Access Control Systems
advertisement
Access Control Systems A means of ensuring a system’s C.I.A given the threats, vulnerabilities, & risks its infrastructure Rationale Confidentiality Info not disclosed to unauthorized persons or processes Integrity Internal consistency External consistency Availability Reliability Utility Systems Complex Interact with other systems Have emergent properties that their designers did not intend Have bugs Systems & Security Usual coping mechanism is to ignore the problem…WRONG Security is system within larger system Security theory vs security practice Real world systems do not lend themselves to theoretical solutions Must look at entire system & how security affects The Landscape Secure from whom? Secure against what? Never black & white Context matters more than technology Secure is meaningless out of context Completely Secure Servers Disconnect from Network Power Down Wipe & Degauss Memory & Harddrive Pulverize it to dust Threat Modeling Risk management Concepts in planning Threat Potential to cause harm Vulnerability Weakness or lack of safeguard that can be exploited by threat Risk Potential for loss or harm Probability that threat will materialize Threats Attacks are exceptions Digital Threats mirror Physical Will become more common, more widespread, harder to catch due to: Automation Action at a Distance Every two points are adjacent Technical Propagation Threats All types of attackers All present some type of threat Impossible to anticipate all attacks or all types of attackers or all avenues of attack Point is not to prevent all but to “think about and analyze threats with greater depth and to take reasonable steps to prevent…” Attacks Criminal Fraud-prolific on the Internet Destructive, Intellectual Property Identity Theft, Brand Theft Privacy: less and less available people do not own their own data Surveillance, Databases, Traffic Analysis Echelon, Carnivore Publicity & Denial of Service Legal Controls Implemented to mitigate risk & reduce loss Categories of controls Preventative Detective Corrective Control Implementation types Administrative: polices, procedures, security awareness training, background checks, vacation history review Logical / Technical – encryption, smart cards, ACL Physical – guards, locks, protection of transmission media, backup Models for Controlling Access Control: Limiting access by a subject to an object Categories of controls Mandatory Access Control (MAC) Clearance, sensitivity of object, need to know Ex: Rule-based Discretionary Access Control (DAC) Limited ability for Subject to allow access ACL, access control triple: user, program, object or file Non-Discretionary Access Control Central authority determines access SELinux MAC Mandatory Access Control in kernel Implemented via: type enforcement (domains) Role based access control No user discretionary access control Each process, file, user, etc has a domain & operations are limited within it Root user can be divided into roles also Control Combinations Preventative / Administrative Preventative / Technical Preventative / Physical Detective / Administrative Detective / Technical Detective / Physical Access Control Attacks DoS, DDos Buffer Overflow, SYN Attack, Smurf Back door Spoofing Man-in-the-Middle Replay TCP Hijacking Software Exploitation: non up to date software Trojan Horses Social Engineering Ex: emails or phone calls from “upper mgt or administrators” requesting passwords Dumpster Diving Password guessing: L0phat Brute force Dictionary attack System Scanning Collection of info about a system What ports, what services running, what system software, what versions being used Steps: 1. Network Reconnaissance 2. Gaining System Access 3. Removing Evidence of attack Prevention Watch for scans &/or access of common unused ports Penetration Testing “Ethical hacking” Network-based IDS Host-based IDS Tests Full knowledge, Partial knowledge, Zero knowledge Open box – Closed box Penetration Testing Steps 1. 2. 3. 4. 5. 6. GET APPROVAL from upper mgt Discovery Enumeration of tests Vulnerability mapping Exploitation Reporting Identification & Authentication ID: subject professing who they are Auth: verification of ID Three types of authentication Something you know Something you have Something you are Two-factor is way the best Passwords Static Dynamic Passphrase Dictionary words Alpha numeric special character Models for choosing Rotation schedules for passwords Biometrics Fingerprint, palm, retina, iris, face, voice, handwritting, RFID, etc Enrollment time (2 min) Throughput rate (10 subjects/min) Corpus: Collection of biometric data Biometrics False Rejection Rate (FRR) False Acceptance Rate (FAR) Crossover Error Rate (CER) FAR FRR CER Single Sign On (SSO) One id / password per session regardless of the # of systems used Advantages Ease of use, Stronger passwords/biodata, easier administration, lower use of resources Disadvantages If access control is broken is a MUCH bigger problem SSO Example: Kerberos 1. User enters id/pass 2. Client requests service 3. Ticket is encrypted with servers public key and sent to client 4. Client sends ticket to server & requests service 5. Server responds Problems: replay, compromised tickets Access Control Centralized Remote Authentication & Dial-In (Wireless) User Service (RADIUS) Call back De-centralized Relational Databases (can be both) Relational concepts Security issues Intrusion Detection Systems Network Based Monitors Packets & headers SNORT Will not detect attacks same host attacks Host based Monitors logs and system activity Types Signature based (slow attacks problem) Statistical Anomaly Based Other issues Costs Privacy Accountability Compensation for violations Backups RAID (Redundant Array of Independent Disks) Fault tollerance Business Continuity Planning Insurance References Building Secure Linux Servers (0596002173) Secrets and Lies ( 0471253111)
