Download presentation
Lesson 2-General Security Concepts
Objectives Upon completion of this lesson, the learner will be able to: Define basic terminology associated with computer and information security. Describe the basic approaches to computer and information security. Describe various methods to implement access controls. Identify and explain methods used to verify the identity and authenticity of an individual. Describe some of the basic models of security used when implementing security in operating systems.
Information Assurance Is Everyone’s Responsibility
Information assurance is everyone's responsibility, from the department's secretary to the newest clerical staff member. Each of us has one or more roles to play in the Information Assurance arena and, to enhance our organization's IT Security Posture, it is crucial that we all have a basic understanding of these responsibilities. The purpose of this awareness-level briefing is to ensure that participants become sensitive to the "threats and vulnerabilities of computer systems” and to provide basic information on agency policy for protecting data, information, and the means of processing them. (From ) Specifically, this briefing will address four key questions: What is information assurance? Who is responsible? Why should you care? How do you get there?
Basic Security Terms A hacker refers to an individual who attempts to gain unauthorized access to computer systems or networks. Cracker and cracking refer to the nefarious type of activity – the terminology generally accepted by the public is that of hacker and hacking. Phreaking refers to the “hacking” of computers and systems used by a telephone company. Computer security entails the methods used to ensure a system is secure.
Network Security Network security refers to the protection of multiple computers and the devices that are connected.
Information Security and Assurance
Information security and assurance place the focus of the security process on the data they process and not on the hardware and software being used. Assurance introduces another concept, that of the availability of the systems and the information when people want them.
Computer and Network Security
Computer and network security is essential for individuals to function effectively and safely in today's highly automated environment. From its inception, the goal of computer security has been threefold: Confidentiality Integrity Availability
The “CIA” of Security Confidentiality ensures that only authorized individuals are able to view information. Integrity ensures that only authorized individuals are able to change (or delete) information. Availability ensures that the data, or the system, is available for the authorized user when required.
CIA Extensions The increased use of networks for commerce requires two additional security goals for the CIA of security. Authentication Nonrepudiation Authentication deals with the desire to ensure an individual’s identity. Nonrepudiation deals with the ability to verify that a message has been sent and received.
Operational Security For many years, protection was equated with prevention. Regardless of how well people seem to do in prevention technology, somebody always seems to find a way around safeguards. Therefore, multiple prevention techniques and technology are required to alert when prevention has failed and to provide ways to address the problem.
Operational Model of Computer Security
The operational model of computer security includes two additions to the original security equation: Protection = Prevention + (Detection + Response) Every security technique and technology falls into at least one of the three elements of the equation.
Operational Model of Computer Security
Sample technologies in the operational model of computer security
Security Principles There are three ways an organization can address the protection of its networks: Ignore security issues. Provide host security. Approach security at a network level.
Ignore Security Issues
If an organization decides to ignore security, it chooses to use the minimal security provided with its workstations, servers, and devices. Each “out of the box” system has certain security settings that can be configured.
Host Security Host security focuses on protecting each computer and device individually instead of addressing protection of the network as a whole. If an organization decides to implement only host security and does not include network security, there is a high probability of introducing or overlooking vulnerabilities.
Host Security Host Security Problem
Ensuring that every computer is “locked down” to the same degree as every other system in the environment can be overwhelming. Moreover, this often results in an unsuccessful and frustrating effort.
Host Security Host security is a complementary process to be combined with network security. If individual host computers have vulnerabilities, then network security can provide another layer of protection that may stop any intruders.
Network Security Network security emphasizes controlling access to internal computers from external entities. This control can be through devices such as: Routers Firewalls Authentication hardware and software Encryption Intrusion detection systems (IDSs)
Least Privilege Least privilege means that a subject should have only the necessary rights and privileges to perform its task with no additional permissions. A subject may include a user, application, or process. Limiting an object's privileges limits the amount of harm that can be caused, thus limiting an organization's exposure to damage.
Least Privilege Least privilege:
Protects its most sensitive resources. Ensures that whoever is interacting with these resources has a valid reason to do so. Different operating systems and applications have different ways of implementing rights, permissions, and privileges.
