Access Control 2011

7/30/2019 Access Control 2011

1/108

Domain 1: Access Control

2010 CISSP Study Group

Presented By: Jeff McEwen, CISSP. SecurityArchitect, AAA NCNU Insurance Exchange

Domain 1:

Access Control
http://sfbay.issa.org/index.htm


2/108


2

Domain Objective

The objective of this domain is tounderstand:

Access control concepts and techniques

Access control methodologies and

implementation within centralized anddecentralized environments

Detective and corrective access controls

Mechanisms for controlling system use

Potential risks, vulnerabilities, and exposures


3/108


3

Domain Summary

The information for this domain representsapproximately 16% of the CISSP examcontent.


4/108


4

Access Control Defined

Access control is the heart of security The ability to allow only authorized users, programs orprocesses system or resource access

The granting or denying, according to a particularsecurity model, of certain permissions to access aresource

An entire set of procedures performed by hardware,software and administrators, to monitor access, identifyusers requesting access, record access attempts, andgrant or deny access based on pre-established rules.

The collection of mechanisms for limiting, controlling,

and monitoring system access to certain items ofinformation, or to certain features based on a usersidentity and their membership in various predefinedgroups.


5/108


5

Key Access Control Terms

Identification assert user is the user; processthrough which one ascertains the identity ofanother person or entity; provides accountabilityto users & traceability of their activities

Authentication verifies user is who user

claims; process through which one proves andverifies certain information. Authorization actions the user is allowed to

perform Accountability tracks user actions and when

they were done Approval Authorizations were appropriatelygranted by the data owner


6/108


6

Access Control Concepts

Security Policy - a high-level overall planembracing general goals and acceptableactions for each system

Accountability - systems that processsensitive information must assureindividual accountability

Assurance - systems must guarantee

correct and accurate interpretation ofsecurity policy


7/108


Access Control Systems & Methodology

Why Control Access


8/108


8

Access Control Purposes

Confidentiality - information is not disclosed tounauthorized individuals or processes

protects against hackers, unprotectedcommunications, unauthorized users

Integrity - information retains its original level ofaccuracy

protects against unauthorized data modifications,system changes, or program changes

Availability - reliable access to data

protects against denial of service, ping attacks, e-mailflaming


9/108


9

What does AC hope to protect?

Data - Unauthorized viewing, modificationor copying

System - Unauthorized use, modificationor denial of service

It should be noted that nearly everynetwork operating system (NT, Unix,

Vines, NetWare) is based on a secure

physical infrastructure


10/108


10

Information Value

Information is assumed to have a valuethat can be measured by quantity orquality

The major reason to value information isthe cost to develop and the value to itsowners

Valuation techniques - Use of policy or

regulation, checklist, questionnaire,consensus, accounting data, statisticalanalysis


11/108


11

File and Data Ownership

A prerequisite to development of effectiveaccess controls is the establishment of DataOwnership. The Data Owner is required to:

Identify sensitivity of information

Determine security requirements Ensure security requirements meet goals

Authorize access

Develop contingency plans


12/108



How do we control access?


13/108


13

Control Types

Preventative - deter problems beforethey occur

Detective - investigate an act that hasoccurred

Corrective - remedy acts that haveoccurred

Deterrent - discourage an act fromoccurring

Recovery - restore a resource from anact that has occurred


14/108


14

Lines of Defenses

Security mechanisms for limiting and controllingaccess to resources by layering protection

Categories - usually 3 lines with action priorities based onincreased control with each succeeding layer

First Line - policies, firewalls, passwords, separation of

duties, training, quality assurance, fault tolerance, etc. Second Line - audit trails, monitoring, penetration

testing

Third Line - insurance, bonding, backups, contingencyplans


15/108


15

Management - policies, procedures, andaccountability designed to control systemuse

Technical - hardware and softwarecontrols used to automate protection ofthe system

Operational - personnel procedures used

to protect the system

Access Control Types


16/108


16

Proactive access control

Awareness training

Background checks

Separation of duties

Split knowledge

Policies

Data classification

Effective user registration

Termination procedures

Change control procedures


17/108


17

Physical access control

Guards

Locks

Mantraps

ID badges

CCTV, sensors, alarms

Biometrics

Fences - the higher the voltage the better

Card-key and tokens

Guard dogs


18/108


18

How can AC be implemented?

