Access control
1 / 151

ACCESS CONTROL - PowerPoint PPT Presentation

  • Uploaded on

ACCESS CONTROL . The most fundamental element of information security is to ensure that only those who have a specific need for an asset, combined with specific authoritative permission, will be able to access that asset. CISSP Expectations.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' ACCESS CONTROL ' - yachi

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Access control

  • The most fundamental element of information security is to ensure that only those who have a specific need for an asset, combined with specific authoritative permission, will be able to access that asset.

Cissp expectations
CISSP Expectations

  • Access control is the process of allowing only authorized users, programs or other computer systems to observe, modify, or otherwise take possession of the resources of a computer system. It is also a mechanism for limiting the use of some resources to authorized users.

Key access control concepts
Key Access Control Concepts

  • Joining C-I-A

    • Confidentiality, integrity, availability

  • Determining a Default Stance

  • Defense in Depth

  • Access Control---A general process

Access control encompasses all operation levels of an organization
Access control encompasses all operation levels of an organization:

  • Facilities:

  • Support Systems: Power, heating, ventilation, HVAC)

  • Information Systems:

  • Personnel: All users should be subject to some form of access control to ensure the wrong people don’t interfere with the right people.

Ac enables management to
AC enables management to: organization:

  • Specify:

    • Which users can access a system

    • What resources those users can access

    • What operations those users can perform

    • Enforce accountability

Ac addresses the cia triad
AC addresses the CIA triad organization:

  • Confidentiality: Managing access is fundamental to preventing exposure of data by controlling who can see, use, modify, or destroy.

  • Integrity: Preventing unauthorized access promotes greater confidence in data and system integrity.

  • Availability: Restricting access reduces the likelihood of damage and loss of use.

Default stance
Default Stance organization:

  • Allow-by-default

  • Deny-by-default

Defense in depth
Defense in Depth organization:

  • The practice of applying multiple layers of security protection between an information resource and the potential attacker. P. 7

Ac a general process
AC: A General Process organization:

  • Many different approaches, however there is a very general approach that is applicable to almost every situation.

  • 3 step process:

    • Defining resources

    • Determining users

    • Specify the user’s use of the resource

Defining resources
Defining resources organization:

  • What are we trying to protect?

  • How each resource may be accessed?

  • Bind a user, group or entity to a resource

  • Every resource is an asset that must be afforded protection. Don’t forget printers, faxes, etc.

Determining users
Determining users organization:

  • Need a clear understanding of the needs of the user and the level of trust given to the person or entity

  • An identification process must exist that takes into consideration the validity of the access need in the light of business needs, organizational policy, legal requirements, information sensitivity and security risk.

Specifying use
Specifying Use: organization:

  • The AC process must specify the level of use for a given resource and the permitted user actions on that resource. Example P. 11

Access control principles
Access Control Principles organization:

  • Access Control Policy

  • Separation of duties

  • Least Privilege

  • Need to Know

  • Compartmentalization

  • Security Domain

Ac policy
AC Policy organization:

  • Specifies the guidelines for how users are identified and authenticated and the level of access granted to resources.

  • The absence of a policy will result in inconsistencies in provisioning, management, and administration of AC.

  • Provides the framework for definition of necessary procedures, guidelines, standards, and best practices.

Separation of duties
Separation of Duties organization:

  • Objective: Prevent fraud and errors

  • Achieved by distributing the tasks & privileges for a specific process.

  • The person who requests the expenditure should not be allowed to approve the expenditure.

  • Another example P.12

Determining applicability of separation of duties 1
Determining Applicability of Separation of Duties (1) organization:

  • 1st Action: Defining individual elements of a process

    • Determine element sensitivity

    • What elements of the process lend themselves to distribution. P.12

Determining applicability of separation of duties continued
Determining Applicability of Separation of Duties (Continued)

  • 2nd Action: Understand what elements within a function are prone to abuse, which ones are easily segmented without significantly disrupting operations, and what skills are available.

  • Determine:

    • Element identification, importance, and criticality

    • Operational considerations

    • User Skills & availability

Determining applicability of separation of duties continued1
Determining Applicability of Separation of Duties Continued (Continued)

  • Element identification, importance, and criticality

    • Elements within function known as milestone elements

    • If elements within function don’t offer clear point of segmentation, may need to incorporate a new milestone element as a validation & approval point within function

Determining applicability of separation of duties continued2
Determining Applicability of Separation of Duties (Continued)

  • Operational considerations

    • Balancing the impact of the function and its role in the business. Ensure that the separation of duties doesn’t hinder the process and make it prone to circumvention.

    • Weigh the cost of implementation against the overall risk the process represents and whether the benefits of separation outweigh the time & effort costs.

Determining applicability of separation of duties continued3
Determining Applicability of Separation of Duties (Continued)

  • User Skills & availability

    • Is there enough skilled personnel to perform the separation of duty elements.

