Upcoming SlideShare
Loading in...5




Information Assurance for the Enterprise

Information Assurance for the Enterprise



Total Views
Views on SlideShare
Embed Views



1 Embed 11 11



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Chapter006 Chapter006 Presentation Transcript

  • Chapter 6 Ensuring Controlled Access
  • Objectives
    • The fundamental principles of access control
    • How to structure and conduct the authorization process
    • Common access control models
  • Access Control
    • Access control – describes the regulation of interaction between subjects and objects within a given environment
      • Degree of regulation will determine how comprehensive and robust the overall protection scheme will be
    • With information assurance:
      • Subjects are people or processes
      • Processes can be either managerial or technical
      • Objects can be anything appropriately accessed by a valid subject
  • Principles of Access Control
    • Implementing and managing the access control process can be a very complex activity
    • Access control process centers around three principles:
      • Identity – asserts and verifies the user’s identity
      • Authority – authorizes user access privileges
      • Accountability – tracks user actions, analyzes and reports
  • Establishing Identity
    • The principle of identity is composed of two functions:
      • Identification function establishes the identity of every person or process that seeks access
      • Authentication function confirms that it is valid
  • Passwords: Something You Know
    • The simplest and most economical means of identifying an individual
      • Password management system will consistently:
        • Allow legitimate users to directly register for access
        • Allow forgotten passwords to be authenticated and reset by user
        • Allow IT support staff to authenticate callers for password management
        • Synchronize users across a range of platforms
        • Provide for immediate cancellation of passwords
  • Passwords: Something You Know
    • Problem with passwords
      • Memory
        • Limitation of human memory to remember multiple passwords
        • Writing them down is a serious violation of information assurance or security protocol
      • Usage vulnerabilities
        • Short passwords – easily compromised by brute force, guessed or obtained through surreptitious means
  • Passwords: Something You Know
    • Single sign-on
      • Coordinates passwords across a range of platforms and applications
  • Passwords: Something You Know
    • One-time password
      • Shortening the period of use of the password
  • Token-Based Security: Something You Have
    • Tokens – identification and authorization devices presented at the time of access
      • Function similar to a key and lock
    • Most frequently used authentication device is the smart card, or swipe card
      • Embedded semiconductor chip accepts, stores, and sends information
      • Keeps personal information with a high degree of security and portability
      • Provides secure enterprise-wide access control
  • Token-Based Security: Something You Have
      • Provides tamper-resistant storage and transport for critical data
      • Used in encryption systems, to store digital keys, and to create one-time passwords
    • Vulnerabilities associated with using smart cards:
      • Theft and loss of tokens
        • Unauthorized finder will be able to gain access under the legitimate user’s authorizations
  • Biometrics: Something You Are
    • Biometrics – authentication using physical characteristics
    • Subject asserts identity by presenting a unique personal characteristic such as a fingerprint
      • Highly secure because they confirm identity by means of physical characteristics that cannot be duplicated
      • Very effective, since physical characteristics might change slowly over time but they are impossible to lose
  • Biometrics: Something You Are
    • Problem with biometric technology:
      • Still in its infancy
      • Can fail due to its dependency on advanced processing capabilities
      • When it comes to the identity process, possible failures include:
        • False positives allow unauthorized individuals to access system resources
        • False negatives deny authorized people access
  • Combining Approaches: Multifactor Authentication
    • Multifactor authentication – combination of two or three different approaches to create a single access control function
      • It increases the level of security
        • Example: automatic teller machine (ATM)
  • Approaches for Establishing Identity in Cyberspace
    • Digital signatures: asserting identity using cryptography
      • Signatures generated from the message itself by mathematical means
        • MD-5 algorithm
        • Message digests
    • Digital certificates: utilizing trust infrastructures
      • Third party confirmation that verifies that the message did indeed come from the entity it claims to have come from
      • Certification supported by Public Key Infrastructures (PKIs)
        • PKIs verify, enroll, and certify users
        • PKIs serve as the trusted third party
  • Approaches for Establishing Identity in Cyberspace
    • Digital certificate is a public document that contains:
      • Information that identifies a user
      • User’s encryption key
      • Validity period for the certificate and other information
  • Mutual Authentication: Ensuring Identity During Transmission
    • A process in which each side of an electronic communication verifies the authenticity of the other during message transmission
      • Ensures the integrity of the transmission process as well as the message sent