Hardware

Software

Application

Protocol (Kerberos, IPSec) Physical

Logical (policies)


19/108


19

Access Control & privacy issues

Expectation of privacy Policies

Monitoring activity, Internet usage, e-

mail Login banners should detail expectations

of privacy and state levels of monitoring


20/108



User Authentication


21/108


21

Identification

Types of ID User IDs

Names

Pins (also used for authentication)

Badges

Biometrics (also used for authentication)


22/108


22

User Authentication

User Identification - provides identity tosystem

authentication data verifies individual

activities traced to an individual

responsible for actions

use of a label to ID user

User Label Characteristics

unique non-descriptive of function, area, or company


23/108


23

User Authentication

System Implementation Administration - create, distribute, and store

authentication data (passwords)

Maintaining authentication - log out user or locksystem during inactivity

Single log-in - a group of systems on one OS platformthat allow the user to authenticate once

Host-to-host authentication - host passes on logondata

Authentication servers - user logs on to a special

network server

User-to-host authentication - user logs on andreceives token for logons to other systems


24/108


24

Authentication

3 types of authentication: Something you know - Password, PIN, mothers

maiden name, passcode, fraternity chant

Something you have - ATM card, smart card,token, key, ID Badge, driver license, passport

Something you are - Fingerprint, voice scan, irisscan, retina scan, body odor, DNA
http://sfbay.issa.org/index.htmhttp://sfbay.issa.org/index.htm


25/108


25

Password

Most common type of authentication inuse

something a user knows

a string of characters that IDs a user

Types

One-time passwords - system generated andchanged after every use

Passphrase a sequence of characters that islonger than a regular password and istransformed into a virtual password


26/108


26

Password Issues

Selection Source can be assigned or user selected, system

generated, token generated, or a system default

Composition can be words, characters, or a phrase

Types can be system or resource specific

Management Transport paths that user uses to update password

owner authentication generated by owner

system owner authentication generated by

system system administration to owner & system

generated by system administrator


27/108


27

Password Issues

Management (continued) Initial passwords

New users

One-time passwords

Force user change

User notification on successful login date & time oflast logon and location

Suspend ID after number of unsuccessful logonattempts

Audit trail of logons successful login, unsuccessfulattempts, along with date/time/ID/origin

Control maximum logon attempt rate


28/108


28

Password Issues

Control Password lifetime length of time the

password can be secure

Users change own password

Audit trail of password changes Risk if compromised

Distribution risk

Probability of guessing

Electronic monitoring

Vulnerable to cracking


29/108


29

Password Issues

Control (continued) Password security

Number of characters

Minimum length

Number of invalid attempts

Compromises severity of measures vs. useracceptance

Forgotten passwords issue expired

passwords, user changes immediately

User ID by phone validate user identity, callback user at office phone with new password

P bl ith d


30/108


30

Problems with passwords(what a person knows)

Insecure Given the choice, people will choose easily

remembered and hence easily guessed passwordssuch as names of relatives, pets, phone numbers,birthdays, hobbies, etc.

Easily broken

Programs such as crack, SmartPass, PWDUMP,NTCrack & l0phtcrack can easily decrypt Unix,NetWare & NT passwords.

Dictionary attacks are only feasible because userschoose easily guessed passwords!

Inconvenient

In an attempt to improve security, organizations oftenissue users with computer-generated passwords thatare difficult,if not impossible to remember

Cl i d l


31/108


31

Classic password rules(what a person knows)

The best passwords Easy to remember Hard to crack using a dictionary attack.

