Chapter-1 Access Control Systems & Methodology

7/28/2019 Chapter-1 Access Control Systems & Methodology

1/105

Chapter-1 Access control Systems & Methodology

Page 1 of105

IDS :

Intrusion Detection Systems (IDS) :

An IDS gathers and analyses from within a computer or network, to identify the possibleviolations of security policy, including unauthorized access, as well as misuse.

An IDS also referred to as a packet-sniffer which intercepts packets travelling along variouscommunication mediums and protocols usually TCIP/IP.

The packets are analysed after they are captured. An IDS evaluates a suspected intrusion once it has taken place and signals an alaram.Three ways to detect an intrusion:

o Signature Recognition- it is also known as misuse detection. Signature recognitiontries to identify events that misuse a system.

o Anomaly detection:- it detects the intrusion based on the fixed behaviroalcharacterstics of the users and components in a computer system.

o Protocol Anomoly Detection: - in this type of detection, models are built on TCP/IPprotocols using their specfications.

Tripwire is a system integrity verifiers that monitors system files and detects changes by an intruder.


2/105


Page 2 of105


3/105


Page 3 of105


4/105


Page 4 of105


5/105


Page 5 of105


6/105


Page 6 of105

Honey pots , Padded Cells systems and Vulnerability analysis complement IDS to enhance an

organizations ability to detect intrusion.

Honey pot Systems : Event Triggers, Sensitive monitors, Event loggers.

IDS serve as monitoring mechanisms, watching activities, and making decisions about the whether

the observed events are suspicious.

Firewall serve as Barrier Mechanisms.

IDS look at security policy violations dynamically. IDS are analogous to security monitoring cameras.

Vulnerability analysis systems take a static view of symptoms.

IDS detected and reported : System scanning attacks, DOS attack, system Penetration attacks.

Honey pots and Padded Cells systems have Legal Implications.

Classification of IDS: Network-based IDS, Host-based IDS, Application- based IDS.

Signature-based IDS- is the primary technique used by commercial systems to analyse events to

detect attacks.


7/105


Page 7 of105

Anomaly-based IDS- the subject of much research and is used in a limited form by a number of IDS.

Firewalls are complement to IDS.

Respond is the most important part of IDS and containment. Reporting is the last step in the IDS and

containment process.

The process engine is the heart of the IDS.

A Mutation engine is used to proliferate polymorphic virus.

IDS and Firewall do INTERACT.

IDS detects a DOS attack.

A major issue with IDSFalse-positive notification with Anamoloy-based IDS.

IDS Can do Report alteration to data files, Trace user activity, interpret system logs and Recognize

a known type of attack.

Audit Trails : If audit trails have been designed and implemented to record appropriate information,

they can assist in IDS. Intrusions can be detected in real time, by examining audit records as they are

created or after the fact.

Access control techniques:


8/105


Page 8 of105


9/105


Page 9 of105


10/105


Page 10 of105


11/105


Page 11 of105

Role-based access control: Excessive turnover of employees.e.g. Bank Teller,doctor,nurse,

manager. Its an eg. of NON-DAC. It is based on job duties concept.


12/105


Page 12 of105

Rule-based access control: Rule-based and MAC are the same since they are based on

specific rules relating to the nature of the subject and object. It is based on access rules.

Discretionary Access Controls:


13/105


Page 13 of105

is a means of restricting access to objects based on the identity of subjects and/or groups to

which they belong. A DAC model uses access control matrix where it places the name of

users(subjects) in each row and the names of objects(file or programs) in each column of a

matrix. It treats users and owners are the same.

Access is based on the authorization granted to the user, It uses access control list, It uses grant andrevoke access to objects.

An access control matrix is placing the name of Users in each row and the names of ojbects

in each column.

Example of objects are : records, programs, pages, files, directories etc. An access control

matrix describes an association of objects and subjects for authentication of access rights.

Identity-based policy and User-directed policy are eg. DAC.

ACLs: ACLs techniques provide a straightforward way of granting and denying access to for

a specified user. An ACL is an object associated with a file and containing entries specifying

the access that individual users or groups of users have to the file.Access control list is most

commonly used in the implementation of an access control matrix.

Mandatory Access Controls :

A MAC restrict access to objects based on the sensitivity of the information contained in the

objects and the formal authorization(i.e.clearence) of ojbects to access information of such

sensitivity.it uses security labels. Simplest to amdiminster. A security label or access control

mechanism is supported by MAC.Security Labels are very strong form of access control.

e.g. Rule-based policy e.g. MAC.