      • Especially important when remote clients are attempting to assert their identity to servers
  • Mutual Authentication: Ensuring Identity During Transmission
    • Kerberos
      • Uses encryption, so a client can prove its identity to a server which in turn can authenticate itself to the client within a secure transaction
  • Mutual Authentication: Ensuring Identity During Transmission
    • Challenge Handshake Authentication Protocol (CHAP)
      • Provides authentication services across a point-to-point link employing the Point-to-Point Protocol (PPP) part of the Internet
  • Authorization: Controlling Access
    • Authorization asserts specific rights to use the system, which have been granted to a subject
      • Rights are referred to as permissions or privileges – based on the concept of “trust”
      • Trusted subjects are allowed access to specified objects
      • Security domain – A systematic point of reference on which determination, assignment, and monitoring of access is based
        • Incorporates all related objects, with common protection needs, into a single manageable entity
  • Policy-Based Access Control
    • Access control list (ACL) – most frequent example of policy-based access control
  • Discretionary Access Control (DAC)
    • It lets the owner of a file or physical object selectively grant or deny access to users
      • Most common model in large systems
  • Discretionary Access Control (DAC)
    • Role-based access control (RBAC) is a common form of discretionary access control
      • Involves the assignment of access permissions to objects that are associated with given roles
  • Discretionary Access Control (DAC)
    • Content-dependent access control
      • Used to control access to record-intensive applications such as databases
      • Capability-based system – access is granted if the user possesses a capability (ticket)
        • Authorization Table Matrix (ATM) manages the assignment of access privileges
      • Advantage: achieves a greater level of granularity in the process and it is both simple and intuitive
      • Disadvantage: Machine-intensive; requires a very high level of computer performance
  • Discretionary Access Control (DAC)
    • Temporal access control – Event driven and dynamic
      • Whether access is granted, and the type of access given is determined by:
        • The time of day
        • The point of origin
        • How many times the individual identity attempted to access the system
        • The number of password attempts
      • Advantage: allows anticipation and protection from undesirable events
      • Disadvantage: chain of events that lead to a given decision is not always predictable
  • Mandatory Access Control (MAC)
    • MAC restricts a subject’s access to objects based on a set of security attributes
      • Used when policy dictates that:
        • Protection decisions must not be decided by the object owner
        • The system must enforce the protection decisions over the wishes or intentions of the object owner
      • Prevents arbitrary object sharing
      • Uses a specific set of policies or security rules to define the sharing of data within the organization
  • Mandatory Access Control (MAC)
    • Access is controlled automatically by the system using set criteria
  • Real-World Access Control: Automating the Process
    • A reference monitor implemented either operationally or within the operating system
    • Real-time and dynamic allocation of access privileges
      • Situation can involve internal and external processes and applications
      • Accesses must be managed securely in real time for the system to meet its required objectives
      • System must be able to distinguish instantly and correctly assign the rights for each individual identity
        • As well as determine what each can and cannot access
  • Real-World Access Control: Automating the Process
    • Automated identity management system requires five basic conditions:
      • Identity architecture – establishing the identity infrastructure
      • Privilege setting – establishing the rights of each identity
      • Identity reference – automating the process
        • Reference monitor involves three factors: completeness, and isolation, verifiability
      • Enforcement of privileges – guarding the door
      • Continuous maintenance – keeping the system current
  • Setting Up the System: Account Management
    • Account management is the day-to-day face of any automated access control system
      • Ensures that identity data are accurate and up to date
      • Ensures that the monitoring and enforcement system is operating as intended
      • Links user identities to specific applications, databases, and services
      • Built around three related processes:
        • Creation of new system access
        • Modification to system access
        • Termination of system access
  • Intrusion Detection: Backstopping Access Control
    • Access control is backstopped by intrusion detection
    • Information assurance has four general goals:
      • Preventive – avoid the occurrence
      • Detective – identify characterize the occurrence
      • Corrective – remedy the circumstance
      • Compensating – provide alternative control
    • Intrusion detection is a purely detective activity
  • Intrusion Detection Systems: Keeping the Perimeter Secure
    • Designed to sit on the perimeter and detect, characterize, and report on any suspicious attempts to access a protected space
      • Built around boundary sensors - a software utility that is located at the perimeter of the protected space and monitors traffic
        • Term commonly used to describe this utility is intrusion detection system (IDS)
        • Intrusion prevention systems (IPSs)
