1 / 57

Access Control Systems & Methodology

Access Control Systems & Methodology. Dr. Usman Tariq. What is access control?. Access control is the heart of security Definitions: The ability to allow only authorized users, programs or processes system or resource access

carrington
Télécharger la présentation

Access Control Systems & Methodology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Control Systems & Methodology Dr. Usman Tariq

  2. What is access control? • Access control is the heart of security • Definitions: • The ability to allow only authorized users, programs or processes system or resource access • The granting or denying, according to a particular security model, of certain permissions to access a resource • An entire set of procedures performed by hardware, software and administrators, to monitor access, identify users requesting access, record access attempts, and grant or deny access based on pre-established rules.

  3. Access control nomenclature • Authentication • Process through which one proves and verifies certain information • Identification • Process through which one ascertains the identity of another person or entity • Confidentiality • Protection of private data from unauthorized viewing • Integrity • Data is not corrupted or modified in any unauthorized manner • Availability • System is usable. Contrast with DoS.

  4. How can AC be implemented? • Hardware • Software • Application • Protocol (Kerberos, IPSec) • Physical • Logical (policies)

  5. What does AC hope to protect? • Data - Unauthorized viewing, modification or copying • System - Unauthorized use, modification or denial of service • It should be noted that nearly every networkoperating system (NT, Unix, Vines, NetWare) is based on a secure physical infrastructure

  6. Proactive access control • Awareness training • Background checks • Separation of duties • Split knowledge • Policies • Data classification • Effective user registration • Termination procedures • Change control procedures

  7. Single User Rights

  8. Physical access control • Guards • Locks • Mantraps • ID badges • CCTV, sensors, alarms • Biometrics • Fences • Card-key and tokens • Guard dogs

  9. AC & Privacy Issues • Expectation of privacy • Policies • Monitoring activity, Internet usage, e-mail • Login banners should detail expectations of privacy and state levels of monitoring

  10. Varied types of Access Control • Discretionary Access Control (DAC) • Mandatory Access Control (MAC) • Lattice/Role/Task • Formal models: • Biba • Clark/Wilson • Bell/LaPadula • Used set theory to define the concept of a secure state, the modes of access, and the rules for granting access.

  11. 21 March, 2011

  12. Problems with formal models • Based on a static infrastructure • Defined and succinct policies • These do not work in corporate systems which are extremely dynamic and constantly changing • None of the previous models deals with: • Viruses/active content • Trojan horses • Firewalls • Limited documentation on how to build these systems

  13. MAC vs. DAC • Discretionary Access Control • You decided how you want to protect and share your data • Mandatory Access Control • The system decided how the data will be shared

  14. Mandatory Access Control • Assigns sensitivity levels, labels • Every object is given a sensitivity label & is accessible only to users who are cleared up to that particular level. • Only the administrators, not object owners, make change the object level • Generally more secure than DAC • Orange book B-level • Used in systems where security is critical, i.e., military • Hard to program for and configure & implement

  15. Mandatory Access Control (Continued) • Downgrade in performance • Relies on the system to control access • Example: If a file is classified as confidential, MAC will prevent anyone from writing secret or top secret information into that file. • All output, i.e., print jobs, floppies, other magnetic mediamust have to be labeled as to the sensitivity level

  16. Discretionary Access Control • Access is restricted based on the authorization granted to the user • Orange book C-level • Prime use is to separate and protect users from unauthorized data • Used by Unix, NT, NetWare, Linux, Vines, etc. • Relies on the object owner to control access

  17. Access control lists (ACL) • A file used by the access control system to determine who may access what programs and files, • in what method and at what time • Different operating systems have different ACL terms • Types of access: • Read / Write / Create / Execute / Modify / Delete / Rename

  18. Orange Book • DoD Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, • Provides the information needed to classify systems (A,B,C,D), defining the degree of trust that may be placed in them • For stand-alone systems only

  19. Orange book levels • A - Verified protection • A1 • Boeing SNS, Honeywell SCOMP • B - MAC • B1/B2/B3 • C - DAC • C1/C2 • D - Minimal security. Systems that have been evaluated, but failed

  20. Bell-LaPadula • Formal description of allowable paths of information flow in a secure system • Used to definesecurity requirements for systems handling data at different sensitivity levels • *-property -prevents write-down, • by preventing subjects with access to high level data from writing the information to objects of lower access