Least privilege
Least Privilege (Continued)

  • Requires that a user or process be given no more access privilege than necessary to perform a job, task, or function.

Need to know
Need to Know (Continued)

  • A companion to “least privilege”.

  • requires a person requesting information to establish the need to know such information in terms of the pertinent mission.

  • if information is given to people on a need-to-know basis, they are given only the details that they need at the time when they need it

Security domain
Security Domain (Continued)

  • An area where common process and security controls are groups together

  • Example: All systems and users managing financial information might be separated into their own security domain

  • Based on trust between resources in systems that share a single security policy and single management structure. P.16

Information classification
Information Classification (Continued)

  • Fundamental Information Classification questions

  • Benefits

  • Establishing a Information Classification Program

  • Labeling & Marking

  • Information Classification Assurance

Purpose of information classification
Purpose of Information Classification (Continued)

  • Group an organizations information assets by levels of sensitivity and criticality. Once this is accomplished then the appropriate level of protection controls is assigned to each asset in accordance to its classification.

Fundamental information classification questions
Fundamental Information Classification questions (Continued)

  • Where is the organization’s information?

  • How should the information be handled and protected?

  • Who should have access to it?

  • Who owns the information?

  • Who makes the decisions around these parameters?

Benefits of information classification
Benefits of Information Classification (Continued)

  • Establishes information ownership. This increases the likelihood that it will be used in the proper context and access will be properly authorized.

  • Increases C-I-A by focusing the limited security funds on the resources requiring the highest level of protection and providing lesser controls for the information with less risk of loss.

Benefits of information classification continued
Benefits of Information Classification Continued (Continued)

  • Increases knowledge and security awareness.

  • Allows for a greater understanding of the value of the information to be protected and provides a clearer direction for the handling of sensitive information.

  • Operational benefits, critical information can be identified to support COOP.

Labeling marking
Labeling & Marking (Continued)

  • Provides the ability to manage the information within the media with the appropriate controls.

Information classification assurance
Information Classification Assurance (Continued)

  • Periodically testing

  • Random desk checks

Access control requirements
Access Control Requirements (Continued)

  • Reliability

  • Transparency

  • Integrity

  • Maintainability

  • Authentication

  • Auditability

Access control categories
Access Control Categories (Continued)

  • Directive

  • Deterrent

  • Preventive

  • Compensating

  • Detective

  • Corrective

  • Recovery

Access control categories continued
Access Control Categories Continued (Continued)

  • Directive

    • Controls designed to specify acceptable rules of behavior within an organization, sometimes called administrative controls.

    • Policies, procedures, standards, guidelines,

Deterrent controls
Deterrent Controls (Continued)

  • Designed to prevent specific actions by influencing choices of would-be intruders

  • Does not prevent or even record events

    • Signs

    • Guards, guard dogs

    • Razor wire

Preventive controls
Preventive Controls (Continued)

  • Block or control specific events

    • Firewalls

    • Anti-virus software

    • Encryption

    • Key card systems

    • Fencing

    • Bollards

    • Crash guards

Compensating controls
Compensating Controls (Continued)

  • Control that is introduced that compensates for the absence or failure of a control

  • “Compensating” refers to why it is implemented

    • Can be detective, preventive, deterrent, administrative

  • Examples

    • Daily monitoring of anti-virus console

    • Monthly review of administrative logins

Detective controls
Detective Controls (Continued)

  • Monitor and record specific types of events

  • Does not stop or directly influence events

    • Video surveillance

    • Audit logs

    • Event logs

    • Intrusion detection system

Corrective controls
Corrective Controls (Continued)

  • Post-event controls to prevent recurrence

  • “Corrective” refers to when it is implemented

    • Can be preventive, detective, deterrent, administrative

  • Examples

    • Spam filter

    • Anti-virus on e-mail server

    • WPA Wi-Fi encryption

Recovery controls
Recovery Controls (Continued)

  • Post-incident controls to recover systems

  • “Recovery” refers to when it is implemented

    • Can be detective, preventive, deterrent, administrative

  • Examples

    • System restoration

    • Database restoration

Access control types
Access Control Types (Continued)

  • Access control categories classify different access control methods based upon where they fall within the Access Control Time Continuum. F. 1.7 P. 35

Types of controls
Types of Controls (Continued)

  • Administrative

    • Policy, procedures, standards

  • Technical

    • Authentication, encryption, firewalls, anti-virus

  • Physical

    • Key card entry, fencing, video surveillance

Administrative controls
Administrative Controls (Continued)

  • Represent all actions, policies, processes, and management of the control system

    • Operational policies & procedures P.36

    • Personnel security, evaluation, & clearances P.40

    • Monitoring P.42

    • User Access Management P.43

    • Privilege Management (rights within your access) P.44

Technical logical controls
Technical (Logical) Controls (Continued)

  • Electronic, digital, & automated controls which enforce the organizations policies.

