Planning Page 15 Security and the System Administrator Jacobson’s Window Frequency Lo Consequences © Deloitte & Touche 2000 Hi Errors & Omissions Lo Hi Page 16 Security and the System Administrator Jacobson’s Window Frequency Lo Consequences © Deloitte & Touche 2000 Hi Security & Management Lo Hi Page 17 Security and the System Administrator Characterization of Threats and Vulnerabilities natural v. man-made accidental v. intentional insiders v. outsiders passive v. active manual v. automatic trial and error v. systematic local v. global © Deloitte & Touche 2000 Page 18 Security and the System Administrator Attacks & Attackers “social engineering” guessing short dictionary or sweet list long dictionary exhaustive browsing eavesdropping spoofing password grabbers Trojan Horses © Deloitte & Touche 2000 Page 19 Security and the System Administrator Targets Targets of Opportunity highly visible low cost of attack unknown value of success © Deloitte & Touche 2000 Page 20 Security and the System Administrator Cost of Attack Work Access Indifference to detection Special Knowledge Time to corrective action Any one can reduce the requirements for any of the others; there is enough of these in the world to break any system. © Deloitte & Touche 2000 Page 21 Security and the System Administrator Cost of Attack Work Access Indifference to detection Special Knowledge Time to corrective action Any one can reduce the requirements for any of the others; there is enough of these in the world to break any system. © Deloitte & Touche 2000 Page 22 Security and the System Administrator Cost of Attack Work Access Indifference to detection Special Knowledge Time to corrective action Any one can reduce the requirements for any of the others; there is enough of these in the world to break any system. © Deloitte & Touche 2000 Page 23 Security and the System Administrator Targets Targets of Opportunity highly visible low cost of attack unknown value of success Targets of Choice expected value of success greater than expected cost of attack © Deloitte & Touche 2000 Page 24 Security and the System Administrator Value of Success Computer time Data, information, knowledge, application value Access to other networks Identity Anonymity Trust or confidence © Deloitte & Touche 2000 Page 25 Security and the System Administrator Cost to Victim Loss of confidentiality Loss of integrity Loss of reliability and trust Loss of use Liability to third parties Loss of resources for restoration © Deloitte & Touche 2000 Page 26 Security and the System Administrator Cost of System Security is measured in : Generality Flexibility Performance And Functionality Get used to it! © Deloitte & Touche 2000 Page 27 Security and the System Administrator Courtney’s Laws Nothing useful can be said about security except in the context of an application and an environment. Never spend more money eliminating a vulnerability than tolerating it will cost you. There are management solutions to technical problems but there are no technical solutions to management problems. © Deloitte & Touche 2000 Page 28 Security and the System Administrator Efficient Security Measures: safe environment management direction supervision accountability copies of the data access control secret codes (crypto) contingency planning © Deloitte & Touche 2000 Page 29 Security and the System Administrator Policy A statement of management’s intent Expressed as objectives or practices Translated to access control policy Mapped to a system policy © Deloitte & Touche 2000 Page 30 Security and the System Administrator Why Systems Fail? Poor Design Inadequate Materials Poor Fabrication Poor Maintenance Improper Operation Abuse and Misuse © Deloitte & Touche 2000 Page 31 Security and the System Administrator Sufficient Conditions for the Success of a Virus Large population of similar machines Sharing within the population A place for the virus to store the replica A way for it to get itself executed (Creates replicas faster than they are destroyed) © Deloitte & Touche 2000 Page 32 Security and the System Administrator Enterprise Security in the 90s Inadequate expression of management intent Multiple signons, ids, and passwords Multiple points of control Unsafe defaults Complex administration Late recognition of problems We are being overwhelmed once more! © Deloitte & Touche 2000 Page 33 Security and the System Administrator Recommendations Prefer single application or single user system to multiapplication multi-user (think servers) Scan for viruses in and out Scan for viruses on desktop and servers. Scan for viruses Hide operating systems from the network Layer your defenses. Restrict write access…. ….to a single process per object Restrict read access to mutable objects….. …. to those who can change them Application end-to-end encryption (PPTP, L2TP, other) © Deloitte & Touche 2000 Page 35 Prefer application-aware composed firewalls between layers. Man the walls! Economy of Logon Client-side strong authentication Security and the System Administrator Strong Authentication Two kinds of evidence from list of something one person knows (e.g., pass-phrase) has, (token) is, (biometric, e.g., visage) or can do (e.g., speech) At least one of which is resistant to replay © Deloitte & Touche 2000 Page 36 Security and the System Administrator “We are not building toy systems anymore.” © Deloitte & Touche 2000 Page 37