  21. Bell-LaPadula • Model defines secure state • Access between subjects, objects in accordance with specific security policy • Model central to TCSEC (TCSEC is an implementation of the Bell-LaPadula model) • Bell-LaPadula model only applies to secrecy of information • identifies paths that could lead to inappropriate disclosure Trusted Computer System Evaluation Criteria (TCSEC)

  22. Biba Integrity Model • Biba model covers integrity levels, which are analagous to sensitivity levels in Bell-LaPadula • Integrity levels cover inappropriate modification of data • Prevents unauthorized users from making modifications (1st goal of integrity) • Read Up, Write Down model - Subjects cannot read objects of lesser integrity, subjects cannot write to objects of higher integrity

  23. Clark & Wilson Model • An Integrity Model, like Biba • Addresses all 3 integrity goals • Prevents unauthorized users from making modifications • Maintains internal and external consistency • Prevents authorized users from making improper modifications • T - cannot be Tampered with while being changed • L - all changes must be Logged • C - Integrity of data is Consistent

  24. Clark & Wilson Model • Proposes “Well Formed Transactions” • perform steps in order • perform exactly the steps listed • authenticate the individuals who perform the steps • Calls for separation of duty

  25. Problems with the Orange Book • Based on an old model, Bell-LaPadula • Stand alone, no way to network systems • Systems take a long time (1-2 years) to certify • Any changes (hot fixes, service packs, patches) break the certification • Has not adapted to changes in client-server and corporate computing • Certification is expensive • For the most part, not used outside of the government sector

  26. Red Book • Used to extend the Orange Book to networks • Actually two works: • Trusted Network Interpretation of the TCSEC (NCSC-TG-005) • Trusted Network Interpretation Environments Guideline: Guidance for Applying the Trusted Network Interpretation (NCSC-TG-011)

  27. Authentication 3 types of authentication: • Something you know - Password, PIN, mother’s maiden name, passcode • Something you have - ATM card, smart card, token, key, ID Badge, driver license, passport • Something you are - Fingerprint, voice scan, iris scan, retina scan, DNA

  28. Multi-factor authentication • 2-factor authentication. To increase the level of security, many systems will require a user to provide 2 of the 3 types of authentication. • ATM card + PIN • Credit card + signature • PIN + fingerprint • Username + Password (NetWare, Unix, NT default) • 3-factor authentication -- For highest security • Username + Password + Fingerprint • Username + Passcode + SecurID token

  29. Problems with passwords • Insecure - Given the choice, people will choose easily remembered and hence easily guessed passwords such as names of relatives, pets, phone numbers, birthdays, hobbies, etc • Easily broken - Programs such as crack, SmartPass, PWDUMP, NTCrack & l0phtcrack can easily decrypt Unix, NetWare & NT passwords. • Dictionary attacks are only feasible because users choose easily guessed passwords! • Inconvenient - In an attempt to improve security, organizations often issue users with computer-generated passwords that are difficult, if not impossible to remember • Repudiceable - Unlike a written signature, when a transaction is signed with only a password, there is no real proof as to the identity of the individual that made the transaction

  30. Midterm Exam Topics • Understanding of Information Security • Security Goals • Requirements • Threat Models • Defensive Approaches • Legal, Ethical and Professional Issues in Information Security • Phishing Attack • Taxonomy of Crypto • Data Encryption Standard • Access Control

  31. Classic password rules • The best passwords are those that are both easy to remember and hard to crack using a dictionary attack. • The best way to create passwords that fulfill both criteria is to use two small unrelated words or phonemes, ideally with a special character or number. Good examples would be hex7goop or – typetin • Don’t use: • common names, DOB, spouse, phone #, etc. • word found in dictionaries • password as a password • systems defaults

  32. MD-5 Hashing 9e7b87702065188f39fd481b9cbcdb7a Usman Tariq Password management • Configure system to use string passwords • Set password time and lengths limits • Limit unsuccessful logins • Limit concurrent (parallel) connections • Enabled auditing • How policies for password resets and changes • Use last login dates in banners

  33. Password Attacks • Brute force • Mimicking • Dictionary • Crack • John the Ripper • Trojan horse login program

  34. Trojan horse • A Trojan horse can be deliberately attached to otherwise useful software by a cracker, or it can be spread by tricking users into believing that it is a useful program. • The Trojan horse is typically a Windows executable program file, and must have an executable file extension such as .exe, .com, .scr, .bat, or .pif. • Since Windows is configured by default to hide extensions from a user, the Trojan horse's extension might be "masked" by giving it a name such as 'Readme.txt.exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file.

