Академический Документы
Профессиональный Документы
Культура Документы
IDS :
Honey pots , Padded Cells systems and Vulnerability analysis complement IDS to enhance an
organization’s ability to detect intrusion.
IDS look at security policy violations dynamically. IDS are analogous to security
monitoring cameras.
IDS detected and reported : System scanning attacks, DOS attack, system
Penetration attacks.
Anomaly-based IDS- the subject of much research and is used in a limited form
by a number of IDS.
Respond is the most important part of IDS and containment. Reporting is the last
step in the IDS and containment process.
IDS Can do – Report alteration to data files, Trace user activity, interpret system
logs and Recognize a known type of attack.
Audit Trails : If audit trails have been designed and implemented to record
appropriate information, they can assist in IDS. Intrusions can be detected in real
time, by examining audit records as they are created or after the fact.
Page 1 of 8
Chapter-1 Access control Systems & Methodology
Rule-based access control: Rule-based and MAC are the same since they are based on
specific rules relating to the nature of the subject and object. It is based on access rules.
DAC: is a means of restricting access to objects based on the identity of subjects and/or
groups to which they belong. A DAC model uses access control matrix where it places the
name of users(subjects) in each row and the names of objects(file or programs) in each
column of a matrix. It treats users and owners are the same.
Access is based on the authorization granted to the user, It uses access control list, It uses grant and
revoke access to objects.
An access control matrix is placing the name of Users in each row and the names of ojbects
in each column.
Example of objects are : records, programs, pages, files, directories etc. An access control
matrix describes an association of objects and subjects for authentication of access rights.
ACLs: ACLs techniques provide a straightforward way of granting and denying access to for
a specified user. An ACL is an object associated with a file and containing entries specifying
the access that individual users or groups of users have to the file.Access control list is most
commonly used in the implementation of an access control matrix.
MAC: A MAC restrict access to objects based on the sensitivity of the information contained
in the objects and the formal authorization(i.e.clearence) of ojbects to access information of
such sensitivity.it uses security labels. Simplest to amdiminster. A security label or access
control mechanism is supported by MAC.Security Labels are very strong form of access
control.
Access to computer facilities and records is limited to authorized personnel on an “as needed”
basis.
Page 2 of 8
Chapter-1 Access control Systems & Methodology
Security features:
Authorization creep: occurs when employees continue to maintain access rights for
previously held positions within an organization and it is a security vulnerability.
I&A techniques:
Password Management –Preventive control.
A virtual password is a password computed from a passphrase that meets the requirements of
the password storage(e.g.56 bits for DES).
User IDs and Passwords are first line of defence against potential security threats ,risks or
losses to the network.
Use of login IDs and passwords is the most commonly used mechanism for providing static
verification of a user.
Using password “advisors” is the most effective method for password creation.
A more simple and basic login controls include : validating username and password.
Use randomly generated characters password selection procedure would be the most difficult
to remember.
Password sharing , password guessing and password capturing are the most commonly used
methods to gain unauthorized access..
Page 3 of 8
Chapter-1 Access control Systems & Methodology
Computer based access controls are called logical access controls. It helps to protect.
A replay attack refers to the recording and retransmission of message packets in the
network.it can be prevented by using packet time-stamping.
• Challenge response, one-time password, password and PIN, and Password only.
Kerberos used : Managing encryption keys, Managing centralized access rights, Managing
access permissions.
Weakness of Kerberos:
Page 4 of 8
Chapter-1 Access control Systems & Methodology
Strength of Kerberos:
Secure RPC and SPX provides a robust authentication mechanism over distributed
environments.
Authentication mechanisms: what the user knows, what the user has, what the user is.
Smart card: as a means of access control, as a medium for storing and carrying the
appropriate data , a means of access control and data storage.
Password and PINs are vulnerable to guessing , interception, or brute force attack.
Impersonation attacks involving the use of physical keys and biometric checks are less
likely due to the need for the network attacker to be physically near the biometric equipment.
Security mechanisms is least efficient and least effective: Recurring password.(weak security
mechanisms).
Page 5 of 8
Chapter-1 Access control Systems & Methodology
Access Controls:
There are trade-offs among controls. A security policy would be most useful in –
• What the user is (PIN+combined with fingerprint) for high dollar transactions.
• What the user has(bank automated teller machine card)
• What the user knows
Bell-Lapadula model and information flow models are used to protect the
confidentiality of classified information.
Page 6 of 8
Chapter-1 Access control Systems & Methodology
Static authentication: uses reusable passwords , which can be compromised by replay attacks.
Robust authentication : includes one-time passwords and digital signatures, which can be
compromised by session hijacking.
Page 7 of 8
Chapter-1 Access control Systems & Methodology
Penetration Tests:
The correct sequence:
• Inform the management about the test
• Develop a test plan
• Conduct the test
• Report the test results.
In terms of IS security, a penetration is defined as Attacks plus breach.
Fraud:
Separation of duties, job rotation, and mandatory vacations are management controls that can
help in preventing fraud.
Page 8 of 8