Access Control Systems

A means of ensuring a system’s C.I.A given the threats, vulnerabilities, & risks its infrastructure

Rationale Confidentiality

Info not disclosed to unauthorized persons or processes

Integrity Internal consistency External consistency

Availability Reliability Utility

Systems Complex

Interact with other systems

Have emergent properties that their designers did not intend

Have bugs

Systems & Security Usual coping mechanism is to ignore the

problem…WRONG

Security is system within larger system

Security theory vs security practice Real world systems do not lend themselves to

theoretical solutions Must look at entire system & how security

affects

The Landscape Secure from whom? Secure against what?

Never black & white Context matters more than

technology

Secure is meaningless out of context

Completely Secure Servers

Disconnect from Network Power Down Wipe & Degauss Memory & Harddrive Pulverize it to dust

Threat Modeling Risk management

Concepts in planning

Threat Potential to cause harm

Vulnerability Weakness or lack of safeguard that can

be exploited by threat Risk

Potential for loss or harm Probability that threat will materialize

Threats

Attacks are exceptions Digital Threats mirror Physical Will become more common, more

widespread, harder to catch due to: Automation Action at a Distance

Every two points are adjacent Technical Propagation

Threats All types of attackers All present some type of threat Impossible to anticipate

all attacks or all types of attackers or all avenues of attack

Point is not to prevent all but to “think about and analyze threats with greater depth and to take reasonable steps to prevent…”

Attacks Criminal

Fraud-prolific on the Internet Destructive, Intellectual Property Identity Theft, Brand Theft

Privacy: less and less available people do not own their own data Surveillance, Databases, Traffic Analysis Echelon, Carnivore

Publicity & Denial of Service Legal

Controls

Implemented to mitigate risk & reduce loss

Categories of controls Preventative Detective Corrective

Control Implementation types Administrative: polices, procedures,

security awareness training, background checks, vacation history review

Logical / Technical – encryption, smart cards, ACL

Physical – guards, locks, protection of transmission media, backup

Models for Controlling Access Control: Limiting access by a subject to an

object Categories of controls

Mandatory Access Control (MAC) Clearance, sensitivity of object, need to know Ex: Rule-based

Discretionary Access Control (DAC) Limited ability for Subject to allow access ACL, access control triple: user, program, object

or file Non-Discretionary Access Control

Central authority determines access

SELinux MAC Mandatory Access Control in kernel Implemented via:

type enforcement (domains) Role based access control

No user discretionary access control Each process, file, user, etc has a domain &

operations are limited within it Root user can be divided into roles also

Control Combinations

Preventative / Administrative Preventative / Technical Preventative / Physical

Detective / Administrative Detective / Technical Detective / Physical

Access Control Attacks DoS, DDos

Buffer Overflow, SYN Attack, Smurf Back door Spoofing Man-in-the-Middle Replay TCP Hijacking Software Exploitation: non up to date

software Trojan Horses

Social Engineering

Ex: emails or phone calls from “upper mgt or administrators” requesting passwords

Dumpster Diving Password guessing: L0phat Brute force Dictionary attack

System Scanning Collection of info about a system

What ports, what services running, what system software, what versions being used

Steps:1. Network Reconnaissance2. Gaining System Access3. Removing Evidence of attack

Prevention Watch for scans &/or access of common unused

ports

Penetration Testing

“Ethical hacking” Network-based IDS Host-based IDS Tests

Full knowledge, Partial knowledge, Zero knowledge

Open box – Closed box

Penetration Testing Steps

1. GET APPROVAL from upper mgt2. Discovery3. Enumeration of tests4. Vulnerability mapping5. Exploitation6. Reporting

Identification & Authentication

ID: subject professing who they are Auth: verification of ID

Three types of authentication Something you know Something you have Something you are Two-factor is way the best

Passwords Static Dynamic Passphrase

Dictionary words Alpha numeric special character Models for choosing

Rotation schedules for passwords

Biometrics

Fingerprint, palm, retina, iris, face, voice, handwritting, RFID, etc

Enrollment time (2 min) Throughput rate (10 subjects/min) Corpus: Collection of biometric data

Biometrics

False Rejection Rate (FRR) False Acceptance Rate (FAR) Crossover Error Rate (CER)

FAR FRR

CER

Single Sign On (SSO)

One id / password per session regardless of the # of systems used

Advantages Ease of use, Stronger passwords/biodata,

easier administration, lower use of resources

Disadvantages If access control is broken is a MUCH

bigger problem

SSO Example: Kerberos

1. User enters id/pass2. Client requests service3. Ticket is encrypted with servers

public key and sent to client4. Client sends ticket to server &

requests service5. Server respondsProblems: replay, compromised tickets

Access Control

Centralized Remote Authentication & Dial-In

(Wireless) User Service (RADIUS) Call back

De-centralized Relational Databases (can be both)

Relational concepts Security issues

Intrusion Detection Systems Network Based

Monitors Packets & headers SNORT Will not detect attacks same host attacks

Host based Monitors logs and system activity

Types Signature based (slow attacks problem) Statistical Anomaly Based

Other issues Costs Privacy Accountability Compensation for violations

Backups RAID (Redundant Array of Independent Disks) Fault tollerance Business Continuity Planning Insurance

References

Building Secure Linux Servers (0596002173)

Secrets and Lies ( 0471253111)