The best way to create passwords that fulfill bothcriteria is to use two small unrelated words or

phonemes, ideally with a special character or number.Good examples would be hex7goopor -typetin

Dont use:

common names, DOB, spouse, phone #, etc.

word found in dictionaries password as a password

systems defaults

Password management


32/108


32

Password management(what a person knows)

Configure system to use string passwords Set password time and lengths limits

Limit unsuccessful logins

Limit concurrent connections Enabled auditing

How policies for password resets andchanges

Use last login dates in banners


33/108


33

Access Control Techniques

Tokens - access information stored in a portabledevice

Memory token - store but do not process data

Smart token - store and process data

Limitations - lost or stolen with PIN allows for

masquerading, battery failure or device malfunction

Benefits

not vulnerable to regular cracks

2 factor authentication - challenge response

Examples - SecurID, PIN pad, ATM card

T k


34/108


34

Tokens(what a person has)

Used to facilitate one-time Passwords

Asynchronous Token Device

SecurID -- synchronous Token Device

Physical card

S/Key

Smart card Contact & Contactless

Access token


35/108


35


Biometrics - something a person is The one attribute that cannot be readily

compromised in 3 factors of personal identity

knows - i.e. password

has - i.e. access card about - i.e. fingerprint

Examples - fingerprint, hand geometry, voiceverification

Constraints cost of equipment, access time,false readings

Biometrics


36/108


36

Biometrics(what a person is)

Authenticating a user via humancharacteristicsAccuracy

False Reject Rate (type I error)

False Accept Rate (type II error) Cross-Over Error Rate (CER)

Behavioral keystroke, signature pattern,signature dynamics

Physical characteristics of a person to provetheir identification Fingerprint, Iris, retina, voice, face

Advantages of biometrics


37/108


37

Advantages of biometrics(what a person is)

Cant be loaned like a physical key ortoken and cant be forgotten like apassword

Good compromise between ease of use,

template size, cost and accuracy Fingerprint contains enough inherent

variability to enable unique identificationeven in very large (millions of records)

databases Makes network login & authentication

effortless

Biomet ic Disad antages


38/108


38

Biometric Disadvantages(what a person is)

Processing speed issues - Still relativelyexpensive per user

Accuracy Subject to environmentalchanges

User acceptability -- Some hesitancy foruser acceptance

Biometric privacy issues


39/108


39

Biometric privacy issues(what a person is)

Tracking and surveillance - Ultimately, the abilityto track a person's movement from hour to hour

Anonymity - Biometric links to databases coulddissolve much of our anonymity when we traveland access services

Profiling - Compilation of transaction data abouta particular person that creates a picture of thatperson's travels, preferences, affiliations orbeliefs


40/108


40

Multi-factor authentication

2-factor authentication. To increase the level ofsecurity, many systems will require a user toprovide 2 of the 3 types of authentication.

ATM card + PIN

Credit card + signature

PIN + fingerprint

3-factor authentication -- For highest security

Password + SecurID token + Fingerprint

l


41/108


41

Single Sign-on

User authenticates only once to a network systemto be allowed on all systems in an enterprise

Benefits

More efficient user logon process

Stronger passwords are required Inactivity thresholds applied uniformly

Effective for disabling terminated accounts

Single sign-on


42/108


42

Single sign on(Reduced Sign-on)

User has one password for all enterprise systems andapplications - that way, one strong password can beremembered and used

All of a users accounts can be quickly created onhire, deleted on dismissal

Hard to implement and get working

Kerberos, SPNEGO, x.509, SESAME SecureEuropean System for Applications in a Multi-vendorEnvironment, SAML, WS-Federation

CA-eTrust, RSA Access Manager, IBM Tivoli AccessManager

Single Sign on


43/108


43

Single Sign-on

Methodologies Network session managers

Provides multiple sessions limited to onecomputing platform

Synchronization problems

Security server SESAME Secure European System forApplications in a Multivendor Environment

Provides distributed access control usingsymmetric and asymmetric cryptography

Project of ECMA

Provides global access identity targets endsystem and provides mapping to local access

Si l Si


44/108


44

Single Sign-on

Security server (Contd) Kerberos MIT project Athena User authentication, encryption, and uses ticket

Authenticator contains same verification information

Tickets database of clients and private keys

Windows/Active Directory uses Kerberos today

Credential caching

Scripting Macro language

Replay user keystrokes

Scans for message strings

ID Federation

Liberty Alliance, SAML

WS Federation


45/108



Authorization

A C t l St t


46/108


46

Access Control Structure

Subject - an active user or process that requestsaccess to a resource

Object - a resource that contains information

Domain - a set of objects that the subject canaccess

Groups - subjects and objects grouped togetherbased on shared characteristics

A C t l C it i


47/108


47

Access Control Criteria

Identity - a unique way to identify an individualor program in a system

Roles - computer related functions performed bya user that uses a exclusive set of privileges