  35. Types of Trojan Horse • Erasing or overwriting data on a computer • Corrupting files in a subtle way • Spreading other malware, such as viruses. In this case the Trojan horse is called a 'dropper'. • Setting up networks of zombie computers in order to launch DDoS attacks or send Spam. • Logging keystrokes to steal information such as passwords and credit card numbers (known as a key logger) • Phish for bank or other account details, which can be used for criminal activities. • Installing a backdoor on a computer system.

  36. How you can be Infected • Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of Trojans and other pests. Even using a secure web browser, such as Mozilla's Firefox, if Java is enabled, your computer has the potential of receiving a Trojan horse. • Instant message: Many get infected through files sent through various messengers. This is due to an extreme lack of security in some instant messengers, such of AOL's instant messenger. • E-mail:Attachments on e-mail messages may contain Trojans. Trojan horses via SMTP.

  37. Trojan horses Distribution • can be installed through the following methods: • Software downloads • Bundling (e.g. a Trojan horse included as part of a software application downloaded from afile sharing network) • Email attachments • Websites containing executable content (e.g., a Trojan horse in the form of anActiveXcontrol) • Application exploits (e.g., flaws in a Web browser, media player, instant-messaging client, or other software that can be exploited to allow installation of a Trojan horse)

  38. What attacker wants? • Credit Card Information (often used for domain registration, shopping with your credit card) • Any accounting data (E-mail passwords, Dial-Up passwords, WebServices passwords, etc.) • Email Addresses (Might be used for spamming, as explained above) • Work Projects (Steal your presentations and work related papers) • Children's names/pictures, Ages (pedophile attacker?!) • School work (steal your papers and publish them with his/her name on it)

  39. Biometrics • Authenticating a user via human characteristics • Using measurable physical characteristics of a person to prove their identification • Fingerprint • signature dynamics • Iris • retina • voice • face • DNA, blood

  40. Advantages of fingerprint based biometrics • Can’t be lent like a physical key or token and can’t be forgotten like a password • Good compromise between ease of use, template size, cost and accuracy • Fingerprint contains enough inherent variability to enable unique identification even in very large (millions of records) databases • Basically lasts forever • Makes network login & authentication effortless

  41. Biometric Disadvantages • Still relatively expensive per user • Companies & products are often new & immature • No common Application programming interface (API) or other standard • Some hesitancy for user acceptance

  42. Biometric privacy issues • Tracking and surveillance - Ultimately, the ability to track a person's movement from hour to hour • Anonymity - Biometric links to databases could dissolve much of our anonymity when we travel and access services • Profiling - Compilation of transaction data about a particular person that creates a picture of that person's travels, preferences, affiliations or beliefs

  43. Practical biometric applications • Network access control • Staff time and attendance tracking • Authorizing financial transactions • Government benefits distribution (Social Security, welfare, etc.) • Verifying identities at point of sale • Using in conjunction with ATM , credit or smart cards • Controlling physical access to office buildings or homes • Protecting personal property • Prevent against kidnapping in schools, play areas, etc. • Protecting children from fatal gun accidents

  44. Tokens • Used to facilitate one-time passwords • Physical card • SecurID • S/Key • Smart card • Access token

  45. Single sign-on • User has one password for all enterprise systems and applications • That way, one strong password can be remembered and used • All of a users accounts can be quickly created on hire, deleted on dismissal • Hard to implement and get working • Kerberos, CA-Unicenter, Memco Proxima, IntelliSoftSnareWorks, Tivoli Global Sign-On, x.509

  46. Kerberos • Part of MIT’s Project Athena • Kerberos is an authentication protocol used for network wide authentication • All software must be kerberized • Tickets, authenticators, key distribution center (KDC)

  47. Kerberos roles • KDC divided into Authentication Server & Ticket Granting Server (TGS) • Authentication Server - authenticate the identities of entities on the network • TGS - Generates unique session keys between two parties. • Parties then use these session keys for message encryption

  48. Kerberos authentication • User must have an account on the KDC • KDC must be a trusted server in a secured location • Shares a DES key with each user • When a user want to access a host or application, they request a ticket from the KDC via klogin & generate an authenticator that validates the tickets • User provides ticket and authenticator to the application, which processes them for validity and will then grant access.

  49. Problems with Kerberos • Each piece of software must be kerberized • Requires synchronized time clocks • Relies on User Datagram Protocol (UDP) which is often blocked by many firewalls • Kerberos v4 binds tickets to a single network address for a hosts. Host with multiple NIC’s will have problems using tickets

More Related