From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition ...
-
Upload
databaseguys -
Category
Documents
-
view
391 -
download
2
Transcript of From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition ...
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
1
IT 4823 – Information Security Administration
Chapter 4: Access Control, Part 1Summer 2006, Feibish
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
2
Access Control
This chapter presents the following: • Identification methods and technologies • Authentication methods, models, and technologies • Discretionary, mandatory, and nondiscretionary
models • Accountability, monitoring, and auditing practices • Emanation security and technologies • Intrusion detection systems • Possible threats to access control practices and
technologies
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
3
Overview
Definition: Access controls are security features that control how users and systems communicate and interact with other systems and resources.
They protect the systems and resources from unauthorized access and can be a component that participates in determining the level of authorization after an authentication procedure has successfully completed.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
4
Definitions
Access is the flow of information between a subject and an object
A subject is an active entity that requests access to an object or the data within an object.
An object is a passive entity that contains information. An object can be a computer, database, file, computer program, directory, or field contained in a table within a database
Access control is a broad term that covers several different types of mechanisms that enforce access control features on computer systems, networks, and information.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
5
Figure 4-1
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
6
Security Principles Availability
Fault tolerance, recovery, continuity, user productivity Information has various attributes, such as accuracy, relevance,
timeliness, and privacy.
Integrity Accurate, complete, and protected from unauthorized modification Illegitimate modifications must alert the user
Confidentiality information is not disclosed to unauthorized individuals, programs, or
processes. Some information is more sensitive than other information It is important for a company to identify the data that needs to be
classified, so that the company can ensure that a top priority of security protects this information and keeps it confidential.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
7
Identification, Authentication, and Authorization Identification describes a method of ensuring that a
subject (user, program, or process) is the entity it claims to be. Identification can be provided with the use of a
username or account number.
To be properly authenticated, the subject is usually required to provide a second piece to the credential set. This piece could be a password, passphrase,
cryptographic key, personal identification number (PIN), anatomical attribute, or token
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
8
Identification, Authentication, and Authorization Authentication
After authentication System checks some kind of access control matrix or
security labels If system determines authenticated subject may acces
the resource, it authorizes the subject.
Accountability Subject must be uniquely identified Subject’s actions must be recorded
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
9
Logical Access Controls
Def: tools used for identification, authentication, authorization, and accountability
May be embeded within OS, apps, add-on security packages, database, or telecommunication management systems.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
10
Fig 4-2: IAAA
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
11
Authentication
3 general factors: Something a person knows
Password, PIN, maiden name, combination, etc. Disadvantage: information can be lost/stolen
Something a person has Key, swipe card, access card, badge Disadvantage: token can be lsot or stolen
Something a person is Physical attribute (biometrics)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
12
Strong authentication
Also known as two-factor authentication
Must provide 2 of the 3 general categories of authentication
For example Password AND employee badge Key card AND fingerprint
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
13
Identification component requirements
When issuing identification values to users, the following should be in place:
Each value should be unique, for user accountability.
A standard naming scheme should be followed.
The value should be nondescriptive of the user’s position or tasks.
The value should not be shared between users.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
14
Identity management
Identity management is a broad term that encompasses the use of different products to identify, authenticate, and authorize users through automated means.
Should provide the following services: • User provisioning • Password synchronization and resetting • Self service for users on specific types of activities • Delegation of administrative tasks • Centralized auditing and reporting • Integrated workflow and increase in business productivity • Decrease in network access points • Regulatory compliance
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
15
Authentication Methods
Biometrics verifies an individual’s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identification.
False rejection is called a Type I error False acceptance is called a Type II error
Type II errors are the MOST DANGEROUS and must be avoided!
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
16
CER: Crossover Error Rate
Stated as a percentage Point at which false rejection = false acceptance The lower the CER, the better Used for comparing various biometric tools
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
17
Biometric: barriers to implementation
Most expensive method of verifying identity User acceptance Enrollment timeframe Throughput
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
18
Different types of biometric systems[Review from book] Fingerprint Palm Scan Hand Geometry Retina Scan Iris Scan Signature Dynamics Keyboard Dynamics Voice Print Facial Scan Hand Topography
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
19
Passwords
Should be strong and properly managed Generally considered one of the weakest
security mechanisms available (why?) Users typically don’t care – until there is a
problem Systems should enforce password policies
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
20
How are passwords attacked?
Electronic monitoring Access the password file Brute force attacks Dictionary attacks Social engineering
Protection mechanisms include password length, complexity, age, history, and clipping level
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
21
Protecting password
Password checkers (or crackers) – used by IT staff during a security audit
Password hashing/encryption – do not send cleartext password. (telnet? ftp? smtp? Syskey utility in Windows)
Aging, Limit logon attempts, etc.