Location - physical or logical place of user Time - day/time parameters used to control

resource use

Transaction - program checks that can beperformed to protect information

A C t l T h i


48/108


48


Content dependent -access based on content of

record

provides more access control granularity

access request is in form of question

arbiter program controls access

Temporal isolation - access based on user workschedule

used for multilevel security

each time slot a different access level

used for rotating shifts, weekend operations, etc. Least privilege rule (need-to-know) - all data

access is restricted unless granted

P inciples of Access Cont ol


49/108


49

Principles of Access Control

Rule of least privilege One of the most fundamental principles of infosec States that:Any object (user, administrator, program, system)

should have only the least privileges the object needs toperform its assigned task, and no more.

An AC system that grants users only those rights necessaryfor them to perform their work Limits exposure to attacks and the damage an attack can

cause Physical security example: car valet key vs. regular key

Separation of Duties Limits users access based on duty position Split responsibility requires collusion to create harm

Implementing least privilege


50/108


50

Implementing least privilege

Ensure that only a minimal set of users haveroot/administrator/sysadmin access

There are commercial tools available to supportshared root access without shared root

password

Ensure that software deployed doesnt demandgreater access than really needed.

Implement via explicit group membership, not

nested or via shared passwords.


51/108



Formal Models

Varied types of Access Control


52/108


52

Varied types of Access Control

Discretionary (DAC) vs Mandatory (MAC) Centralized vs Decentralized

Formal models (detail in Sec Archmodule):

Biba (Integrity)

Take/Grant

Clark/Wilson

Bell/LaPadula (confidentiality)

Access Control Models


53/108


53


Discretionary- resource owner determines access andprivileges user should have ( 107.2) Identity-based - access based on user and resource identity

User-directed user (owner) grants access based on restrictions

Hybrid - access based on identity-based and user-directedcontrols

Mandatory System determines access based on label (107.3)

Object label contains objects classification

Subject label contains subjects clearance

Rule-based - access granted based on resource rules

Administratively directed - access granted by administrator



54/108


54


Non-Discretionary - resource access is granted basedon policies and control objectives

Role-based - access is based on users responsibilities.

Task-based - access is based on users job duties

Lattice-based

Complex decisions with multiple objectsand subjects.

Mathematical structure that definesgreatest lower-bound and least upper-

bound values for a pair of elements

Competing definition


55/108


55

Competing definition

Wiki defines these three types: DAC (Discretionary Access Control) MAC (Mandantory Access Control)

Rule based or Lattice based Controls read and write permissions based on a

user's clearance level and object confidentiality

labels RBAC (Role Based Access Control)

Controls collections of permissions that mayinclude complex operations such as an e-commerce transaction

MAC and RBAC are both defined as Non-Discretionary

Discretionary Access Control


56/108


56

Discretionary Access Control

Access is restricted based on the authorizationgranted to the user

Orange book C-level

Prime use to separate and protect users from

unauthorized data Used by Unix, NT, NetWare, Linux, Vines, etc.

Relies on the object owner to control access

Mandatory Access Control


57/108


57


Assigns sensitivity levels, AKA labels

Every object is given a sensitivity label & isaccessible only to users who are cleared up to thatparticular level.

Only the administrators, not object owners, make

change the object level Generally more secure than DAC

Orange book B-level

Used in systems where security is critical, i.e.,military

Hard to program for and configure & implement



58/108


58

Mandatory Access Control(Continued)

Downgrade in performance Relies on the system to control access

Example: If a file is classified as confidential,MAC will prevent anyone from writing secret or

top secret information into that file. All output, i.e., print jobs, floppies, other

magnetic media must have be labeled as to thesensitivity level

Problems with formal models


59/108


59

Based on a static infrastructure

Defined and succinct policies

These do not work in corporate systemswhich are extremely dynamic and

constantly changing None of the previous models deals with:Viruses / active content

Trojan horses

firewalls Limited documentation on how to build

these systems



60/108


60


Centralized - one location is responsible for access control

advantage - strict control and uniformity of access

disadvantage - central administration can beoverloaded

examples:

RADIUS (Remote Authentication Dial-inUser Service) -

TACACS (Terminal Access ControllerAccess Control System)