Configuration Plan Before operating systems are configured, an overall plan should be devised. Standardized methods should be developed to ensure that a solid security baseline is implemented. The concept of least privilege applies to more network security issues than just providing users with specific rights and permissions.
Trust Relationships When trust relationships are created, they should not be implemented in such a way that everyone trusts each other simply because it is easier. One domain should trust another for specific reasons, and the implementers should have an understanding the trust relationship. Another issue that falls under the least privilege concept is the security context in which an application runs.
Domain Trusts All applications, scripts, and batch files run in the security context of a specific user on an operating system. This means they will execute with specific permissions as if they were a user. Programs should execute only in the security context needed to perform their duties successfully.
Layered Security Layered security architecture employs several security methods to accomplish a compromise that consumes more time and effort than it is worth to a potential attacker. It is important to implement different layers so that if intruders succeed at one layer, they could be stopped at the next. The redundancy of different layers assures that there is no one single point of failure pertaining to security.
Coordinating Layered Security
Security at each layer can be very complex, and grouping different layers can increase the complexity exponentially. The layers need to work in a coordinated manner so that one does not obstruct another's functionality and introduce a security hole.
The Layered Model Various layers of security
The layers usually are depicted starting at the top, with more general types of protection. As they progress downward through each layer, the granularity increases as they get closer to the actual resource. It is important to understand the level of protection that each layer provides. It is also important to understand how things that take place in other layers can affect each level of protection. Various layers of security
The Layered Model The top-layer protection mechanism is responsible for controlling traffic. It would be overwhelming and cause performance degradation if each aspect of the packet were inspected. Instead, each layer usually digs deeper into the packet and looks for specific items.
The Layered Model Layers closer to the resource deal with only a fraction of the traffic than the top-layer security mechanisms do. As a result, it will not cause as much of a performance hit to look deeper and at more granular aspects of the traffic.
Diversity of Defense Diversity of defense involves making different layers of security dissimilar. Even if attackers know how to get through a system making up one layer, they may not know how to get through a different type of layer employing a different system for security.
Diversity of Defense When applying the diversity of defense concept:
Set up security measures that protect against the different types of attacks. Use products from different vendors. Every product has its own security vulnerabilities that an experienced attacker knows.
Trade-off Trade-offs must be considered before implementing diversity of security using different vendor products. Doing so usually increases operational complexity, and security and complexity are seldom a good mix.
Security Through Obscurity
Security through obscurity uses the approach of protecting something by hiding it. Security through obscurity is considered effective if the environment and protection mechanisms are confusing or are generally not known. However, this is a poor approach, especially if it is the only approach to security.
Security Through Obscurity
An organization can use security through obscurity measures to hide critical assets. Other security measures should be employed to provide a higher level of protection.
Keep It Simple Security processes and tools should be as simple and elegant as possible. They should be simple to troubleshoot, use, and administer.
Troubleshooting When something goes wrong with security mechanisms, a troubleshooting process is used to identify the actual issue. If a mechanism is overly complex, identifying the root of the problem can be overwhelming if not nearly impossible.
Services on the System Another application of the principle of keeping things simple concerns the number of services that can run on the system. Default installations of computer operating systems often leave many services running. The general rule of thumb is to eliminate all nonessential services and protocols.
Access Control Access Authentication Access control matrix
Access control lists Discretionary access control Mandatory access control Role-based access control
Access Control and Authentication
Access control describes all security features to prevent unauthorized access to a computer system or network. Access is the ability of a subject, such as an individual or a process running on a computer system, to interact with an object, such as a file or a hardware device. Authentication deals with verifying the identity of a subject.
An Access Control Matrix
In this matrix, the system keeps track of two processes, two files, and one hardware device. Process 1 can read both File 1 and File 2, but can write only to File 1. Process 1 cannot access Process 2, but Process 2 can execute Process 1. Both processes have the ability to write to the printer. The access control matrix is seldom used in computer systems. It is extremely costly in terms of storage space and processing.
Access Control List An ACL is a list that contains the subjects with access rights to a particular object. The list identifies not only the subject but also the specific access the subject has for the object. Types of access include read, write, and execute.