Access Control Mechanisms:

Logical ( passwords and encryption)


14/105


Page 14 of105

Physical(keys and tokens) Administrative(forms and procedures) controls . Directive,preventive,detective,corrective and recovery controls are controls by action. Management , operational , and technical controls are controls by nature.

Non-DAC: Lattice security model is based on non-DAC.

Access to computer facilities and records is limited to authorized personnel on an as needed

basis.

Principle of Least Privilege: Appropriate Privileges.

Each user(subject) is granted the lowest clearance needed to perform authorized tasks.it most

closely linked to. Integrity.

Security features:

The granularity of privilege The time bounding of privilege Privilege inheritance

Consistent with the Principle of Least Privilege:

Re-authorization when employees change positions Users have little access to systems.

Users have significant access to systems.

Authorization creep: occurs when employees continue to maintain access rights for

previously held positions within an organization and it is a security vulnerability.

I&A techniques:


15/105


Page 15 of105

Password ManagementPreventive control.

A virtual password is a password computed from a passphrase that meets the requirements of

the password storage(e.g.56 bits for DES).

User IDs and Passwords are first line of defence against potential security threats ,risks orlosses to the network.

Use of login IDs and passwords is the most commonly used mechanism for providing static

verification of a user.

Using password advisors is the most effective method for password creation.

A more simple and basic login controls include : validating username and password.

Password secrecy cannot be tested with automated vulnerability testing tools.

Use randomly generated characters password selection procedure would be the most difficult

to remember.

Password can be stored in password file preferably encrypted.

Password sharing , password guessing and password capturing are the most commonly used

methods to gain unauthorized access..


16/105


Page 16 of105

Access Control Mechanisms:

Logical Access Control: e.g. Passwords, PINs and encryption.

Computer based access controls are called logical access controls. It helps to protect.

Availability- Operating system and other systems software from unauthorizedmodification or manipulation.(and there by help to ensure the systems integrity and

availability).

The integrity and availability of information by restricting the number of users andprocesses with access.

Confidential information from being disclosed to unauthorized individuals. Logical access control mechanisms rely on physical access controls- Application

system access controls, operating system access controls, Utility programs are heavily

dependent on logical access controls to protect against unauthorized access.

Physical Access Control:

Administrative Access control:


17/105


Page 17 of105

FAR/FRR/CERgood measure of performance of biometric-based identification and

authentication technique.Type-I error is false rejection and Type-II error is false acceptance

of imposters.

Kerberosidentification and authentication technique involves a ticket that is linked to a

userspassword to authenticate a system user. The Key-distribution-server is a major

vulnerability with Kerberos.56bit size.

Pre-authentication is required to thwart attacks against a Kerberos security server.

Kerberos uses a trusted third party, Kerberos is a credential-based authentication system,

Kerberos uses symmetric-key cryptography.

Kerberos is a(n): Ticket-oriented protection system.

A replay attackrefers to the recording and retransmission of message packets in the

network.it can be prevented by using packet time-stamping.

Kerberos can prevent playback(replay)attack.

Most to least protection against replay attacks:

Challenge response, one-time password, password and PIN, and Password only.Kerberos used : Managing encryption keys, Managing centralized access rights, Managing

access permissions.


18/105


Page 18 of105

Kerberos based authentication system would reduce the risk of impersonation in an

environment of networked computer systems.

Authentication services can best provided by Kerberos.(defacto standard)

Weakness of Kerberos:

Subject to dictionary attacks Every network application must be modified.

Strength of Kerberos:

Works with an existing security systems software Intercepting and analysing network traffic is difficult. The major advantage of a SSO- goes beyond convenience.

Secure RPC and SPX provides a robust authentication mechanism over distributed

environments.

SecureID: Is a token from RSA , inc.

Authentication mechanisms: what the user knows, what the user has, what the user is.


19/105


Page 19 of105

A more reliable authentication device is a : Smart card system.

An example of drawback of smart card includesA means of gaining unauthorized access.

Smart card: as a means of access control, as a medium for storing and carrying the

appropriate data , a means of access control and data storage.

Robust Authentication: is provided byKeberos , One-Time Passwords,Challenge-

response exchanges, Secure RPC and Digital Certificates.

