400 likes | 694 Views
Access Control Systems. A means of ensuring a system’s C.I.A given the threats, vulnerabilities, & risks its infrastructure. Rationale. Confidentiality Info not disclosed to unauthorized persons or processes Integrity Internal consistency External consistency Availability Reliability
E N D
Access Control Systems A means of ensuring a system’s C.I.A given the threats, vulnerabilities, & risks its infrastructure
Rationale • Confidentiality • Info not disclosed to unauthorized persons or processes • Integrity • Internal consistency • External consistency • Availability • Reliability • Utility
Systems • Complex • Interact with other systems • Have emergent properties that their designers did not intend • Have bugs
Systems & Security • Usual coping mechanism is to ignore the problem…WRONG • Security is system within larger system • Security theory vs security practice • Real world systems do not lend themselves to theoretical solutions • Must look at entire system & how security affects
The Landscape • Secure from whom? • Secure against what? • Never black & white • Context matters more than technology • Secure is meaningless out of context
Completely Secure Servers • Disconnect from Network • Power Down • Wipe & Degauss Memory & Harddrive • Pulverize it to dust • Threat Modeling • Risk management
Concepts in planning • Threat • Potential to cause harm • Vulnerability • Weakness or lack of safeguard that can be exploited by threat • Risk • Potential for loss or harm • Probability that threat will materialize
Threats • Attacks are exceptions • Digital Threats mirror Physical • Will become more common, more widespread, harder to catch due to: • Automation • Action at a Distance • Every two points are adjacent • Technical Propagation
Threats • All types of attackers • All present some type of threat • Impossible to anticipate • all attacks or • all types of attackers or • all avenues of attack • Point is not to prevent all but to “think about and analyze threats with greater depth and to take reasonable steps to prevent…”
Attacks • Criminal • Fraud-prolific on the Internet • Destructive, Intellectual Property • Identity Theft, Brand Theft • Privacy: less and less available • people do not own their own data • Surveillance, Databases, Traffic Analysis • Echelon, Carnivore • Publicity & Denial of Service • Legal
Controls • Implemented to mitigate risk & reduce loss • Categories of controls • Preventative • Detective • Corrective
Control Implementation types • Administrative: polices, procedures, security awareness training, background checks, vacation history review • Logical / Technical – encryption, smart cards, ACL • Physical – guards, locks, protection of transmission media, backup
Models for Controlling Access • Control: Limiting access by a subject to an object • Categories of controls • Mandatory Access Control (MAC) • Clearance, sensitivity of object, need to know • Ex: Rule-based • Discretionary Access Control (DAC) • Limited ability for Subject to allow access • ACL, access control triple: user, program, object or file • Non-Discretionary Access Control • Central authority determines access
SELinux MAC • Mandatory Access Control in kernel • Implemented via: • type enforcement (domains) • Role based access control • No user discretionary access control • Each process, file, user, etc has a domain & operations are limited within it • Root user can be divided into roles also
Control Combinations • Preventative / Administrative • Preventative / Technical • Preventative / Physical • Detective / Administrative • Detective / Technical • Detective / Physical
Access Control Attacks • DoS, DDos • Buffer Overflow, SYN Attack, Smurf • Back door • Spoofing • Man-in-the-Middle • Replay • TCP Hijacking • Software Exploitation: non up to date software • Trojan Horses
Social Engineering • Ex: emails or phone calls from “upper mgt or administrators” requesting passwords • Dumpster Diving • Password guessing: L0phat • Brute force • Dictionary attack
System Scanning • Collection of info about a system • What ports, what services running, what system software, what versions being used • Steps: • Network Reconnaissance • Gaining System Access • Removing Evidence of attack • Prevention • Watch for scans &/or access of common unused ports
Penetration Testing • “Ethical hacking” • Network-based IDS • Host-based IDS • Tests • Full knowledge, Partial knowledge, Zero knowledge • Open box – Closed box
Penetration Testing Steps • GET APPROVAL from upper mgt • Discovery • Enumeration of tests • Vulnerability mapping • Exploitation • Reporting
Identification & Authentication • ID: subject professing who they are • Auth: verification of ID • Three types of authentication • Something you know • Something you have • Something you are • Two-factor is way the best
Passwords • Static • Dynamic • Passphrase • Dictionary words • Alpha numeric special character • Models for choosing • Rotation schedules for passwords
Biometrics • Fingerprint, palm, retina, iris, face, voice, handwritting, RFID, etc • Enrollment time (2 min) • Throughput rate (10 subjects/min) • Corpus: Collection of biometric data
Biometrics • False Rejection Rate (FRR) • False Acceptance Rate (FAR) • Crossover Error Rate (CER) FAR FRR CER
Single Sign On (SSO) • One id / password per session regardless of the # of systems used • Advantages • Ease of use, Stronger passwords/biodata, easier administration, lower use of resources • Disadvantages • If access control is broken is a MUCH bigger problem
SSO Example: Kerberos • User enters id/pass • Client requests service • Ticket is encrypted with servers public key and sent to client • Client sends ticket to server & requests service • Server responds Problems: replay, compromised tickets
Access Control • Centralized • Remote Authentication & Dial-In (Wireless) User Service (RADIUS) • Call back • De-centralized • Relational Databases (can be both) • Relational concepts • Security issues
Intrusion Detection Systems • Network Based • Monitors Packets & headers • SNORT • Will not detect attacks same host attacks • Host based • Monitors logs and system activity • Types • Signature based (slow attacks problem) • Statistical Anomaly Based
Other issues • Costs • Privacy • Accountability • Compensation for violations • Backups • RAID (Redundant Array of Independent Disks) • Fault tollerance • Business Continuity Planning • Insurance
References • Building Secure Linux Servers (0596002173) • Secrets and Lies ( 0471253111)