Post on 01-Jan-2016
description
transcript
Access Control Systems
A means of ensuring a system’s C.I.A given the threats, vulnerabilities, & risks its infrastructure
Rationale Confidentiality
Info not disclosed to unauthorized persons or processes
Integrity Internal consistency External consistency
Availability Reliability Utility
Systems Complex
Interact with other systems
Have emergent properties that their designers did not intend
Have bugs
Systems & Security Usual coping mechanism is to ignore the
problem…WRONG
Security is system within larger system
Security theory vs security practice Real world systems do not lend themselves to
theoretical solutions Must look at entire system & how security
affects
The Landscape Secure from whom? Secure against what?
Never black & white Context matters more than
technology
Secure is meaningless out of context
Completely Secure Servers
Disconnect from Network Power Down Wipe & Degauss Memory & Harddrive Pulverize it to dust
Threat Modeling Risk management
Concepts in planning
Threat Potential to cause harm
Vulnerability Weakness or lack of safeguard that can
be exploited by threat Risk
Potential for loss or harm Probability that threat will materialize
Threats
Attacks are exceptions Digital Threats mirror Physical Will become more common, more
widespread, harder to catch due to: Automation Action at a Distance
Every two points are adjacent Technical Propagation
Threats All types of attackers All present some type of threat Impossible to anticipate
all attacks or all types of attackers or all avenues of attack
Point is not to prevent all but to “think about and analyze threats with greater depth and to take reasonable steps to prevent…”
Attacks Criminal
Fraud-prolific on the Internet Destructive, Intellectual Property Identity Theft, Brand Theft
Privacy: less and less available people do not own their own data Surveillance, Databases, Traffic Analysis Echelon, Carnivore
Publicity & Denial of Service Legal
Controls
Implemented to mitigate risk & reduce loss
Categories of controls Preventative Detective Corrective
Control Implementation types Administrative: polices, procedures,
security awareness training, background checks, vacation history review
Logical / Technical – encryption, smart cards, ACL
Physical – guards, locks, protection of transmission media, backup
Models for Controlling Access Control: Limiting access by a subject to an
object Categories of controls
Mandatory Access Control (MAC) Clearance, sensitivity of object, need to know Ex: Rule-based
Discretionary Access Control (DAC) Limited ability for Subject to allow access ACL, access control triple: user, program, object
or file Non-Discretionary Access Control
Central authority determines access
SELinux MAC Mandatory Access Control in kernel Implemented via:
type enforcement (domains) Role based access control
No user discretionary access control Each process, file, user, etc has a domain &
operations are limited within it Root user can be divided into roles also
Control Combinations
Preventative / Administrative Preventative / Technical Preventative / Physical
Detective / Administrative Detective / Technical Detective / Physical
Access Control Attacks DoS, DDos
Buffer Overflow, SYN Attack, Smurf Back door Spoofing Man-in-the-Middle Replay TCP Hijacking Software Exploitation: non up to date
software Trojan Horses
Social Engineering
Ex: emails or phone calls from “upper mgt or administrators” requesting passwords
Dumpster Diving Password guessing: L0phat Brute force Dictionary attack
System Scanning Collection of info about a system
What ports, what services running, what system software, what versions being used
Steps:1. Network Reconnaissance2. Gaining System Access3. Removing Evidence of attack
Prevention Watch for scans &/or access of common unused
ports
Penetration Testing
“Ethical hacking” Network-based IDS Host-based IDS Tests
Full knowledge, Partial knowledge, Zero knowledge
Open box – Closed box
Penetration Testing Steps
1. GET APPROVAL from upper mgt2. Discovery3. Enumeration of tests4. Vulnerability mapping5. Exploitation6. Reporting
Identification & Authentication
ID: subject professing who they are Auth: verification of ID
Three types of authentication Something you know Something you have Something you are Two-factor is way the best
Passwords Static Dynamic Passphrase
Dictionary words Alpha numeric special character Models for choosing
Rotation schedules for passwords
Biometrics
Fingerprint, palm, retina, iris, face, voice, handwritting, RFID, etc
Enrollment time (2 min) Throughput rate (10 subjects/min) Corpus: Collection of biometric data
Biometrics
False Rejection Rate (FRR) False Acceptance Rate (FAR) Crossover Error Rate (CER)
FAR FRR
CER
Single Sign On (SSO)
One id / password per session regardless of the # of systems used
Advantages Ease of use, Stronger passwords/biodata,
easier administration, lower use of resources
Disadvantages If access control is broken is a MUCH
bigger problem
SSO Example: Kerberos
1. User enters id/pass2. Client requests service3. Ticket is encrypted with servers
public key and sent to client4. Client sends ticket to server &
requests service5. Server respondsProblems: replay, compromised tickets
Access Control
Centralized Remote Authentication & Dial-In
(Wireless) User Service (RADIUS) Call back
De-centralized Relational Databases (can be both)
Relational concepts Security issues
Intrusion Detection Systems Network Based
Monitors Packets & headers SNORT Will not detect attacks same host attacks
Host based Monitors logs and system activity
Types Signature based (slow attacks problem) Statistical Anomaly Based
Other issues Costs Privacy Accountability Compensation for violations
Backups RAID (Redundant Array of Independent Disks) Fault tollerance Business Continuity Planning Insurance