    • Network access

    • Remote access

    • Application access

    • Malware control

    • Encryption

Physical controls
Physical Controls (Continued)

  • Controls that protect the physical environment and people.

    • Locks

    • Guards

    • Fences

    • Cameras

    • Fire management, gates

System access control strategies
System Access Control Strategies (Continued)

  • Identification, authentication, authorization

  • Access control services

  • Identity Management

  • Access control technologies

System ac strategies continued
System AC Strategies continued (Continued)

  • Identification: The act of designating a known quantity.

  • Authentication: The process of verifying the identity of a user.

  • Authorization: Defining the specific resources of an authenticated user.

Identification (Continued)

  • User name

  • User ID

  • Personal Identification Number (PIN)

  • Identification badges

Problems with id badges
Problems with ID Badges (Continued)

  • Credential badges

    • Security doesn’t always check

  • Access badges

    • Not physically with a specific person, people can share

User id
User ID (Continued)

  • User ID

  • PIN

  • MAC address

  • IP address

  • RFID (Small tag (like UPC code)

    • Privacy concerns

  • Email address

User id guidelines
User ID Guidelines (Continued)

  • 3 components:

    • Uniqueness,

    • Non-descriptiveness

    • Secure issuance

      • An organization must establish a secure process for issuing IDs, including the proper documentation and approval for ID requests.

Authentication methods
Authentication Methods (Continued)

  • 3 fundamental types known as factors:

    • Factor 1 something a person knows

    • Factor 2 something a person has

    • Factor 3 something a person is

  • New possible 4th factor is:

    • Somewhere you are

Passwords (Continued)

  • Standard words

  • Combination passwords

  • Complex passwords

  • Passphrase

  • Confidentiality of passwords (encryption)

Hashing one way function
Hashing (one-way function) (Continued)

  • A hash function takes an arbitrary amount of data as input and through the use of a mathematical algorithm will produce a unique, fixed-length representation of the data as output.

  • Cracking programs can hash different passwords until a match is found.

Graphical passwords
Graphical passwords (Continued)

  • Used to fight keyboard loggers

  • Using a graphical keyboard, the user clicks on the appropriate keys on the keyboard image to simulate the entry of a the password.

Authentication by possession methods
Authentication by possession methods (Continued)

  • Asynchronous P. 63

  • Synchronous P. 64

Static authentication devices
Static Authentication Devices (Continued)

  • Physical devices

  • 2 forms Memory & Smart Cards

    • Primary difference is processing power. Smart cards have it Memory cards don’t.

Memory cards
Memory Cards (Continued)

  • No processing power, just hold information

  • User enters PIN & swipes card, card reader authenticates and user can enter.

  • Weakness: data not protected, no encryption.

Smart cards
Smart Cards (Continued)

  • Semiconductor chip that accepts, stores & sends information.

  • Can hold more data. Small apps can be stored in memory.

  • International Organ for Standardization uses the term integrated circuit card (ICC).

  • Can be used with PKI

Smart cards continued
Smart cards continued (Continued)

  • Common uses

    • Secure log-on

    • Secure email/digital signatures

    • Secure Web access/remote access

    • VPNs

    • H/D encryption

Smart cards continued1
Smart cards continued (Continued)

  • Advantages:

    • Log-in process is done by the reader, therefore the identifier & password are not exposed to attackers while in transit to the host

    • Short trusted path

      • Trusted path is a communications channel through which all information passing through is considered secure. The shorter the path the better.

Smart cards continued2
Smart Cards continued (Continued)

  • Different types of smart card memory. Page 67

  • 2 types of smart cards, contact & contactless

Authenticate by biometrics
Authenticate by Biometrics (Continued)

  • 2 types, physiological

    • Finger print, Hand Geometry, Face , Eyes (retina & iris)

  • Behavioral

    • Voice patterns, Keystroke dynamics, Signature dynamics

Biometric accuracy
Biometric Accuracy (Continued)

  • Temperature, humidity, pressure, medical & mental condition of the individual can cause significant physiological changes to the body that the measurement process must try and cope with.

3 categories of biometric accuracy measurement
3 categories of biometric accuracy measurement: (Continued)

  • False reject rate (a Type 1 Error): When an authorized users are falsely rejected as unidentified or unverified.

  • False accept rate (a Type 2 Error): When an unauthorized user or imposter are falsely accepted as authentic.

  • Crossover Error Rate (CER): The point at which the false rejection rates and the false acceptance rate are equal. The smaller the value of CER, the more accurate the system. P. 74

Determining the correct biometric measurement
Determining the correct Biometric measurement (Continued)

  • The lower the sensitivity, the more prone to type 2 errors.

