Upcoming SlideShare
Loading in...5




Information Assurance for the Enterprise

Information Assurance for the Enterprise



Total Views
Views on SlideShare
Embed Views



1 Embed 11 11



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Chapter006 Chapter006 Presentation Transcript

    • Chapter 6 Ensuring Controlled Access
    • Objectives
      • The fundamental principles of access control
      • How to structure and conduct the authorization process
      • Common access control models
    • Access Control
      • Access control – describes the regulation of interaction between subjects and objects within a given environment
        • Degree of regulation will determine how comprehensive and robust the overall protection scheme will be
      • With information assurance:
        • Subjects are people or processes
        • Processes can be either managerial or technical
        • Objects can be anything appropriately accessed by a valid subject
    • Principles of Access Control
      • Implementing and managing the access control process can be a very complex activity
      • Access control process centers around three principles:
        • Identity – asserts and verifies the user’s identity
        • Authority – authorizes user access privileges
        • Accountability – tracks user actions, analyzes and reports
    • Establishing Identity
      • The principle of identity is composed of two functions:
        • Identification function establishes the identity of every person or process that seeks access
        • Authentication function confirms that it is valid
    • Passwords: Something You Know
      • The simplest and most economical means of identifying an individual
        • Password management system will consistently:
          • Allow legitimate users to directly register for access
          • Allow forgotten passwords to be authenticated and reset by user
          • Allow IT support staff to authenticate callers for password management
          • Synchronize users across a range of platforms
          • Provide for immediate cancellation of passwords
    • Passwords: Something You Know
      • Problem with passwords
        • Memory
          • Limitation of human memory to remember multiple passwords
          • Writing them down is a serious violation of information assurance or security protocol
        • Usage vulnerabilities
          • Short passwords – easily compromised by brute force, guessed or obtained through surreptitious means
    • Passwords: Something You Know
      • Single sign-on
        • Coordinates passwords across a range of platforms and applications
    • Passwords: Something You Know
      • One-time password
        • Shortening the period of use of the password
    • Token-Based Security: Something You Have
      • Tokens – identification and authorization devices presented at the time of access
        • Function similar to a key and lock
      • Most frequently used authentication device is the smart card, or swipe card
        • Embedded semiconductor chip accepts, stores, and sends information
        • Keeps personal information with a high degree of security and portability
        • Provides secure enterprise-wide access control
    • Token-Based Security: Something You Have
        • Provides tamper-resistant storage and transport for critical data
        • Used in encryption systems, to store digital keys, and to create one-time passwords
      • Vulnerabilities associated with using smart cards:
        • Theft and loss of tokens
          • Unauthorized finder will be able to gain access under the legitimate user’s authorizations
    • Biometrics: Something You Are
      • Biometrics – authentication using physical characteristics
      • Subject asserts identity by presenting a unique personal characteristic such as a fingerprint
        • Highly secure because they confirm identity by means of physical characteristics that cannot be duplicated
        • Very effective, since physical characteristics might change slowly over time but they are impossible to lose
    • Biometrics: Something You Are
      • Problem with biometric technology:
        • Still in its infancy
        • Can fail due to its dependency on advanced processing capabilities
        • When it comes to the identity process, possible failures include:
          • False positives allow unauthorized individuals to access system resources
          • False negatives deny authorized people access
    • Combining Approaches: Multifactor Authentication
      • Multifactor authentication – combination of two or three different approaches to create a single access control function
        • It increases the level of security
          • Example: automatic teller machine (ATM)
    • Approaches for Establishing Identity in Cyberspace
      • Digital signatures: asserting identity using cryptography
        • Signatures generated from the message itself by mathematical means
          • MD-5 algorithm
          • Message digests
      • Digital certificates: utilizing trust infrastructures
        • Third party confirmation that verifies that the message did indeed come from the entity it claims to have come from
        • Certification supported by Public Key Infrastructures (PKIs)
          • PKIs verify, enroll, and certify users
          • PKIs serve as the trusted third party
    • Approaches for Establishing Identity in Cyberspace
      • Digital certificate is a public document that contains:
        • Information that identifies a user
        • User’s encryption key
        • Validity period for the certificate and other information
    • Mutual Authentication: Ensuring Identity During Transmission
      • A process in which each side of an electronic communication verifies the authenticity of the other during message transmission
        • Ensures the integrity of the transmission process as well as the message sent
