Вы находитесь на странице: 1из 30

Chapter-1 Access control Systems & Methodology


Intrusion Detection Systems (IDS) :

An IDS gathers and analyses from within a computer or network, to identify the possible violations of security policy, including unauthorized access, as well as misuse. An IDS also referred to as a packet-sniffer which intercepts packets travelling along various communication mediums and protocols usually TCIP/IP. The packets are analysed after they are captured. An IDS evaluates a suspected intrusion once it has taken place and signals an alaram.

Three ways to detect an intrusion: o o o Signature Recognition- it is also known as misuse detection. Signature recognition tries to identify events that misuse a system. Anomaly detection:- it detects the intrusion based on the fixed behaviroal characterstics of the users and components in a computer system. Protocol Anomoly Detection: - in this type of detection, models are built on TCP/IP protocols using their specfications.

Tripwire is a system integrity verifiers that monitors system files and detects changes by an intruder.

Page 1 of 30

Chapter-1 Access control Systems & Methodology

Page 2 of 30

Chapter-1 Access control Systems & Methodology

Page 3 of 30

Chapter-1 Access control Systems & Methodology

Page 4 of 30

Chapter-1 Access control Systems & Methodology

Page 5 of 30

Chapter-1 Access control Systems & Methodology

Honey pots , Padded Cells systems and Vulnerability analysis complement IDS to enhance an organizations ability to detect intrusion. Honey pot Systems : Event Triggers, Sensitive monitors, Event loggers. IDS serve as monitoring mechanisms, watching activities, and making decisions about the whether the observed events are suspicious. Firewall serve as Barrier Mechanisms. IDS look at security policy violations dynamically. IDS are analogous to security monitoring cameras. Vulnerability analysis systems take a static view of symptoms. IDS detected and reported : System scanning attacks, DOS attack, system Penetration attacks. Honey pots and Padded Cells systems have Legal Implications. Classification of IDS: Network-based IDS, Host-based IDS, Application- based IDS. Signature-based IDS- is the primary technique used by commercial systems to analyse events to detect attacks. Page 6 of 30

Chapter-1 Access control Systems & Methodology

Anomaly-based IDS- the subject of much research and is used in a limited form by a number of IDS. Firewalls are complement to IDS. Respond is the most important part of IDS and containment. Reporting is the last step in the IDS and containment process. The process engine is the heart of the IDS. A Mutation engine is used to proliferate polymorphic virus. IDS and Firewall do INTERACT. IDS detects a DOS attack. A major issue with IDS False-positive notification with Anamoloy-based IDS. IDS Can do Report alteration to data files, Trace user activity, interpret system logs and Recognize a known type of attack. Audit Trails : If audit trails have been designed and implemented to record appropriate information, they can assist in IDS. Intrusions can be detected in real time, by examining audit records as they are created or after the fact.

Access control techniques:

Page 7 of 30

Chapter-1 Access control Systems & Methodology

Page 8 of 30

Chapter-1 Access control Systems & Methodology

Page 9 of 30

Chapter-1 Access control Systems & Methodology

Page 10 of 30

Chapter-1 Access control Systems & Methodology

Role-based access control: Excessive turnover of employees.e.g. Bank Teller,doctor,nurse, manager. Its an eg. of NON-DAC. It is based on job duties concept.

Page 11 of 30

Chapter-1 Access control Systems & Methodology

Rule-based access control: Rule-based and MAC are the same since they are based on specific rules relating to the nature of the subject and object. It is based on access rules. Discretionary Access Controls:

Page 12 of 30

Chapter-1 Access control Systems & Methodology

is a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. A DAC model uses access control matrix where it places the name of users(subjects) in each row and the names of objects(file or programs) in each column of a matrix. It treats users and owners are the same.
Access is based on the authorization granted to the user, It uses access control list, It uses grant and revoke access to objects.