  • The higher the sensitivity, the more prone to type 1 errors.

  • The lower the intersection point the more accurate the system overall.

  • The correct measure rate is dependent upon what is appropriate to the application & the desired acceptable risk for the organization.

Biometric considerations
Biometric Considerations (Continued)

  • Resistance to counterfeiting P.75

  • Data storage requirements P.76

  • User acceptance P.76

  • Reliability, accuracy & speed P.76 -77

  • Target user & approach P.78

Accountability (Continued)

  • The ability of the organization to hold people accountable. A/C & their associated audit trails can provide evidence to prove or disprove a users involvement in a given event.

  • A comprehensive A/C program will include monitoring & secure logging of identification, authentication, and authorization process.

Logging best practices
Logging Best Practices (Continued)

  • Control the flow of data

  • Do not allow rollover of data

  • Evaluate & implement auditing

  • Establish log review process

  • Train personnel

  • Protect the audit logs

5 fundamental audit event types
5 Fundamental Audit Event types (Continued)

  • Network events

  • System events

  • Application events

  • User activities

  • Keystroke activities

  • P 81-82

Vulnerability assessment
Vulnerability assessment (Continued)

  • The use of various tools & analysis methodologies to determine where a particular system or process may be susceptible to attack.

Vulnerability assessment process
Vulnerability assessment process (Continued)

  • Obtain a good understanding of system

    • Assist in determining the overall risk of any discovered vulnerabilities

  • Discuss threat & vulnerabilities with business owner & other stake holders

    • They are the closest to both the system & business landscape. Also builds a partnership.

Vulnerability assessment process continued
Vulnerability assessment process Continued (Continued)

  • Examine existing controls

  • Compare existing controls against know threats

  • Run tools to find other vulnerabilities

  • Examine results for accuracy

  • Combine results with information from business owners

  • Discuss findings with B/O to determine the appropriate course of remediation.

  • Remediations should be based upon the criticality of each reported vulnerability

Penetration testing
Penetration Testing (Continued)

  • Use of exploitive techniques to determine the level of risk associated with a vulnerability or collection of vulnerabilities in an application or system.

Penetration test strategies
Penetration Test Strategies (Continued)

  • Establish the rules of engagement

    • External testing

      • Can you penetrate

    • Internal testing

      • What damage can be done

Pen testing rules of engagement continued
Pen Testing (Rules of engagement, continued) (Continued)

  • Blind testing

    • Limited information is provided, publicly available information. Time consuming & expensive

  • Double –blind testing

    • No information is provided. Not only test strength of controls but also security monitoring & incident identification & response.

  • Target testing (lights on)

    • IT & tester team is provided all information. Maybe more cost effective and less time consuming.

Pen testing rules of engagement continued1
Pen Testing (Rules of engagement, continued (Continued)

  • 3 basic categories of pen testing

    • Zero knowledge

    • Partial knowledge

      • High level public information is provided

    • Full knowledge

      • Every possible piece of information is provided. Focus is on what can be done. Appropriate for internal testing.

Pen testing rules of engagement continued2
Pen Testing (Rules of engagement, continued) (Continued)

  • Determine area to be tested

  • Application testing

    • Test information flow, encryption, input & can user harm system or data, and wide range of common attacks to gauge level of resistance.

  • DoS testing

  • War dialing

  • Wireless Network testing

  • Social Engineering

  • PBX & IP Telephone Testing

  • VOIP testing

Pen testing methodology
Pen Testing Methodology (Continued)

  • Recon

    • Identify & document information about the target

  • Enumeration

    • Gain more information with intrusive methods (network or vulnerability discovery, ping, port scan)

  • Vulnerability analysis

    • Map the environment profile to known vulnerabilities, analyze data.

  • Execution

    • Attempt to gain user & privileged access

  • Document findings

    • Document the results of the test

Pen testing methodology continued
Pen Testing Methodology continued (Continued)

  • Attack process

    • Multiple threads and groups of test scenarios

    • A thread is a collection of tasks to achieve attack goal

    • Each test is evaluated at multiple points to ensure expected outcome is met

    • Each divergence is appraised to make 2 fundamental determinations

      • Is the objective being met

      • Is the system reacting in an unexpected manner which is having an impact on the test

Pen testing methodology continued1
Pen Testing Methodology continued (Continued)

  • Document findings

  • Vulnerabilities discover in the target systems

  • Gaps in security measures

  • Intrusion detection and response capabilities

  • Observation of log activity & analysis

  • Suggested countermeasures

Identity management
Identity Management (Continued)

  • Set of technologies which addresses all aspects of controlling access, with a focus on centralized management.

  • Must efficiently manage multiple independent access control systems often per application, list is on P. 93

  • Assist organization with meeting expanding laws & regulations

  • Allows organization to segment various user populations and assign appropriate type and level of access to each group

  • Allows for tight control over access while also allowing for granularity and flexibility in managing such access.

