Access Control Systems A means of ensuring a system’s C.I.A given the threats, vulnerabilities, & risks its infrastructure

Rationale  Confidentiality Info not disclosed to unauthorized persons or processes  Integrity Internal consistency External consistency  Availability Reliability Utility

Systems  Complex  Interact with other systems  Have emergent properties that their designers did not intend  Have bugs

Systems & Security  Usual coping mechanism is to ignore the problem…WRONG  Security is system within larger system  Security theory vs security practice Real world systems do not lend themselves to theoretical solutions  Must look at entire system & how security affects

The Landscape  Secure from whom?  Secure against what?  Never black & white  Context matters more than technology  Secure is meaningless out of context

Completely Secure Servers  Disconnect from Network  Power Down  Wipe & Degauss Memory & Harddrive  Pulverize it to dust  Threat Modeling  Risk management

Concepts in planning  Threat Potential to cause harm  Vulnerability Weakness or lack of safeguard that can be exploited by threat  Risk Potential for loss or harm Probability that threat will materialize

Threats  Attacks are exceptions  Digital Threats mirror Physical  Will become more common, more widespread, harder to catch due to: Automation Action at a Distance  Every two points are adjacent Technical Propagation

Threats  All types of attackers  All present some type of threat  Impossible to anticipate all attacks or all types of attackers or all avenues of attack  Point is not to prevent all but to “think about and analyze threats with greater depth and to take reasonable steps to prevent…”

Attacks  Criminal Fraud-prolific on the Internet Destructive, Intellectual Property Identity Theft, Brand Theft  Privacy: less and less available people do not own their own data Surveillance, Databases, Traffic Analysis Echelon, Carnivore  Publicity & Denial of Service  Legal

Controls  Implemented to mitigate risk & reduce loss  Categories of controls Preventative Detective Corrective

Control Implementation types Administrative: polices, procedures, security awareness training, background checks, vacation history review Logical / Technical – encryption, smart cards, ACL Physical – guards, locks, protection of transmission media, backup

Models for Controlling Access  Control: Limiting access by a subject to an object  Categories of controls Mandatory Access Control (MAC)  Clearance, sensitivity of object, need to know  Ex: Rule-based Discretionary Access Control (DAC)  Limited ability for Subject to allow access  ACL, access control triple: user, program, object or file Non-Discretionary Access Control  Central authority determines access

SELinux MAC  Mandatory Access Control in kernel  Implemented via: type enforcement (domains) Role based access control  No user discretionary access control  Each process, file, user, etc has a domain & operations are limited within it  Root user can be divided into roles also

Control Combinations  Preventative / Administrative  Preventative / Technical  Preventative / Physical  Detective / Administrative  Detective / Technical  Detective / Physical

Access Control Attacks  DoS, DDos Buffer Overflow, SYN Attack, Smurf  Back door  Spoofing  Man-in-the-Middle  Replay  TCP Hijacking  Software Exploitation: non up to date software  Trojan Horses

Social Engineering  Ex: s or phone calls from “upper mgt or administrators” requesting passwords  Dumpster Diving  Password guessing: L0phat  Brute force  Dictionary attack

System Scanning  Collection of info about a system What ports, what services running, what system software, what versions being used  Steps: 1.Network Reconnaissance 2.Gaining System Access 3.Removing Evidence of attack  Prevention Watch for scans &/or access of common unused ports

Penetration Testing  “Ethical hacking”  Network-based IDS  Host-based IDS  Tests Full knowledge, Partial knowledge, Zero knowledge Open box – Closed box

Penetration Testing Steps 1.GET APPROVAL from upper mgt 2.Discovery 3.Enumeration of tests 4.Vulnerability mapping 5.Exploitation 6.Reporting

Identification & Authentication  ID: subject professing who they are  Auth: verification of ID  Three types of authentication Something you know Something you have Something you are Two-factor is way the best

Passwords  Static  Dynamic  Passphrase  Dictionary words  Alpha numeric special character  Models for choosing  Rotation schedules for passwords

Biometrics  Fingerprint, palm, retina, iris, face, voice, handwritting, RFID, etc  Enrollment time (2 min)  Throughput rate (10 subjects/min)  Corpus: Collection of biometric data

Biometrics  False Rejection Rate (FRR)  False Acceptance Rate (FAR)  Crossover Error Rate (CER) FAR FRR CER

Single Sign On (SSO)  One id / password per session regardless of the # of systems used  Advantages Ease of use, Stronger passwords/biodata, easier administration, lower use of resources  Disadvantages If access control is broken is a MUCH bigger problem

SSO Example: Kerberos 1.User enters id/pass 2.Client requests service 3.Ticket is encrypted with servers public key and sent to client 4.Client sends ticket to server & requests service 5.Server responds Problems: replay, compromised tickets

Access Control  Centralized Remote Authentication & Dial-In (Wireless) User Service (RADIUS) Call back  De-centralized Relational Databases (can be both)  Relational concepts  Security issues

Intrusion Detection Systems  Network Based Monitors Packets & headers SNORT Will not detect attacks same host attacks  Host based Monitors logs and system activity  Types Signature based (slow attacks problem) Statistical Anomaly Based

Other issues  Costs  Privacy  Accountability  Compensation for violations Backups RAID (Redundant Array of Independent Disks) Fault tollerance Business Continuity Planning Insurance

References  Building Secure Linux Servers ( )  Secrets and Lies ( )