Discretionary Access Control (DAC)
The “Orange Book” discretionary access controls restrict access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary, which means a subject with certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. In systems that employ discretionary access controls, the owner of an object decides which other subjects may have access to the object and what specific access they may have. Access control list is another common mechanism used to implement discretionary access control (DAC).
Mandatory Access Control
Mandatory access controls (MAC) is a means of restricting access to objects based on the sensitivity of the information contained in the objects and the formal authorization of subjects to access information of such sensitivity.
Mandatory Access Control
With MAC, the owner or the subject cannot determine whether access is to be granted to another subject. The operating system decides whether access is to be granted to another subject. The security mechanism controls access to all objects, and individual subjects cannot change that access. The label attached to every subject and object identifies the level of classification for that object and the level that the subject is entitled.
Role-Based Access Control
In RBAC, a user is assigned a set of roles that may be performed. The roles are assigned the access permissions needed to perform tasks associated with the role. Users are granted permissions to objects in terms of the specific duties required—not of a security classification associated with individual objects.
Authentication Kerberos CHAP Certificates Tokens Multifactor
Mutual authentication
Authentication Authentication deals with verifying the identity of a subject. Access controls define what actions a user can perform or what objects a user can have access to, because these controls assume that the identity of the user has been verified. Authentication mechanisms should be used to admit only valid users.
Authentication Methods
To verify their identity, users can provide: Something they know. Something they have. Something about them (something they are).
Authentication Method
The most common authentication mechanism is to provide something that only the valid user should know. The most frequently used example of this is the userid (or username) and password. Since users are not supposed to share passwords with anybody else, only they should know their passwords. By providing the userid and password, users are proving to the system that they are who they claim to be.
Authentication Method
A second method of providing authentication is by using something that only valid users should have in their possession. In the same way that a key works with a lock, a similar method can be used to authenticate users for a computer system or network (though the key may be electronic and may reside on a smart card or similar device).
The Problem If people lose their keys or cards, they cannot log on to the system. Somebody who finds the key may then be able to access the system.
The Solution A combination of the something-you-know and something-you-have methods is often used so that the individual with the key may also be required to provide a password or passcode. The key is useless unless users know this code.
Authentication and Biometrics
The third method of providing authentication involves something that is unique about users. The field of authentication that uses something about users or something that users are is known as biometrics.
Kerberos Kerberos is a network authentication protocol designed for a client/server environment. Kerberos uses strong encryption so that clients can prove their identity to a server and the server can in turn authenticate itself to the clients. The basis for authentication in a Kerberos environment is a ticket.
Tickets Tickets are granted by the authentication server.
It is an entity trusted by both the client and the server the client wishes to access. The client can present this ticket to the server to provide proof of identity. The entire session may be encrypted. It eliminates the inherently insecure transmission of items such as a password that can be intercepted on the network. Tickets are time-stamped, and cannot be reused.
CHAP Challenge Handshake Authentication Protocol (CHAP):
Provides authentication across a point-to-point link using the Point-to-Point Protocol (PPP). Authentication after the link has been established is not mandatory.
CHAP CHAP provides authentication periodically through the use of a challenge/response system – a three-way handshake. The initial challenge (a randomly generated number) is sent to the client. The client uses a one-way hashing function to calculate the response and then sends this back. The server compares the response with the response calculated by it. If it matches, the communication continues. If the two values do not match, the connection is terminated.
CHAP This mechanism relies on a shared secret between the two entities so that the correct values can be calculated.
Certificates Certificates are a method of establishing authenticity of specific objects such as an individual's public key or downloaded software. A digital certificate is an attachment to a message. It verifies that the message came from the entity it claims to have come from. The digital certificate can contain a key that can be used to encrypt further communication.
Multifactor Multifactor is a term used to describe the use of more than one authentication mechanism at the same time. Multifactor authentication increases the level of security. It requires more than one mechanism to be spoofed for an unauthorized individual to gain access to a computer system or network.