Identity management1
Identity Management (Continued)

  • One primary task is the need to provision, maintain, and manage user IDs.

  • Must account for the granting, and revocation of access rights as the user goes through the natural life cycle

  • System must be efficient, the goal is to consolidate access rights into an easily managed record of identity and access for each user.

  • System must be timely

Challenges to id management
Challenges to ID Management (Continued)

  • Backlogs of requests for access

  • Cumbersome policies

  • Incomplete Request forms

  • Number (systems) of resources growing

  • Audit trails improperly (or not) maintained

  • Departed employees still in system

  • Senior management often bypass the process

Identity management system requirements
Identity Management system requirements (Continued)

  • Consistency

  • Usability

  • Reliability

  • Scalability

  • P. 95

Centralized identity management
Centralized Identity Management (Continued)

  • One entity (person, a department or management system) manages the service for the entire organization. That entity sets all policies, standards, and operational parameters.

  • Promotes consistency; changes can be distributed quickly and uniformly to all points limiting the risk of exposure when a user is removed from 1 part of the system but removal from another is delayed.

  • Examples: RADIUS, TACACS+ P. 97

  • Drawback: difficult or impossible for a large organization to operate a centralized system on the scale required.

Decentralized identity management
Decentralized Identity Management (Continued)

  • ID management, authentication & authorization decisions are spread throughout the environment to local organizations.

  • Benefit: allows access decisions to be made by the people closest to the assets, who can better address local policies and requirements

  • Drawback: harder to enforce enterprise-wide policies and standards. Unless a clear policy and process defines who has ultimate responsibility, a decentralized system can quickly lead to inconsistency across the organization.

  • May be more expensive because multiple systems and technology

  • There may also be overlapping or conflicting rights between entities which could expose gaps in security

Access control technologies
Access Control Technologies (Continued)

  • Password management

  • Account management

  • Profile management

  • Directory management

  • Single Sign-on

Password management
Password management (Continued)

  • Designed to manage password complexity and requirements consistently across the enterprise. Achieved by a central tool synchronizing passwords across multiple systems.

  • Also assist users with resetting passwords

Account management
Account management (Continued)

  • Designed to streamline the administration of user identity across multiple systems. Includes the creation, modification and decommissioning of user accounts.

  • Normally includes one or more of these technologies, P. 101

  • Obstacles to full scale deployment are: time, cost & interface issues

Profile management
Profile management (Continued)

  • Profiles are a collection of information associated with a particular identity or group.

  • In addition to user ID and password may include personal information.

  • May contain information about privileges and rights

Directory management
Directory Management (Continued)

  • Comprehensive database designed to centralize the management of data about an assortment of company entities. Such as a hierarchy of objects storing information about users, groups, systems, servers, printers. Etc.

  • Stored on 1 or more servers to ensure scalability and availability.

  • Benefit: provides a centralized collection of user data that can be used by many applications to avoid duplication.

  • Benefit: Using directories it is possible to configure several applications to share data.

  • Drawback: Integration with legacy systems

3 main directory technologies
3 Main Directory Technologies (Continued)

  • X.500

  • LDAP

  • X.400

X 500
X.500 (Continued)

  • Set of communication protocols by International Telecommunication Union (ITU-T) aka ISO/IEC 9594

  • Designed to facilitate a standard method of developing electronic directories for use over telecommunication networks.

  • Designed to work with OSI model, however will work with TCP/IP

  • Organized in a hierarchical database

  • Key field is called the distinguished name (DN). DN provides the full path where a particular entry is found.

  • Supports the concept of a relative distinguished name (RDN). RDN provides the name of a specific entry with the full path component attached.

X 500 consists of
X.500 consists of: (Continued)

  • The directory access protocol (DAP). This is the primary protocol for access information in an X.500 directory.

  • The directory system protocol (DSP)

  • The directory information shadowing protocol (DISP)

  • The directory operational bindings management protocol (DOP)

Lightweight directory access protocol ldap
Lightweight directory Access Protocol (LDAP) (Continued)

  • Suite of protocols for managing directory information.

  • Simpler than X.500

  • Organized in a hierarchical database

  • Supports DN & RDN concepts.

  • DN attributes are based on an entity's DNS name

  • Each entry has a name/value pair to denote various attributes associated with each entry.

  • Common attributes are:

  • DN: distinguished name

  • CN: common name

  • DC domain name

  • OU: organizational unit

Lightweight directory access protocol ldap1
Lightweight directory Access Protocol (LDAP) (Continued)

  • Operates in a client/server environment

  • Typically runs over unsecured network using TCP port 389

  • V. 3 supports TLS to encrypt communications or SSL via TCP port 636 if security is required.