Active Directory



61/108


61


Decentralized - resource owners are responsiblefor access control

examples:

domain - set of authorized accesses

permitted within a resource area trusted computer system - a system that has

hardware and software controls that ensuredata integrity



62/108


62


Decentralized (continued)

Domains the access control parameters that protect anaddress space in which a program is operating

a set of objects a subject can access

principle of separation protects resources whereresources are encapsulated in distinct address spaces

common subset of subjects

hierarchical domain relationship

subjects can access objects in equal or lowerdomains

domains of higher privilege are protected from

lower



63/108


63


Decentralized (continued)

Trusted Computer Systema trusted computersystem is one that provides at least one activefunction essential to the protection of information

Control is based on policy - rules to

enforce Mechanism - enforce policy

Assurance - confidence in control toprovide function

Hybrid - a combination of centralized and decentralizedadministration


64/108



DOD Influence

Orange Book


65/108


65

Orange Book

DoD Trusted Computer SystemEvaluation Criteria, DoD 5200.28-STD,1983

Provides the information needed to

classify systems (A,B,C,D), defining thedegree of trust that may be placed inthem

For stand-alone systems only

Windows NT has a C2 utility, it doesmany things, including disablingnetworking

Orange book levels


66/108


66

Orange book levels

A - Verified protectionA1 - Boeing SNS, Honeywell SCOMP

B - MAC

B1/B2/B3 -MVS w/ s, ACF2 or TopSecret,Trusted IRIX

C - DAC

C1/C2 -DEC VMS, NT, NetWare, Trusted Solaris D - Minimal security. Systems that have been evaluated, but

failed - PalmOS, MS-DOS, OS/2, NT

Problems with the Orange Book


67/108


67

Problems with the Orange Book

Based on an old model, Bell-LaPadula

Stand alone, no way to network systems

Systems take a long time (1-2 years) tocertify

Any changes (hot fixes, service packs,patches) break the certification

Has not adapted to changes in client-server and corporate computing

Certification is expensive Mostly not used outside of the

government sector

Red Book


68/108


68

Red Book

Used to extend the Orange Book tonetworks

Actually two works:

Trusted Network Interpretation of the TCSEC

(NCSC-TG-005) Trusted Network Interpretation Environments

Guideline: Guidance for Applying the TrustedNetwork Interpretation (NCSC-TG-011)


69/108



Techniques



70/108


70

q

Access Control Lists - a list containing users

permitted to resources or vice versa Elementary List - a short list of predefined access rights

Advanced List - access rights based within a registry thatpermits user-defined controls

Different operating systems have different ACL terms Types of access (Capabilities):

Read/Write/Create/Execute/Modify/Delete/Rename

ACL Types


71/108


71

yp

Menus and shells Database views

Physically constrained user interfaces -

restrict access by blocking direct accessto function

Capability tables - access to protectedresources granted if accessor possesses

authentication ticket

Mainframe ACL Sample 1


72/108


72

p

Mainframe Sample - 2


73/108


73

p

INFORMATION FOR DATASET ABCD.EFGHIJ.** (G)

...

ID ACCESS

-------- -------

USER1 READUSER2 UPDATE

GROUPB EXECUTE

ID ACCESS CLASS ENTITY NAME

-------- ------- -------- -------------------------

NO ENTRIES IN CONDITIONAL ACCESS LIST

Mainframe Sample # 3


74/108


74

p

ACCESSORID = XXXXXX NAME = SAMPLE USERXA DATASET = OPSG OWNER(DSN)ACCESS = ALL

XA DATASET = AABB. OWNER(DSN)ACCESS = READPRIVPGM = SAMPPROG

XA DATASET = CCDD.FFFF.YYYY OWNER(SYS)ACCESS = NONE

XA DATASET = EEE.GGGG OWNER(SYS)ACCESS = ALLACTION = AUDIT

St d d UNIX fil i i


75/108


75

Standard UNIX file permissions

Permissions Allowed action,if object is a file

Allowed action, ifobject is a directory

R (read) Read contents of the

file

List directory contents

X (execute) Execute the file,if a program

Search the directory

W (write) Change file contents Add, rename, create files& sub-directories

UNIX Sample


76/108


76

p

-rw-rw-r-- 1 user1 group1 852 Jul 17 2003 samplefile.txt

drwxrwxr-x 2 user1 group1 512 Apr 18 09:14 testdir

UNIX - recommendation


77/108


77

UNIX - Dont make a program run setuidto root if not needed. Rather, make filegroup-writable to some group and makethe program run setgidto that group,