Cognitive passwords Dynamic (one-time) passwords SecureID (proprietary, RSA Security Inc) Token Device
May be synchronous or asynchronous
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
22
Cryptographic keys
An alternative to passwords Private keys and digital signatures are more secure
than typical passwords Private key is held by owner Public key is provided to anyone without compromising
the associated private key Passphrase – string of characters longer than a
password. It is transforned into a virtual password. Memory Cards (for example, ATM stripe) Smart Card (contact or contactless)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
23
Smart Cards
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
24
Smart card attacks fault generation: intentional intruction of computational errors
to expose encryption keys Side-channel attacks are nonintrusive and are used to uncover
sensitive information about about how a component works without trying to compromise any type of flaw or weakness differential power analysis - examining the power
emissions that are released electromagnetic analysis examining the frequencies that
are emitted timing - how long a specific process takes to complete
Software attacks: input instructions into the card that will allow for the attacker to extract account information
Microprobing uses needles to remove the outer protective material on the card’s circuits, by using ultrasonic vibration. Once this is completed, then data can be accessed and manipulated by directly tapping into the card’s ROM chips
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
25
Authorization
Criteria: Roles (job function) Groups Physical or logical location Time of day (temporal isolatino) Transaction type
Know: Authorization Creep Why is this a problem?
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
26
Access Levels
Default to No Access Safest, default is always “no access”
Need to Know individuals should be given access only to the
information that they absolutely require in order to perform their job duties
Single sign-on (SSO) Single password for access to many systems Problem: interoperability
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
27
SSO
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
28
SSO Technologies
• Kerberos Authentication protocol that uses a KDC and tickets, and is based on symmetric key cryptography
• SESAME Authentication protocol that uses a PAS and PACs, and is based on symmetric and asymmetric cryptography
• Security domains Resources working under the same security policy and managed by the same group
• Thin clients Terminals that rely upon a central server for access control, processing, and storage
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
29
Access Control Models
An access control model is a framework that dictates how subjects access objects.
3 main types: Discretionary Mandatory Nondiscretionary (or role-based)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
30
Discretionary Access Control
A system that uses discretionary access control (DAC) enables the owner of the resource to specify which subjects can access specific resources.
This means that users are allowed to specify what type of access can occur to the objects they own.
Does not lend itself to a centrally controlled environment
Most of the operating systems that you may be used to dealing with are based on DAC models, such as all Windows, Linux, and Macintosh
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
31
Mandatory Access Control
The operating system makes the final decision and can override the users’ wishes
This model is much more structured and strict and is based on a security label system
Users are given a security clearance (secret, top secret, confidential, and so on), and data is classified in the same way.
The rules for how subjects access objects are made by the security officer, configured by the administrator, enforced by the operating system, and supported by security technologies.
Note: “Security Label” = “Sensitivity Label”
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
32
Role-Based Access Control
Centrally administrated set of controls to determine how subjects and objects interact
based on the role the user holds within the company
This means that if you are assigned only to the Contractor role in a company, there is nothing you can do about it.
Best for companies with high turnover
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
33
Access Control Models - review
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
34
Access Control Techniques/Technolgoies Once an organization determines what type
of access control model it is going to use,it needs to identify and refine its technologies and techniques to support the model.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
35
Rule-Based Access Control
uses specific rules that indicate what can and cannot happen between a subject and an object.
It is based on the simple concept of “if X then Y” programming rules, which can be used to provided finer-grained access control to resources.
Rule-based access control is not necessarily identity-based.
Traditionally, rule-based access control has been used in MAC
today, rule-based access is used in other types of systems and applications,as well. (firewalls)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
36
Constrained User Interfaces
Restrict users’ access abilities by not allowing them to request certain functions or information
3 types: Menus and shells Database views Physically constrained interfaces (provide
only certain keys, hiding buttons,etc)
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
37
Access Control Matrix
Table of subjects and objects indicating what actions individual subjects can take upon individual objects.
Usually an attribute of DAC models.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
38
Capability Table vs. ACL
A capability table is bound to a subject, whereas an ACL is bound to an object.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
39
Conent vs. Context dependent access control In Content-dependent access control, access to
objects is determined by the content within the object. Example: Content-dependent filtering is used when corporations
employ e-mail filters that look for specific strings, such as “confidential”, “social security number”, “top secret”, and any other types of words that the company deems unacceptable.
Context-dependent access control differs from content-dependent access control in that it makes access decisions based on the context of a collection of information rather than on the sensitivity of the data. Example: SPI firewall, SYN?ACK
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
40
Review: Access Control Techniques
• Access control matrix Table of subjects and objects that outlines their access relationships
• ACL Bound to an object and indicates what subjects can access it
• Capability table Bound to a subject and indicates what objects that subject can access
• Content-based access Bases access decisions on the sensitivity of the data, not solely on subject identity
• Context-based access Bases access decisions on the state of the situation, not solely on identity or content sensitivity
• Restricted interface Limits the user’s environment within the system, thus limiting access to objects
• Rule-based Restricts subjects’ access attempts by predefined rules
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
41
Next: Access Control Administration
Centralized vs. Decentralized
centralized access control administration: one entity (department or individual) is responsible for overseeing access to all corporate resources.
decentralized access control administration method gives control of access to the people closer to the resources—e.g. functional manager
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
42
Centralized Access Control
Consistent and uniform across organization Strict, but can be slow Uses AAA protocols – “authentication,
authorization, and auditing” RADIUS TACACS, TACACS+, XTACACS
Terminal Access Controller Access Control System
Diameter
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
43
Next…
We will look at the the technical details of these protocols and continue chapter 4.
From: Harris, Shon. All In One CISSP Exam Guide, 3rd Edition, McGraw-Hill, 2005.
44
Questions?