Active directory
Active Directory (Continued)

  • A Microsoft implementation of LDAP

  • Provides central authentication & authorization

  • Enforces organization security in a uniform and highly auditable manner

  • AD uses LDAP for its naming structure

  • Uses a hierarchical framework

  • Directories are organized into forests and trees

    • Forests is a collection of all objects & their associated attributes and trees are logical groups of 1 or more AD security domain within a forest

  • Domains are identified by their DNS name

  • Objects in a AD database are grouped by Organization Units (OUs)

X 400
X.400 (Continued)

  • Supports message transfer & message storage

  • Addresses consist of a series of name/value pairs separated by a :

  • Typical address specifications include:

  • O (organizational name)

  • OU (organizational unit name)

  • G(Given name)

  • I (Initial)

  • S (Surname)

  • C (country name)

  • Has largely been supplanted by SMTP base e-mail systems.

Single sign on
Single Sign-on (Continued)

  • A unified login for 1 or more systems

  • Aka Federated ID management

  • Stores credentials for 1 or more systems

  • Approach to Legacy systems is

    • SSO opens the legacy app & sends the appropriate keystrokes simulating the user

  • Limitations for legacy systems

    • Password changes aren’t synchronized

  • SSO advantages P. 106-107

  • Disadvantages:

    • Cost

    • Single point of failure

    • If users SSO password is cracked, they have it all

    • Inclusion of unique systems

Script based sso
Script-based SSO (Continued)

  • In-house solution for highly customized shop

  • Log-in Scripts for every app & user are developed

  • Scripts manage all logon & authentication interaction on behalf of the user.

  • Disadvantage: cost of development and maintenance

Kerberos (Continued)

  • Designed to provide strong authentication for client/server applications by using secret key cryptography.

  • Provides authentication, authorization and auditing.

  • Primary goal is to provide private communications between systems on a network.

  • In managing the encryption keys it acts to authenticate each of the principles in the communication based upon possession of the secret key which allows access to the session key.

Kerberos 4 basic requirements
Kerberos 4 basic requirements (Continued)

  • Security

    • against attacks by passive eavesdroppers and actively malicious users

  • Reliability

    • Resources must be available when needed

  • Transparency

    • Users shouldn’t notice authentication taking place

  • Scalability

    • Large number of users and servers

XYZ Service (Continued)

Kerberos process







Think “Kerberos Server” and don’t let yourself get mired in terminology.








XYZ Service (Continued)







Represents something requiring Kerberos authentication (web server, ftp server, ssh server, etc…)








Key (Continued)









XYZ Service

“I’d like to be allowed to get tickets from the Ticket Granting Server, please.





Key (Continued)









XYZ Service

“Okay. I locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.”





Key (Continued)










XYZ Service






TGT (Continued)

Because Susan was able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a shiny “Ticket-Granting Ticket”.

The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication.

The TGT contains no password information.

Key (Continued)











XYZ Service

“Let me prove I am Susan to XYZ Service.

Here’s a copy of my TGT!”




use XYZ


Key (Continued)










XYZ Service

Hey XYZ:

Susan is Susan.


You’re Susan.

Here, take this.





Key (Continued)










XYZ Service

I’m Susan. I’ll prove it. Here’s a copy of my legit service ticket for XYZ.

Hey XYZ:

Susan is Susan.






Key (Continued)










That’s Susan alright. Let me determine if she is authorized to use me.

XYZ Service

Hey XYZ:

Susan is Susan.


Hey XYZ:

Susan is Susan.






Authorization checks are performed by the XYZ service… (Continued)

Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service.

One remaining note: (Continued)

Tickets (your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable.

Until a ticket’s expiration, it may be used repeatedly.

Key (Continued)










XYZ Service

ME AGAIN! I’ll prove it. Here’s another copy of my legit service ticket for XYZ.

Hey XYZ:

Susan is Susan.


Hey XYZ:

Susan is Susan.





use XYZ


Key (Continued)










That’s Susan… again. Let me determine if she is authorized to use me.

XYZ Service

Hey XYZ:

Susan is Susan.


Hey XYZ:

Susan is Susan.






Disadvantages of kerberos
Disadvantages of Kerberos (Continued)

  • The entire system depends on the KDC so it must be physically secured and hardened.

  • KDC is a single point of failure

  • Length of the keys is important, can’t be to short or to long

  • Must embed Kerberos system calls in each application.

Secure european system for applications in a multi vendor environment sesame
Secure European System for Applications in a Multi-Vendor Environment (SESAME)

  • An extension of Kerberos that was designed to address 2 Kerberos weaknesses:

    • Kerberos scalability limitations due to the need to manage symmetric keys. The more keys the more complexity in managing the keys.

    • As the need for Kerberos to store user privilege information increases, the need to for that information to be located on each server the user accesses increases.