  • Types of Intrusion Detection: Automated versus Human Centered
    • Automated: when instantaneous response is needed
    • Human-centered: if time will allow for a more considered response
    • Two types of IDS:
      • Network-Based IDS (NIDS) – detect attacks by capturing and analyzing network packets
      • Host-Based IDS (HIDS) – Operate on information collected and analyzed by an individual computer system
  • Common Network-Based IDS (NIDS)
    • Pattern-matching IDS
      • Scans incoming network packets for specific byte sequence signatures stored in a database of known attacks
    • State-matching IDS
      • Scans for attack behaviors in the traffic stream itself rather than the presence of an individual packet signature
    • Analysis engine methods
      • Use anomalous behavior as the basis for their response
        • Example: Statistical anomaly-based IDS
  • Common Network-Based IDS (NIDS)
    • Protocol anomaly-based methods
      • Capable of using feedback from prior attempts to refine their approach
    • Traffic anomaly-based methods
      • Watch for unusual traffic activities, suddenly appearing on the network
  • Common Network-Based IDS (NIDS)
    • Summary
  • Host-Based IDS (HIDS)
    • Work through the audit function and monitoring audit trails
      • A record of system activities usually generated by the system
      • Types of events captured in an audit trail include:
        • Network connection event data
        • System-level event data
        • Application-level event data
        • User-level event data
        • Keystroke activity
      • Primary issue is the volume of data that must be examined for this understanding to be adequate
  • Security Assessments: Penetration Testing
    • “Pen” testing denotes activities undertaken to identify and exploit security vulnerabilities
      • Evaluates system security by attacking it
      • Aimed at the security conditions that are the most common targets of intruders
      • Types of pen tests include:
        • Zero-knowledge – where the tester has no relevant information about the target
        • Partial-knowledge – where the tester may have some information about the target
        • Full-knowledge – the tester has intimate knowledge of the target environment
  • Security Assessments: Penetration Testing
      • Pen-testing methods are based on four activities:
        • Discovery
        • Enumeration
        • Vulnerability mapping
        • User and privilege access
      • Resultant report can help to identify:
        • Vulnerabilities of the system
        • Gaps in security measures
        • IDS and intrusion response capability
        • Whether anyone is monitoring audit logs
        • How suspicious activity is reported
        • Potential countermeasures
  • Security Assessments: Penetration Testing
      • Various types of penetration-testing strategies include:
        • Application security testing
        • Denial of Service (DoS) testing
        • War dialing
        • Wireless network penetration testing
        • Social engineering
      • Internal procedures focus on identifying anomalies in the internal IT environment and include:
        • Blind tests
        • Double-blind test
        • Targeted tests
  • Common Access Control Models
    • Access control models enforce policies
      • Must be specifically designed to embody the organization’s overall approach to security
      • Three types of models in common use in the industry today:
        • Confidentiality/Classification-based models – Bell- LaPadula
        • Integrity-based models – Biba
        • Transaction-based models – Clark-Wilson
  • Classification-Based Security Models: Bell-LaPadula
    • A framework that manages different classification levels intended to limit disclosure of information between dissimilar levels
      • It is known as a multilevel security system
      • It uses a hierarchical classification structure
  • Classification-Based Security Models: Bell-LaPadula
    • Bell-LaPadula
      • Employs both mandatory and discretionary access control mechanisms
        • Implements two security rules - “no-read-up” and “no-write-down.”
      • Centers on a set of subjects along with data objects and their relative security levels
      • Classification level of the object and the access rights of the subject determine:
        • What data the subject is authorized to access
        • What they may legitimately do with it
  • Integrity-Based Security Models: Biba
    • It is a formal approach centered on ensuring the integrity of subjects and objects in a system
      • Primary objective: limit the modification of information, rather than its flow between levels
  • Integrity-Based Security Models: Biba
    • Biba operates on two simple rules:
      • A subject with a lower classification cannot write data to a higher classification
      • A subject with a higher classification cannot read data from a lower classification
    • Biba model is called an information flow model
  • Transaction-Based Security Models: Clark-Wilson
    • This model uses transactions as the basis for its access control decision making
      • Defines two levels of integrity:
        • Constrained data items (CDI) – the controlled assets
        • Unconstrained data items (UDI) – not deemed valuable enough to control
      • Defines two types of processes to control CDIs:
        • Integrity verification processes (IVP) – ensure that the CDI meets specified integrity constraints
        • Transformation processes (TP) – change the state of data from one valid state to another
  • Transaction-Based Security Models: Clark-Wilson
      • Validation of integrity is done to ensure that:
        • The data item being modified is valid
        • The results of the modification are valid