Mutual Authentication
Describes a process in which each side of an electronic communication verifies the authenticity of the other. Provides a mechanism for each side of a client/server relationship to verify the authenticity of the other to address this issue.
Security Models Confidentiality models Integrity models
Security Models The security model implements the security policy that has been chosen, and enforces the security characteristic that has been deemed most important by the designers of the system.
Confidentiality Models
Data confidentiality has been the chief concern of the military. As a result, they developed the Bell-LaPadula security model to address data confidentiality in computer operating systems. This model was useful in designing multilevel security systems that implemented the military’s hierarchical security scheme. The security scheme included levels of classification such as Unclassified, Confidential, Secret, and Top Secret.
The Bell-LaPadula Security Model
The Bell-LaPadula security model employed both mandatory and discretionary access control mechanisms when implementing its two basic security principles. The Simple Security Rule states that no subject could read information from an object with a security classification higher than that possessed by the subject itself. This rule is the “no-read-up” rule.
Bell-LaPadula Star Property
The Bell-LaPadula security model is also known as the *-property (pronounced “star property”). A subject may write to an object only if its security classification was less than or equal to the object’s security classification.
Bell-LaPadula Star Property
Writing to a file which a user cannot view is an integrity issue. The *-property does not allow users to write to a file of equal or greater security classification. It also does not allow users to write to a file with a lower security classification. This is known as the “no-write-down” rule.
Integrity Models The Biba security model
The Clark-Wilson Security Model
Biba Security Model In the Biba security model, instead of security classifications, integrity levels are used. A principle of integrity levels is that data with a higher integrity level is believed to be more accurate or reliable than data of a lower integrity level.
Biba Model Integrity levels indicate the level of “trust” that can be placed in information at different levels while at the same time limiting the modification of information as opposed to the flow of information. An initial attempt at implementing an integrity-based model is the Low Water Mark.
Low-Water-Mark Policy
This policy is the opposite of the *-property. It prevents subjects from writing to objects of a higher integrity level. The policy contains a second rule: The integrity level of a subject will be reduced if it reads an object of a lower integrity level.
Low-Water-Mark Policy
The amount of trust placed in data formed from data at a specific integrity level cannot be higher than the level of trust you have in the subject creating the new data object. The level of trust you have in the subject can only be as high as the level of trust you had in the original data. The policy does not describe a way to raise the subject’s integrity level back to its original value.
Low-Water-Mark Policy
The final rule in the Low-Water-Mark policy states that a subject can only execute a program if the program’s integrity level is equal to or less than the integrity level of the subject. This ensures that data modified by a program will only have the level of trust (integrity level) that can be placed in the individual who executed the program.
Low-Water-Mark Ring Policy
Another policy – the Ring Policy – addresses the reduction of trust issue by allowing any subject to read any object regardless of the object’s level of integrity and without lowering the subject’s integrity level. This could lead to a situation where data created by a subject after reading data of a lower integrity level could end up having a higher level of trust placed in it than it should.
Biba and Low Water Mark The Biba security model implements a hybrid of the Ring and Low-Water-Mark policies. Biba’s model is the opposite of the Bell-LaPadula model in which it enforces the “no-read-down” and “no-write-up” policies. It implements a third rule that prevents subjects from executing programs of a higher level.
The Clark-Wilson Security Model
The Clark-Wilson security model uses transactions as the basis to derive its rules. The Clark-Wilson model defines only two levels of integrity, constrained data items (CDI) and unconstrained data items (UDI). CDI data is subject to integrity controls while UDI data is not.
The Clark-Wilson Security Model
This model defines two types of processes: Integrity verification processes (IVP), which ensure that CDI data meet integrity constraints (to ensure the system is in a valid state). Transformation processes (TP), which change the state of data from one valid state to another.
The Clark-Wilson Security Model
Data in this model cannot be modified directly by a user. It must be modified by the trusted transformation processes, access to which can be restricted (thus restricting the ability of a user to perform certain activities). Certain critical functions may be split into multiple TPs to enforce separation of duties. Enforcing separation of duties limits the authority of an individual so that multiple individuals will be required for certain critical functions.
Similar presentations
© 2025 Inc.
All rights reserved.