rather than setuidto root Dont run insecure programs on the

firewall or other trusted host

Windows Sample


78/108


78


79/108



Administration, Auditing & Monitoring

Access Control Administration


80/108


80

Centralized - one location is responsiblefor access control

Advantages

Strict control and uniformity of access

Composite access view easier Disadvantages

central administration can be overloaded

More difficult to associate entitlements

with approvers

Access Control Administration


81/108


81

Decentralized - resource owners areresponsible for access control

Advantage

Access is granted by person accountable

(Approver) Disadvantages

Access combination conflicts,

Composite view of user access unavailable

Lack of access consistency More difficult to respond to external

regulators

Auditing and Monitoring


82/108


82

Organizations use two basic methods tomaintain operational assurance:

System audit - is a periodic event to evaluatesecurity

Monitoring - is an ongoing activity that checksuser and systems

Auditing


83/108


83

Periodic access reviews Data owners reviewand certify users who have access

Automated tools - program reviews system andreports vulnerabilities

Internal controls audit - auditor reviews andanalyzes controls

Security checklists - security plan used as asystem checklist

Penetration testing - attempt to break-in to

check controls

Periodic Access Reviews


84/108


84

Regular review of network andapplication user accounts against activeemployee termination lists to ensure thatonly active personnel have active

accounts. Regular review of user entitlements by

user managers and data/applicationowners to ensure that users only have

access necessary to do their job

Monitoring


85/108


85

IDS

Logs

Audit trails

Network tools Tivoli

Spectrum

OpenView

Monitoring


86/108


86

Intrusion Detection (IDS)

Techniques which attempt to detect computer andnetwork intrusion by logs or audit trail

Automated intrusion detection examines logs andcompares with expected user profile activity

Statistical intrusion detection monitors behavior and

maintains profiles, then compares logs mathematically

Rule based intrusion detection rules characterizeintrusions (i.e. generic or operating system specific),then compares logs against rule database

Audit Trails


87/108


87

An audit trail is a series of records on computer

events occurring within a system or application Keystroke monitoring - a record of keystroke

information entered by a system user

Event-oriented - contains records on system,

application, or user Benefits - individual accountability,

reconstruction of events, intrusion detection,and problem analysis

Issues - protection, periodic review, analysis of

data

Monitoring


88/108


88

Review of system logs - periodic review to

detect problems Automated tools - virus scanners, performance

monitor, password crackers, etc.

Configuration management - system changes

are reviewed Electronic news - incident response and alert e-

mail notices

Intrusion Detection Systems


89/108


89

IDS monitors system or network forattacks

IDS engine has a library and set ofsignatures that identify an attack

Adds defense in depth NIDS / HIDS

Should be used in conjunction with a

system scanner (CyberCop, ISS S3) formaximum security

Monitoring


90/108


90

Adaptive real-time anomaly detection inductively generated sequential patterns

sequential rules describe behavior

time-based inductive learning approach

time-based induction machine (TIM)

TIM observes temporal process

identifies patterns

set of hypotheses input episodes

user profile

Penetration Testing


91/108


91

Identifies weaknesses in Internet, Intranet,

Extranet, and RAS technologies Discovery and footprint analysis

Exploitation

Physical Security Assessment

Social Engineering

Attempt to ID vulnerabilities and gain access tocritical systems within organization

ID and recommends corrective action for the

systemic problems Assessments allow client to demonstrate the

need for additional security resources


92/108


Information System Controls


Banners


93/108


93

Banners display at login or connectionstating that the system is for theexclusive use of authorized users andthat their activity may be monitored

Not foolproof, but a good start, especiallyfrom a legal perspective

Make sure that the banner does notreveal system information, i.e., OS,version, hardware, etc.