An access control matrix is placing the name of Users in each row and the names of ojbects in each column. Example of objects are : records, programs, pages, files, directories etc. An access control matrix describes an association of objects and subjects for authentication of access rights. Identity-based policy and User-directed policy are eg. DAC. ACLs: ACLs techniques provide a straightforward way of granting and denying access to for a specified user. An ACL is an object associated with a file and containing entries specifying the access that individual users or groups of users have to the file.Access control list is most commonly used in the implementation of an access control matrix. Mandatory Access Controls :

A MAC restrict access to objects based on the sensitivity of the information contained in the objects and the formal authorization(i.e.clearence) of ojbects to access information of such sensitivity.it uses security labels. Simplest to amdiminster. A security label or access control mechanism is supported by MAC.Security Labels are very strong form of access control. e.g. Rule-based policy e.g. MAC. Access Control Mechanisms: Logical ( passwords and encryption)
Page 13 of 30

Chapter-1 Access control Systems & Methodology

Physical(keys and tokens) Administrative(forms and procedures) controls . Directive,preventive,detective,corrective and recovery controls are controls by action. Management , operational , and technical controls are controls by nature.

Non-DAC: Lattice security model is based on non-DAC. Access to computer facilities and records is limited to authorized personnel on an as needed basis.

Principle of Least Privilege: Appropriate Privileges.

Each user(subject) is granted the lowest clearance needed to perform authorized tasks.it most closely linked to. Integrity. Security features: The granularity of privilege The time bounding of privilege Privilege inheritance

Consistent with the Principle of Least Privilege: Re-authorization when employees change positions Users have little access to systems. Users have significant access to systems.

Authorization creep: occurs when employees continue to maintain access rights for previously held positions within an organization and it is a security vulnerability.

I&A techniques:

Page 14 of 30

Chapter-1 Access control Systems & Methodology

Password Management Preventive control. A virtual password is a password computed from a passphrase that meets the requirements of the password storage(e.g.56 bits for DES). User IDs and Passwords are first line of defence against potential security threats ,risks or losses to the network. Use of login IDs and passwords is the most commonly used mechanism for providing static verification of a user. Using password advisors is the most effective method for password creation. A more simple and basic login controls include : validating username and password. Password secrecy cannot be tested with automated vulnerability testing tools. Use randomly generated characters password selection procedure would be the most difficult to remember. Password can be stored in password file preferably encrypted. Password sharing , password guessing and password capturing are the most commonly used methods to gain unauthorized access..

Page 15 of 30

Chapter-1 Access control Systems & Methodology

Access Control Mechanisms: Logical Access Control: e.g. Passwords, PINs and encryption. Computer based access controls are called logical access controls. It helps to protect. Availability- Operating system and other systems software from unauthorized modification or manipulation.(and there by help to ensure the systems integrity and availability). The integrity and availability of information by restricting the number of users and processes with access. Confidential information from being disclosed to unauthorized individuals. Logical access control mechanisms rely on physical access controls- Application system access controls, operating system access controls, Utility programs are heavily dependent on logical access controls to protect against unauthorized access.

Physical Access Control: Administrative Access control:

Page 16 of 30

Chapter-1 Access control Systems & Methodology

FAR/FRR/CER good measure of performance of biometric-based identification and authentication technique.Type-I error is false rejection and Type-II error is false acceptance of imposters.

Kerberos identification and authentication technique involves a ticket that is linked to a users password to authenticate a system user. The Key-distribution-server is a major vulnerability with Kerberos.56bit size. Pre-authentication is required to thwart attacks against a Kerberos security server. Kerberos uses a trusted third party, Kerberos is a credential-based authentication system, Kerberos uses symmetric-key cryptography. Kerberos is a(n): Ticket-oriented protection system. A replay attack refers to the recording and retransmission of message packets in the network.it can be prevented by using packet time-stamping. Kerberos can prevent playback(replay)attack. Most to least protection against replay attacks: Challenge response, one-time password, password and PIN, and Password only.