        • Especially important when remote clients are attempting to assert their identity to servers
    • Mutual Authentication: Ensuring Identity During Transmission
      • Kerberos
        • Uses encryption, so a client can prove its identity to a server which in turn can authenticate itself to the client within a secure transaction
    • Mutual Authentication: Ensuring Identity During Transmission
      • Challenge Handshake Authentication Protocol (CHAP)
        • Provides authentication services across a point-to-point link employing the Point-to-Point Protocol (PPP) part of the Internet
    • Authorization: Controlling Access
      • Authorization asserts specific rights to use the system, which have been granted to a subject
        • Rights are referred to as permissions or privileges – based on the concept of “trust”
        • Trusted subjects are allowed access to specified objects
        • Security domain – A systematic point of reference on which determination, assignment, and monitoring of access is based
          • Incorporates all related objects, with common protection needs, into a single manageable entity
    • Policy-Based Access Control
      • Access control list (ACL) – most frequent example of policy-based access control
    • Discretionary Access Control (DAC)
      • It lets the owner of a file or physical object selectively grant or deny access to users
        • Most common model in large systems
    • Discretionary Access Control (DAC)
      • Role-based access control (RBAC) is a common form of discretionary access control
        • Involves the assignment of access permissions to objects that are associated with given roles
    • Discretionary Access Control (DAC)
      • Content-dependent access control
        • Used to control access to record-intensive applications such as databases
        • Capability-based system – access is granted if the user possesses a capability (ticket)
          • Authorization Table Matrix (ATM) manages the assignment of access privileges
        • Advantage: achieves a greater level of granularity in the process and it is both simple and intuitive
        • Disadvantage: Machine-intensive; requires a very high level of computer performance
    • Discretionary Access Control (DAC)
      • Temporal access control – Event driven and dynamic
        • Whether access is granted, and the type of access given is determined by:
          • The time of day
          • The point of origin
          • How many times the individual identity attempted to access the system
          • The number of password attempts
        • Advantage: allows anticipation and protection from undesirable events
        • Disadvantage: chain of events that lead to a given decision is not always predictable
    • Mandatory Access Control (MAC)
      • MAC restricts a subject’s access to objects based on a set of security attributes
        • Used when policy dictates that:
          • Protection decisions must not be decided by the object owner
          • The system must enforce the protection decisions over the wishes or intentions of the object owner
        • Prevents arbitrary object sharing
        • Uses a specific set of policies or security rules to define the sharing of data within the organization
    • Mandatory Access Control (MAC)
      • Access is controlled automatically by the system using set criteria
    • Real-World Access Control: Automating the Process
      • A reference monitor implemented either operationally or within the operating system
      • Real-time and dynamic allocation of access privileges
        • Situation can involve internal and external processes and applications
        • Accesses must be managed securely in real time for the system to meet its required objectives
        • System must be able to distinguish instantly and correctly assign the rights for each individual identity
          • As well as determine what each can and cannot access
    • Real-World Access Control: Automating the Process
      • Automated identity management system requires five basic conditions:
        • Identity architecture – establishing the identity infrastructure
        • Privilege setting – establishing the rights of each identity
        • Identity reference – automating the process
          • Reference monitor involves three factors: completeness, and isolation, verifiability
        • Enforcement of privileges – guarding the door
        • Continuous maintenance – keeping the system current
    • Setting Up the System: Account Management
      • Account management is the day-to-day face of any automated access control system
        • Ensures that identity data are accurate and up to date
        • Ensures that the monitoring and enforcement system is operating as intended
        • Links user identities to specific applications, databases, and services
        • Built around three related processes:
          • Creation of new system access
          • Modification to system access
          • Termination of system access
    • Intrusion Detection: Backstopping Access Control
      • Access control is backstopped by intrusion detection
      • Information assurance has four general goals:
        • Preventive – avoid the occurrence
        • Detective – identify characterize the occurrence
        • Corrective – remedy the circumstance
        • Compensating – provide alternative control
      • Intrusion detection is a purely detective activity
    • Intrusion Detection Systems: Keeping the Perimeter Secure
      • Designed to sit on the perimeter and detect, characterize, and report on any suspicious attempts to access a protected space
        • Built around boundary sensors - a software utility that is located at the perimeter of the protected space and monitors traffic
          • Term commonly used to describe this utility is intrusion detection system (IDS)
          • Intrusion prevention systems (IPSs)
    • Types of Intrusion Detection: Automated versus Human Centered
