ACCESS CONTROL SYSTEMS

Access control systems are here to preserve info and make sure it is consistent and there when you need it (Integrity. ). So to ensure this, we classify people and separate them. (Separation of duties). That way we know who does what and what access to give them to what. The money you spend on access control must not exceed the amount of the info youre protecting. You determine the value of the info youre protecting by qualitative and quantative methods. Access control systems do 3 things. 1. Prevention of the modification of info by unauthorized users 2. prevention of modification of info by authorized users 3. preservation of internal and external consistency Availability: Systems must be available ensuring the systems authorized users have uninterrupted access. 3 things must be considered for the planning of access control mechanisms: threat, risk, and vulnerability One important term you will come across is least priviledge. When an access system grants users only those rights necessary for them to perform their work, then it is operating on the least privilege security principle. Least privilege addresses INTEGRITY! Controls Controls are implemented to mitigate risk and reduce the potential for loss. Controls can by preventive, detective or corrective. Preventive controls = put in place to inhibit harmful occurrences Detective controls = established to discover harmful occurrences Corrective controls = used to restore systems that are victims of attack To implement these measures, controls can be the following Administrative monitoring procedures people do. Such as vacation time, work habit checks, increased supervision, background checks. Also responsible for security awareness training Logical/technical-protection of info through encryption, biometrics,smart cards etc..

Physical controls locks, securing rooms, protection of cables, separation of duties. Controls provide accountability for individuals who are accessing sensitive information. Models for controlling access: This involves controlling access by a subject (person), to an object (file). In other words, allowing/disallowing your employees rights by implementing these 3 terms. Use the following 3 terms to determine what type of control to assign to different individuals in your company. Mandatory access control-(utilizes sensitivity labels) determined by rules, not by identity of the subjects or objects alone. So if Rodney is cleared for secret clearance. He should only read secret. Not anything higher, not anything lower. Here, people are cleared by their label. Just like documents that are labeled secret, top secret etc... Here, the subjects label indicates their clearance as well as the sensitivity of the object. In M.A.C., the sensitivity labels contain the items classification and category set. Here, the system determines access. Types: Rule based Discretionary Access control- identity based. Based on subjects identitywho they are. This subject has some authority. Discretionary access control is widely used in commercial environments. Discretionary control is the most common type of access control mechanism implemented in computer systems today. The basis of this kind of security is that an individual user, or program operating on the user's behalf, is allowed to specify explicitly the types of access other users (or programs executing on their behalf) Types: Identity based ; user-directed Non-discretionary control Here a central authority determines what subjects can have access to certain objects based on the organizational security policy. Role based and task based. In an organization where there are frequent personnel changes, this is perfect. Because this control is based on the persons role (job duties). Types: lattice ; role based ; task based Control combos -preventive/admin -preventive/tech -preventive/physical -detective/admin -detective/tech -detective/physical

Preventive/admin Emphasis on soft mechanisms. does preemployment background checks. Does classification labeling, vacation scheduling. Awareness training..Organizational policies and procedures.. Preventive/tech(logical controls) uses technology to enforce access control policies. Can be built into OS or be software. Or can be protocols, encryption, smart cards, biometrics. Preventive/physical . Intended to restrict the physical access to areas with systems holding sensitive info (aka security perimeter). / fences, badges, guards,dogs, multiple doors. Also used for backup data and storage areas. Detective/admin similar to preventive/admin. Organizational policies and procedures, Background checks, increased supervision, job rotation,review of audit records. Detective/tech intended to reveal violations of security policy. IDS systems and/or audit generating programs. You must protect audit (event viewer logs) so that you can see whats going on Detective/physical Usually require human to evaluate input from cameras, motion detectors, and thermal detectors. Identification and AuthenticationIdentification: establishes user accountability for the actions on system Identification is the act of a user professing an identity to a system, usually in the form of a log on id. Authentication is verification the person is who they say they are. AUTHENTICATION IS BASED ON THESE FACTORS Type 1. Something you know, such as pin or password Type 2 Something you have, ATM card/smart card Type 3 Something you are (finger print/retina scan) Sometimes you have 2-factor authentication. For example, withdrawing funds from an atm. You must have the atm card (something you have) and you must have the pin (something you know) PASSWORDS A good password should be 8 characters. Use a password adviser. Dynamic-changes with each log in Static-same password every time Token-form of credit card. Used to supply static and dynamic passwords. Something you have! One time password-New password is required for each new log in. (Password syncronisitation- less intrusive, improved security, lower costs) SMART CARDS-very effective form of authentication. RELIABLE! The following are the four types of smart cards Static password tokens

Synchronous dynamic tokens-done in a time period. New password each time Asynchronous dynamic password tokens-similar to above, except no time windows. Challenge response-has authentication mechanism in the workstation which determines if owner should be authenticated MANTRAPS MEASURE BODY WEIGHT BIOMETRICS-a 1 to 1 search to verify a persons claim of identity so that they can be authenticated An automated means of identification. Companies measure the performance of biometric systems in 3 ways -false rejection rate-percent of valid subjects that are falsely rejected -false acceptance rate-percentage of invalid subjects that are falsely accepted -crossover error rate percent in which the false rejection rate equals the false acceptance rate. A good biometric system should do 10 subjects per minute. (throughput) Acceptable enrollment time is 2 minutes (enrollment time) ONE PROBLEM : Position iris scan so sun doesnt shine in aperture! BIOMETRIC CHARACTERISTICS:]= 1.fingerprints (features from fingerprints are stored) 2. retina scans (blood vessel pattern) 3. iris scans 4. facial scans 5. palm scans 6. hand geometry 7. voice 8. hand written Single Sign on (ex: Passport) Addresses the cumbersome situation of logging on multiple times to access different resources. A user provides one id and password per work session and is automatically logged on to all required applications. For security, do not store passwords in clear. The advantages of SSo is that you can have stronger passwords (users wont have to remember or worst write down passwords). KERBEROS, SESAME, KRYPTOKNIGHT, and NETSP all utilize this.