Kerberos used : Managing encryption keys, Managing centralized access rights, Managing access permissions.

Page 17 of 30

Chapter-1 Access control Systems & Methodology

Kerberos based authentication system would reduce the risk of impersonation in an environment of networked computer systems. Authentication services can best provided by Kerberos.(defacto standard) Weakness of Kerberos: Subject to dictionary attacks Every network application must be modified.

Strength of Kerberos: Works with an existing security systems software Intercepting and analysing network traffic is difficult. The major advantage of a SSO- goes beyond convenience.

Secure RPC and SPX provides a robust authentication mechanism over distributed environments. SecureID: Is a token from RSA , inc. Authentication mechanisms: what the user knows, what the user has, what the user is.

Page 18 of 30

Chapter-1 Access control Systems & Methodology

A more reliable authentication device is a : Smart card system. An example of drawback of smart card includes A means of gaining unauthorized access. Smart card: as a means of access control, as a medium for storing and carrying the appropriate data , a means of access control and data storage. Robust Authentication: is provided by Keberos , One-Time Passwords,Challengeresponse exchanges, Secure RPC and Digital Certificates. Address-based access mechanisms : creates a security problem. It use IP source addresses, wich are not secure and subject to IP address spoofing attacks. The IP address deals wih Identification. Location-based: where the user is authentication techniques is impossible to forge.it deals with physical address.its used for continuous authentication. Token-based: token as a means of identification and authentication. Web-based access mechanisms:uses a secure protocols to accomplish authentication. Password and PINs are vulnerable to guessing , interception, or brute force attack.
Page 19 of 30

Chapter-1 Access control Systems & Methodology Biometrics can be vulnerable to interception and replay attacks.
Biometric system:

user identification and authentication techniques depend on reference profiles or templates. Impersonation attacks involving the use of physical keys and biometric checks are less likely due to the need for the network attacker to be physically near the biometric equipment. Protective Measures is effective against multiple threats: Access Logs,Encryption,Audit Trails. Security mechanisms is least efficient and least effective: Recurring password.(weak security mechanisms). Cryptography authentication techniques require additional work in administering the security. Access Controls: Physical access controls: Operating system access controls: Communication system access controls: Application system access control most specific.
Page 20 of 30

Chapter-1 Access control Systems & Methodology

There are trade-offs among controls. A security policy would be most useful in Access versus confidentiality. Technical controls versus procedure controls.

Controlling access to the network is provided by Identification and authentication pair of high-level system services. Authentication is a protection against fraudulent transactions: The validity of message location being sent. The validity of workstations that sent the message. The validity of the message originator.

Identification techniques provide strong user authentication: What the user is (PIN+combined with fingerprint) for high dollar transactions. What the user has(bank automated teller machine card) What the user knows

Access Control Models:

The ClarkWilson Security model :

providing data integrity for common commercial activities. Separation of duties concept. An access triple subject, program and data. Biba Security Model:

Page 21 of 30

Chapter-1 Access control Systems & Methodology

Integrity model in which no subject may depend on a less trusted object, including another subject. Take-Grant Security: Access rights Chinese Wall: Access control problem. Bell-Lapadula model:

security clearance and sensitivity classification. It deals with *-Property (No-write down is allowed).it addresses confidentiality by describing different security levels of security classifications

Page 22 of 30

Chapter-1 Access control Systems & Methodology

for documents. These classification levels from least sensitive to most insensitive , include Unclassifed, confidential , secret and Top Secret. Bell-Lapadula model and information flow models are used to protect the confidentiality of classified information.