Access Control Software


94/108


94

Software that automates informationsecurity functions on host computers

Features:

use password protection

log accesses user access controls

data access controls

flexible administration

Examples: RACF, ACF2, TOP SECRET, TivoliAccess Manager, RSA Access Manager,Windows GINA/Active Directory

RAS access control


95/108


95

RADIUS (Remote Authentication Dial-In User Service)

TACACS/TACACS+ (Terminal Access Controller Access

Control System)

Both defined in greater detail in Telecom and NetworkSecurity Module.

Kerberos


96/108


96

Part of MITs Project Athena Currently inver 5

Kerberos is an authentication protocolused for network wide authentication

All software must be kerberized Tickets, authenticators, key distributioncenter (KDC)

Divided into realms

Kerberos is the three-headed dog thatguards the entrance to Hades (this wontbe on the test)

l

Kerberos roles


97/108


97

KDC divided into Authentication Server &Ticket Granting Server (TGS)

Authentication Server - authenticates theidentities of entities on the network

TGS - Generates unique session keysbetween two parties. Parties then usethese session keys for message

encryption

C l

Kerberos authentication


98/108


98

User must have an account on the KDC

KDC must be a trusted server in a securedlocation Shares a DES key with each user When a user want to access a host or

application, they request a ticket from the KDC

User provides ticket and authenticator to theapplication, which processes them for validity andwill then grant access.

Requires synchronized time clocks Relies on UDP which is often blocked by many

firewalls

D i 1 A C l


99/108



Vulnerabilities & Attacks

D i 1 A C t l

Risk


100/108


100

Threat - an activity with the potential forcausing harm to an information system

Vulnerability - a flaw or weakness that mayallow harm to an information system

Impact - the harm that would be caused by anincident

Risk - is a combination of chance that threat willoccur and the severity of its impact

Exposure - a specific instance of weakness tolosses from a threat event

D i 1 A C t l

Vulnerabilities


101/108


101

Physical

Natural

Floods, earthquakes, terrorists, power outage,lightning

Hardware/Software

Media Corrupt electronic media, stolen disk drives

Emanation

Communications

Human

Social engineering, disgruntled staff

D i 1 A C t l

Attacks


102/108


102

Passive attack - Monitor network traffic and then use data

obtained or perform a replay attack. Hard to detect

Active attack - Attacker is actively trying to break-in.

Exploit system vulnerabilities

Spoofing

Crypto attacks

Denial of service (DoS) - Not so much an attempt to gainaccess, rather to prevent system operation

Smurf, SYN Flood, Ping of death

Mail bombs

D i 1 A C t l

Methods of Attack


103/108


103

Methods to bypass access controls andgain unauthorized access to information Brute force - persistent series of attacks,

trying multiple approaches, in an attempt tobreak into a computer system

Denial of service - overloading a systemthrough an online connection to force it toshutdown

Social Engineering - deception of systempersonnel in order to gain access

Spoofing - masquerading an ID or data togain access to data or a system

D i 1 A C t l

Password Attacks


104/108


104

Brute force

l0phtcrack

Dictionary

Crack

John the Ripper Trojan horse login program

D i 1 A C t l


105/108


Access Control Systems &Methodology

Protection


Object reuse


106/108


106

Must ensure that magnetic media must not have

any remnance of previous data Also applies to buffers, cache and other memoryallocation

Required at TCSEC B2/B3/A1 level

Secure Deletion of Data from Magnetic and Solid-State Memory, Peter Gutmann http://www.fish.com/security/secure_del.html

Documents recently declassified as to how 10-passwrites were recovered

Objects must be declassified Magnetic media must be degaussed or have secure

overwrites

Domain 1: Access ControlTEMPEST


107/108


107

Electromagnetic emanations from

keyboards, cables, printers, modems,monitors and all electronic equipment.With appropriate and sophisticated enoughequipment, data can be readable at a fewhundred yards.

TEMPEST certified equipment, whichencases the hardware into a tight, metal

construct, shields the electromagneticemanations



108/108


Rooms & buildings can be TEMPEST-certified TEMPEST hardware is extremely expensive

and can only be serviced by certifiedtechnicians

TEMPEST standards NACSEM 5100A NACSI5004 are classified documents

Date post:	14-Apr-2018
Category:	Documents
Upload:	tanmoy-mukherjee
View:	215 times
Download:	0 times