Address-based access mechanisms : creates a security problem. It use IP source addresses,

wich are not secure and subject to IP address spoofing attacks. The IP address deals wih

Identification.

Location-based: where the user is authentication techniques is impossible to forge.it deals

with physical address.its used for continuous authentication.

Token-based: token as a means of identification and authentication.

Web-based access mechanisms:uses a secure protocols to accomplish authentication.

Password and PINs are vulnerable to guessing , interception, or brute force attack.


20/105


Page 20 of105

Biometrics can be vulnerable to interception and replay attacks.

Biometric system:

user identification and authentication techniques depend on reference profiles or templates.

Impersonation attacks involving the use of physical keys and biometric checks are less

likely due to the need for the network attacker to be physically near the biometric equipment.

Protective Measures is effective against multiple threats: Access Logs,Encryption,Audit

Trails.

Security mechanisms is least efficient and least effective: Recurring password.(weak securitymechanisms).

Cryptography authentication techniques require additional work in administering the security.

Access Controls:

Physical access controls:

Operating system access controls:

Communication system access controls:

Application system access control most specific.


21/105


Page 21 of105

There are trade-offs among controls. A security policy would be most useful in

Access versus confidentiality. Technical controls versus procedure controls.

Controlling access to the network is provided byIdentification and authentication pair ofhigh-level system services.

Authentication is a protection against fraudulent transactions:

The validity of message location being sent. The validity of workstations that sent the message. The validity of the message originator.

Identification techniques provide strong user authentication:

What the user is (PIN+combined with fingerprint) for high dollar transactions. What the user has(bank automated teller machine card) What the user knows

Access Control Models:

The ClarkWilson Security model :

providing data integrity for common commercial activities.

Separation of duties concept. An access triple subject, program and data.

Biba Security Model:


22/105


Page 22 of105

Integrity model in which no subject may depend on a less trusted object, including another subject.

Take-Grant Security: Access rights

Chinese Wall: Access control problem.

Bell-Lapadula model:

security clearance and sensitivity classification. It deals with *-Property (No-write down is

allowed).it addresses confidentiality by describing different security levels of security classifications


23/105


Page 23 of105

for documents. These classification levels from least sensitive to most insensitive , include

Unclassifed, confidential , secret and Top Secret.

Bell-Lapadula model and information flow models are used to protect the confidentiality of classified

information.


24/105


Page 24 of105


25/105


Page 25 of105


26/105


Page 26 of105

Access Control definitions:Access control mechanisms: Identification, authentication, authorization and accountability.

Authorization comes after authentications.

Static authentication: uses reusable passwords , which can be compromised by replay attacks.

Robust authentication : includes one-time passwords and digital signatures, which can becompromised by session hijacking.


27/105


Page 27 of105

Continuous authentication protects against impostors(active attacks) by applying a digital

signature algorithm to every bit of data that is sent from the claimant to the verifier. It

Prevents session hijacking.

Two-factor authentication: A two-factor authentication uses two different kinds of evidence. Foreg. , A challenge-response token card typically requires both physical possession of the

card(something you have , one factor) and a PIN(something you know, another factor).

Tokens and Firewalls: Token provides a strong authentication for centralized authentication servers

when used with firewalls. For basic authentication, User IDs, Password and account numbers are

used for internal authentication. Centralized authentication servers such as

RADIUS,TACACS/TACACS+ can be integrated with token-based authentication to enhance

administration security.

Accountability: The concept of individual accountability drives the need for many security

safeguards, such as unique (user) identifiers, audit trails and access authorization rules.Accountability means holding individual user responsible for their actions. Due to several problems

with passwords they are considered to be the least effective in exacting accountability. The most

effective controls for exacting accountability include a policy, authorization scheme, identification

and authentication controls, access controls, audit trails, and audtiting .

User Account Administration: An inherent risk is associated with logical access which is difficult to

prevent or mitigate but can be identified via a review of audit trails. The risk associated withMissed

authorized access. Properly authorized access , as well as misused authorized access, can use audit

trail analysis. While users cant be prevented from using resources to which they have legitimate

access authorization, audit trail analysis is used to examine their actions. Unauthorized access

attempts whether successful or not can be detected through the analysis of audit trails.

Many computer systems provide maintenance accounts. These special login accounts normally

preconfigured at the factory with preset, widely known weak passwords. It is critical to change these

passwords or otherwise disable the accounts until they are needed. If the account is to be used

remotely, authentication of the maintenance provider can be performed using call-back

confirmation. This helps ensure that remote diagnostic activities actually originate from an

established phone number at the vendor site. Other techniques can also help ,including encryption

and decryption of diagnostic communications, strong identification and authentication

techniques, such as smart tokens and remote disconnect verifications.