Page 23 of 30

Chapter-1 Access control Systems & Methodology

Page 24 of 30

Chapter-1 Access control Systems & Methodology

Page 25 of 30

Chapter-1 Access control Systems & Methodology

Access Control definitions:

Access control mechanisms: Identification, authentication, authorization and accountability. Authorization comes after authentications. Static authentication: uses reusable passwords , which can be compromised by replay attacks. Robust authentication : includes one-time passwords and digital signatures, which can be compromised by session hijacking.
Page 26 of 30

Chapter-1 Access control Systems & Methodology

Continuous authentication protects against impostors(active attacks) by applying a digital signature algorithm to every bit of data that is sent from the claimant to the verifier. It Prevents session hijacking.
Two-factor authentication: A two-factor authentication uses two different kinds of evidence. For eg. , A challenge-response token card typically requires both physical possession of the card(something you have , one factor) and a PIN(something you know, another factor). Tokens and Firewalls: Token provides a strong authentication for centralized authentication servers when used with firewalls. For basic authentication, User IDs, Password and account numbers are used for internal authentication. Centralized authentication servers such as RADIUS,TACACS/TACACS+ can be integrated with token-based authentication to enhance administration security. Accountability: The concept of individual accountability drives the need for many security safeguards, such as unique (user) identifiers, audit trails and access authorization rules. Accountability means holding individual user responsible for their actions. Due to several problems with passwords they are considered to be the least effective in exacting accountability. The most effective controls for exacting accountability include a policy, authorization scheme, identification and authentication controls, access controls, audit trails, and audtiting. User Account Administration: An inherent risk is associated with logical access which is difficult to prevent or mitigate but can be identified via a review of audit trails. The risk associated with Missed authorized access. Properly authorized access , as well as misused authorized access, can use audit trail analysis. While users cant be prevented from using resources to which they have legitimate access authorization, audit trail analysis is used to examine their actions. Unauthorized access attempts whether successful or not can be detected through the analysis of audit trails. Many computer systems provide maintenance accounts. These special login accounts normally preconfigured at the factory with preset, widely known weak passwords. It is critical to change these passwords or otherwise disable the accounts until they are needed. If the account is to be used remotely, authentication of the maintenance provider can be performed using call-back confirmation. This helps ensure that remote diagnostic activities actually originate from an established phone number at the vendor site. Other techniques can also help ,including encryption and decryption of diagnostic communications, strong identification and authentication techniques, such as smart tokens and remote disconnect verifications. Access control Administration: The separation of duties principle , the least privilege principle; that is , users and processes in a system should have the least number of privileges and for the minimal period of time necessary to perform their assigned tasks. The authority and capacity to perform certain functions should be separated and delegated to different individuals. The principle is often applied to split the authority to write and approve monetary transactions between two people. It can also be applied to separate the authority to add users to a system and other system administrator duties from the authority to assign passwords, conduct audits, and perform other security administrator duties.

Penetration Tests:
The correct sequence: Inform the management about the test Develop a test plan
Page 27 of 30

Chapter-1 Access control Systems & Methodology

Conduct the test Report the test results. In terms of IS security, a penetration is defined as Attacks plus breach. Tiger Teams are NOT true: They prove that a computer system is secure. They are substitute for methodical testing. Tiger Teams are True : They can be effective when insider work is suspected. They represent another independent attack on the system. If the system has not been thoroughly tested prior to tiger team testing , it is a waste of effort and money because the approach will be effective. The tiger team test will get the attention of management. It provides a second lines of defence.


Separation of duties, job rotation, and mandatory vacations are management controls that can help in preventing fraud. Separation of duties: The greatest control exposure in a microcomputer(PC) environment is a Lack of separation of duties. The objective of separation of duties is that: NO one person has complete control over a transaction or an activity.

Page 28 of 30

Chapter-1 Access control Systems & Methodology

Program library controls allow only assigned programs to run in production and eliminate the problem of test programs accidently entering the production environment. They also separate production and testing data to ensure that no test data are used in normal production. This practice is based on the Separation of duties principle. Administrative Control: Lack of centralized function for PC acquisition, Lack of centralized function for PC disposition, Lack of distributed policies and procedure are administrative control such as PC acquisition policies and procedures.

Page 29 of 30

Chapter-1 Access control Systems & Methodology

Page 30 of 30