Secure european system for applications in a multi vendor environment sesame1
Secure European System for Applications in a Multi-Vendor Environment (SESAME)

  • It overcomes these 2 weaknesses by:

    • Offering SSO with distributed access control. This alleviates the need to replicate authentication data between servers.

    • And using symmetric & asymmetric cryptographic technologies which alleviates the key management issues

Secure european system for applications in a multi vendor environment sesame2
Secure European System for Applications in a Multi-Vendor Environment (SESAME)

  • Key attributes

    • SSO with distributed A/C using symmetric & asymmetric cryptographic technologies to protect data interchanges

    • Role based A/C

    • The use of a privilege attribute certification (PAC), similar in functionality to a Kerberos ticket

    • The use of Kerberos V5 protocol to access components

    • The use of public key cryptography for the distribution of secret keys.

Perimeter based web portal access
Perimeter-Based Web portal Access Environment (SESAME)

  • SSO for Web applications by using:

    • Directory service (LDAP, X.500, AD)

    • Uses a Web portal

    • Web Access Management system (WAM)

  • User logs-in to portal, WAM authenticates & maintains authentication between Web apps

  • Effective for Web environments not Enterprise wide

Federated identity management
Federated Identity Management Environment (SESAME)

  • SSO for multiple organizations who must share data & applications

    • Each entity subscribes to a common set of: policies, standards, & procedures for provisioning & management of identificatin, authentication & authorization information & also a common process for A/C

    • Each entity establishes a trust relationship with the other participating entities

2 basic ways for linking member entities in a fim
2 Basic ways for linking member entities in a FIM Environment (SESAME)

  • Cross-Certification:

    • Each entity must individually certify that every other participating entity is worthy of its true

    • Each entity reviews the others to see if they meet their criteria

    • Drawbacks: Once the number of entities grows the complexity of managing is to burdensome or expensive

2 basic ways for linking member entities in a fim1
2 Basic ways for linking member entities in a FIM Environment (SESAME)

  • Trusted 3rd party:

    • Each entity subscribes to the policies, standards & practices of a trusted 3rd party entity and the trusted 3rd party manages the verification of all other entities.

    • Once the 3rd party verifies a

    • Drawbacks: Once the number of entities grows the complexity of managing is to burdensome or expensive

Once in unlimited access
Once In-Unlimited Access Environment (SESAME)

  • Just what is says

Data access controls frameworks or models
Data Access Controls Frameworks or Models Environment (SESAME)

  • Discretionary

  • Mandatory

  • Nondiscretionary

Discretionary access control dac
Discretionary Access Control (DAC) Environment (SESAME)

  • A system that uses discretionary access control allows the owner of the resource to specify which subjects can access which resources.

  • Access control is at the discretion of the owner.

  • VAX, VMS, UNIX, Windows X, MAC

Mandatory access controls mac
Mandatory Access Controls (MAC) Environment (SESAME)

  • Controls are determined by the system & based on organizational policy. Controls applied based upon user clearance and classification of an object or data.

  • Used for highly sensitive systems and when owners don’t want users to potentially by pass organizational policies.

  • This model is used in environments where information classification and confidentiality is very important (e.g., the military).

  • Access control is based on a security labeling system. Users have security clearances and resources have security labels that contain data classifications.

Mandatory access controls mac1
Mandatory Access Controls (MAC) Environment (SESAME)

  • System provides access control & owner provides need-to-know control

  • Not everyone who is cleared should have access, only those cleared & with a need to know.

  • Even if the owner determines a user has a need to know the system must ascertain that the user is cleared.

  • Page 117 examples of access capabilities & Access permissions

Nondiscretionary Environment (SESAME)

  • Administrator determines who has access and what privileges

Access control lists acl
Access Control Lists (ACL) Environment (SESAME)

  • List of permissions associated with an object

  • Keyword=Action

    • Router, IP Address=Allow or IP Address=Deny

    • User1=R, X, L, W

    • User2=R, , L

    • Group A=R,X,L

    • Group B=R,L

  • Access Control Matrix is an ACL in the form of a table. Page 119

Rule based access control
Rule Based Access Control Environment (SESAME)

  • Uses specific rules that indicate what can and cannot happen between a subject and an object.

  • Not necessarily identity based.

  • Traditionally, rule based access control has been used in MAC systems as an enforcement mechanism.

  • Example Page 120

Role based access control rbac page 121
Role Based Access Control (RBAC) Environment (SESAME)Page 121

  • Role Based Access Control (RBAC) is a methodology of limiting tasks to objects based on a specific role

  • Administration boundaries can be synonymous with job duties or functions and can be associated with individual users

  • The goal in role definition is to determine all the access in advance that a user might require to perform a specific tasks or job

  • Scalability and efficiency gains are two benefits of role-based administration

  • Aligns with an organizations structure of roles and

  • responsibilities

Content dependent access control
Content Dependent Access Control Environment (SESAME)

  • Access to an object is determined by the content within the object.