      • Automated: when instantaneous response is needed
      • Human-centered: if time will allow for a more considered response
      • Two types of IDS:
        • Network-Based IDS (NIDS) – detect attacks by capturing and analyzing network packets
        • Host-Based IDS (HIDS) – Operate on information collected and analyzed by an individual computer system
    • Common Network-Based IDS (NIDS)
      • Pattern-matching IDS
        • Scans incoming network packets for specific byte sequence signatures stored in a database of known attacks
      • State-matching IDS
        • Scans for attack behaviors in the traffic stream itself rather than the presence of an individual packet signature
      • Analysis engine methods
        • Use anomalous behavior as the basis for their response
          • Example: Statistical anomaly-based IDS
    • Common Network-Based IDS (NIDS)
      • Protocol anomaly-based methods
        • Capable of using feedback from prior attempts to refine their approach
      • Traffic anomaly-based methods
        • Watch for unusual traffic activities, suddenly appearing on the network
    • Common Network-Based IDS (NIDS)
      • Summary
    • Host-Based IDS (HIDS)
      • Work through the audit function and monitoring audit trails
        • A record of system activities usually generated by the system
        • Types of events captured in an audit trail include:
          • Network connection event data
          • System-level event data
          • Application-level event data
          • User-level event data
          • Keystroke activity
        • Primary issue is the volume of data that must be examined for this understanding to be adequate
    • Security Assessments: Penetration Testing
      • “Pen” testing denotes activities undertaken to identify and exploit security vulnerabilities
        • Evaluates system security by attacking it
        • Aimed at the security conditions that are the most common targets of intruders
        • Types of pen tests include:
          • Zero-knowledge – where the tester has no relevant information about the target
          • Partial-knowledge – where the tester may have some information about the target
          • Full-knowledge – the tester has intimate knowledge of the target environment
    • Security Assessments: Penetration Testing
        • Pen-testing methods are based on four activities:
          • Discovery
          • Enumeration
          • Vulnerability mapping
          • User and privilege access
        • Resultant report can help to identify:
          • Vulnerabilities of the system
          • Gaps in security measures
          • IDS and intrusion response capability
          • Whether anyone is monitoring audit logs
          • How suspicious activity is reported
          • Potential countermeasures
    • Security Assessments: Penetration Testing
        • Various types of penetration-testing strategies include:
          • Application security testing
          • Denial of Service (DoS) testing
          • War dialing
          • Wireless network penetration testing
          • Social engineering
        • Internal procedures focus on identifying anomalies in the internal IT environment and include:
          • Blind tests
          • Double-blind test
          • Targeted tests
    • Common Access Control Models
      • Access control models enforce policies
        • Must be specifically designed to embody the organization’s overall approach to security
        • Three types of models in common use in the industry today:
          • Confidentiality/Classification-based models – Bell- LaPadula
          • Integrity-based models – Biba
          • Transaction-based models – Clark-Wilson
    • Classification-Based Security Models: Bell-LaPadula
      • A framework that manages different classification levels intended to limit disclosure of information between dissimilar levels
        • It is known as a multilevel security system
        • It uses a hierarchical classification structure
    • Classification-Based Security Models: Bell-LaPadula
      • Bell-LaPadula
        • Employs both mandatory and discretionary access control mechanisms
          • Implements two security rules - “no-read-up” and “no-write-down.”
        • Centers on a set of subjects along with data objects and their relative security levels
        • Classification level of the object and the access rights of the subject determine:
          • What data the subject is authorized to access
          • What they may legitimately do with it
    • Integrity-Based Security Models: Biba
      • It is a formal approach centered on ensuring the integrity of subjects and objects in a system
        • Primary objective: limit the modification of information, rather than its flow between levels
    • Integrity-Based Security Models: Biba
      • Biba operates on two simple rules:
        • A subject with a lower classification cannot write data to a higher classification
        • A subject with a higher classification cannot read data from a lower classification
      • Biba model is called an information flow model
    • Transaction-Based Security Models: Clark-Wilson
      • This model uses transactions as the basis for its access control decision making
        • Defines two levels of integrity:
          • Constrained data items (CDI) – the controlled assets
          • Unconstrained data items (UDI) – not deemed valuable enough to control
        • Defines two types of processes to control CDIs:
          • Integrity verification processes (IVP) – ensure that the CDI meets specified integrity constraints
          • Transformation processes (TP) – change the state of data from one valid state to another
    • Transaction-Based Security Models: Clark-Wilson
        • Validation of integrity is done to ensure that:
          • The data item being modified is valid
          • The results of the modification are valid