Access control Administration: The separation of duties principle , the least privilege principle;that is , users and processes in a system should have the least number of privileges and for the

minimal period of time necessary to perform their assigned tasks. The authority and capacity to

perform certain functions should be separated and delegated to different individuals. The principle is

often applied to split the authority to write and approve monetary transactions between two

people. It can also be applied to separate the authority to add users to a system and other system

administrator duties from the authority to assign passwords, conduct audits, and perform other

security administrator duties.

Penetration Tests:The correct sequence:

Inform the management about the test Develop a test plan


28/105


Page 28 of105

Conduct the test Report the test results.

In terms of IS security, a penetration is defined as Attacks plus breach.

Tiger Teams are NOT true:

They prove that a computer system is secure. They are substitute for methodical testing.

Tiger Teams are True :

They can be effective when insider work is suspected. They represent another independent attack on the system. If the system has not been thoroughly tested prior to tiger team testing , it is a waste of

effort and money because the approach will be effective.

The tiger team test will get the attention of management. It provides a second lines ofdefence.

Fraud:

Separation of duties, job rotation, and mandatory vacations are management controls that can

help in preventing fraud.

Separation of duties: The greatest control exposure in a microcomputer(PC) environment is

a Lack of separation of duties.

The objective of separation of duties is that: NO one person has complete control over a

transaction or an activity.


29/105


Page 29 of105

Program library controls allow only assigned programs to run in production and eliminate the

problem of test programs accidently entering the production environment. They also separate

production and testing data to ensure that no test data are used in normal production. This

practice is based on the Separation of duties principle.

Administrative Control: Lack of centralized function for PC acquisition, Lack ofcentralized function for PC disposition, Lack of distributed policies and procedure are

administrative control such as PC acquisition policies and procedures.


30/105


Page 30 of105


31/105


Page 31 of105


32/105


Page 32 of105


33/105


Page 33 of105


34/105


Page 34 of105


35/105


Page 35 of105


36/105


Page 36 of105


37/105


Page 37 of105


38/105


Page 38 of105


39/105


Page 39 of105


40/105


Page 40 of105


41/105


Page 41 of105


42/105


Page 42 of105


43/105


Page 43 of105


44/105


Page 44 of105


45/105


Page 45 of105


46/105


Page 46 of105


47/105


Page 47 of105


48/105


Page 48 of105


49/105


Page 49 of105


50/105


Page 50 of105


51/105


Page 51 of105


52/105


Page 52 of105


53/105


Page 53 of105


54/105


Page 54 of105


55/105


Page 55 of105


56/105


Page 56 of105


57/105


Page 57 of105


58/105


Page 58 of105


59/105


Page 59 of105


60/105


Page 60 of105


61/105


Page 61 of105


62/105


Page 62 of105


63/105


Page 63 of105


64/105


Page 64 of105


65/105


Page 65 of105


66/105


Page 66 of105


67/105


Page 67 of105


68/105


Page 68 of105


69/105


Page 69 of105


70/105


Page 70 of105


71/105


Page 71 of105


72/105


Page 72 of105


73/105


Page 73 of105


74/105


Page 74 of105


75/105


Page 75 of105


76/105


Page 76 of105


77/105


Page 77 of105


78/105


Page 78 of105


79/105


Page 79 of105


80/105


Page 80 of105


81/105


Page 81 of105


82/105


Page 82 of105


83/105


Page 83 of105


84/105


Page 84 of105


85/105


Page 85 of105


86/105


Page 86 of105


87/105


Page 87 of105


88/105


Page 88 of105


89/105


Page 89 of105


90/105


Page 90 of105


91/105


Page 91 of105


92/105


Page 92 of105


93/105


Page 93 of105


94/105


Page 94 of105


95/105


Page 95 of105


96/105


Page 96 of105


97/105


Page 97 of105


98/105


Page 98 of105


99/105


Page 99 of105


100/105


Page 100 of105


101/105


Page 101 of105


102/105


Page 102 of105


103/105


Page 103 of105


104/105


Page 104 of105


105/105


Chapter-1 Access Control Systems & Methodology

Documents

Transcript of Chapter-1 Access Control Systems & Methodology