Constrained user interfaces
Constrained User Interfaces Environment (SESAME)

  • Restrict user’s access abilities by not allowing them certain types of access, or the ability to request certain functions or information

  • Three major types

    • Menus and Shells

    • Database Views

    • Physically Constrained Interfaces

Capability table
Capability table Environment (SESAME):

  • Specifies the access rights a certain subject possesses pertaining to certain objects

  • Bounded to a subject and indicates what objects that subject can access.

  • Page 123 Figure 1.27

Temporal time based isolation
Temporal(Time-Based) Isolation Environment (SESAME)

  • Activities are OK or Not OK based upon not who but when.

  • Examples:

    • If you leave class before the lecture ends its not OK

    • All classified processing occurs in the morning

Intrusion detection and prevention systems
Intrusion Detection and Prevention Systems Environment (SESAME)

  • IDS

    • Informative tool that provides real-time information when suspicious activities are identified

    • Not used to directly prevent the suspected attack

  • IPS

    • Monitors like IDS, however will automatically take proactive preventive action if it detects unacceptable activity.

  • Important to tune system to detect true attacks

Network intrusion detection system nids
Network Intrusion Detection System (NIDS) Environment (SESAME)

  • Install tap or mirror ports on a core switch

    • Works in promiscuous mode

    • Must be able to handle amount of traffic

  • Encryption can be a problem

  • Can be integrated into other network devices

Host based ids aka hids
Host Based IDS, aka HIDS Environment (SESAME)

  • Analyze the activity within a particular computer system

  • Can be installed on individual workstations and/or servers and watch for inappropriate or anomalous activity.

  • Usually used to make sure users do not delete system files, reconfigure important things, or put the system at risk in any other way.

  • HIDS universe is limited to the computer itself.

  • Multi-host IDSs allow systems to share policy information & attack data & remediation actions.

  • Drawback is that they consume inordinate amount of host resources

Ids analysis engine methods
IDS Analysis Engine Methods Environment (SESAME)

  • 2 basic analysis methods

    • Pattern Matching

      • Looks for known attacks

    • Anomaly Detection

      • Looks for system changes

        • Stateful Matching

        • Statistical Anomaly-Based

        • Protocol Anomaly-Based

        • Traffic Anomaly-Based

Pattern match signature analysis ids method
Pattern match (signature analysis) Environment (SESAME)IDS Method

  • Pattern match (signature analysis)

    • Models of specific attacks and how they are carried out. Each identified attack has a signature, which is used to detect an attack in progress or determine if one has occurred within the network. Any action that is not recognized as an attack is considered acceptable.

  • Similar to antivirus software

  • Signatures must be continuously updated

  • Cannot identify new attacks

Anomaly analysis ids methods
Anomaly Analysis IDS Methods Environment (SESAME)

  • Based on behavior identification (system changes) or anomalies

  • Possible list of anomalies, P.127

  • Tend to report more data & false positives

Stateful matching ids method
Stateful matching IDS Method Environment (SESAME)

  • Uses signatures and tracks system state changes that indicate an attack is underway.

  • State: a snapshot of an operating systems values in volatile, semi permanent, and permanent memory locations.

  • Every change that an operating system experiences is considered a state transition.

  • A state transition is when a variable’s value changes, which usually happens continuously within every system.

  • Example Page 128

Statistical anomaly based
Statistical Anomaly-Based Environment (SESAME)

  • Examines event data by comparing it to typical known or predicted traffic in an effort to fined potential security breaches.

  • It attempts to identity suspicious behavior by identifying patterns that are not the norm

  • Tuning can be challenging if not done regularly

  • Definition of normal traffic is open for interpretation

  • Has potential to detect unknown attacks

Protocol anomaly based ids
Protocol Anomaly-Based IDS Environment (SESAME)

  • Identifies any unacceptable deviation form expected behavior based on known network protocols

  • Prone to same issues as signature-based IDSs

Traffic anomaly based
Traffic Anomaly-Based Environment (SESAME)

  • Identifies any unacceptable deviation form expected behavior based on actual traffic structure

Intrusion response
Intrusion Response Environment (SESAME)

  • Inject rule into firewall, or modify access control for routers, VPNs or VLAN switches

    • May be disadvantage if replicated to other devices

  • Disable communications

  • Disable user accounts

  • Enable additional auditing

Intrusion response1
Intrusion Response Environment (SESAME)

  • Sensor

    • Identifies an event

    • Must tune sensitivity properly

  • Control & communication

    • Notification component email, pager, PDA

  • Enunciator

  • IDs correct business unit, formats msg for specific devices

  • Determining who gets notified & what their response is

Ids management
IDS Management Environment (SESAME)

  • Must devote planning, time, money & expert personnel to properly manage an IDS solution

  • Page 132