AUTHENTICATION PROTOCOLS 1. Kerberos authenticates clients to other entities on a network and facilllitates communications through assignment of session keys(temp keys). Dependant upon symmetric ciphers. Private key cryptography Kerberos systems use private keys, and a
kerberos server must have copies of all keys on it, which requires a great deal of physical security. In contrast, in a properly designed PKI the public-key server contains only public keys or public certificates. The private keys of a PKI should be stored on the client machines, in a cryptographically secure manner. KERBEROS PREVENTS REPLAY ATTACKS! Subject to password guessing.

2. Sesame- authenticates by using the first block of a message only and not complete. Subject to password guessing. Developed to address weaknesses in Kerberos. 3. Kryptoknight-from IBM. Provides authentication, sso, and key distribution services. Designed to support computers with widely varying computational capabilities. Uses KDC. KDC authenticates user and sends user a ticket encrypted with secret key. NETSP is based on KRYPTOKNIGHT The difference between kryptoknight and Kerberos is that there is per to peer relations among parties .

Access Control methodologies

Access control implementations can be divided into two domains. Centralized and decentralized. Below are different recommendations for accessing network remotely (ex: ppp, slip, pptp etc..) 1. Centralized Access control (A)For dial up users, the standard RADIOUS can be used. RADIUS incorporates an authentication server and dynamic password. Callback can also be used. (Call forwarding defeats callback) (B)Another approach for dialing in (remote access)is CHAP. Challenge handshake authentication. Chap encrypts. (C)For networked applications, use TACAS. It uses a static password TACAS+ is even stronger using tokens for a two factor dynamic password

2. Decentralized/distributed access control A powerful approach to controlling access of info in a decentralized environment is through the use of databases. (A)Relational Database security Has three parts 1. data structures called tables or relations 2. integrity rules on allowable values 3. operators on the data in the tables The description of the database is called a schema, and the schema is defined by a DDL (data description language) For security, the DBMS can be set up so that only certain subjects are permitted to perform certain operations on the database. For example, a particular user can be restricted to certain info in the database and will no be allowed to view any other info. You can define this as a view A filter that only allows individuals to see the only things they are allowed to se. In this way, the view can be thought as implementing least privledge. A relation is the basis of a relational database and is represented by a two dimensional table. NOTE* The referential integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for its primary key. DATA NORMALIZATION-ensures that attributes in a table depend only on the primary key. This process makes it easier to maintain data and have consistent reports. (B)SQL
IBM made

Is a standard data manipulation and relational database definition language (C)Object Oriented Data Bases (OODB) Relational database models are ideal for business transactions where most of the information is in text form.

OODBs are useful in storing and manipulating complex data like images and graphics.. But it has a steep learning curve and high overheard IDS A system that is used to monitor network traffic or monitor host audit logs to determine if any violations of an organizations security policy have taken place. An ids can detect intrusion that have passed through a firewall or are occurring within the LAn behind the Firewall. A truly effective IDS will detect common attacks as they are occurring. NETWORK BASED IDS-(nic in sniffer mode. ) Involves real time info. Passive IDS. Network based IDS reviews packets and headers. The problem with this IDS is that it will not detect attacks against a host made by an intrude who is logged in at the hosts terminal. HOST BASED-(one 1 machine doesnt monitor network!) Host based review the systems event logs in order to detect and attack on the host and to determine if the attack was successful. As you can imagine, detection capabilities of host based ID systems are limited by the incompleteleness of the operating systems logging abilities. Uses AGENTS IDS DETECTION METHODS An ids detects an attack through 2 mechanisms. A signature based id or statiscal anomaly based ID. SIGNATURE BASED(aka knowledge based)-shows attacks. Uses database of previous attacks and known vulnerabilities. Compares to your IDS rules to determine if attack was successful. Weaknesses are that you cant detect attacks that are launched over a long period of time. Why? Well because only attack signatures stored in their database are detected. And if the attacker is slow, the ids system is unlikely to be able to store all the sigs. Also, new attacks go un-noticed. Statistical Anomaly based ID (aka behavior based) THEY LEARN! With this method, an IDS acquires data and defines a normal usage profile. With this approach, new attacks can be detected because they produce abnormal statistics. The disadvantage is pretty apparent here. It will not detect an attack that does not

significantly change the operating system characteristics. Or it may falsely detect a non attack event that had caused a momentary anonmaly in the system. HIGH FALSE ALARM RATE ACCOUNTABILITY Individuals on a system are responsible for their actions. Accountability is supported by audit trails. Monitoring individual activities such as keystroke monitoring should be done IAW the company policy. The following measures are used to compensate for both internal and external access violations -backups -raid -fault tolerance -business continuity planning -insurance