Akses Kontrol Contoh

University of Indonesia
Magister of Information Technology
Information Systems Security

Access Control
Arrianto Mukti Wibowo, M.Sc.,

Faculty of Computer Science
amwibowo@cs.ui.ac.id
Access Control Systems &

Methodology
University of Indonesia – University of Budi Luhur
Tujuan domain
• Mempelajari mekanisme dan metode

yang dipergunakan para
administrator/manager untuk mengontrol
apa yang boleh diakses user, termasuk
apa yang boleh dilakukan setelah
otentikasi dan otorisasi, termasuk
pemantauannya.
Topik bahasan
• Identification, • access control

• authentication, methods,
• authorization, • access control
• access control administration,
models, • threats to access
• access control controls
techniques,
Who?
How?
What is access control?

• Access control is the heart of security
• Definitions:
– The ability to allow only authorized users, programs or
processes system or resource access
– The granting or denying, according to a particular security
model, of certain permissions to access a resource
– An entire set of procedures performed by hardware, software
and administrators, to monitor access, identify users requesting
access, record access attempts, and grant or deny access based
on preestablished rules.
7
How can AC be implemented?
• Administrative controls
– Policies
– Procedures
• Logical controls
– Passwords
• Physical controls
– Electric door
8
What does AC hope to protect?
• Data - Unauthorized viewing,

modification or copying
• System - Unauthorized use, modification
or denial of service
• It should be noted that nearly every
network operating system (NT, Unix,
Vines, NetWare) is based on a secure
physical infrastructure 9
Administrative access control
• Awareness training
• Background checks
• Separation of duties
• Split knowledge
• Policies
• Data classification
• Effective user registration
• Termination procedures
• Change control procedures
10
Physical access control
• Guards
• Locks
• Mantraps
• ID badges
• CCTV, sensors, alarms
• Biometrics
• Fences - the higher the voltage the better
• Card-key and tokens
• Guard dogs
11
Man Trap
1. Memeasukkan
kartu identifikasi
(what you have)
2. Mengetikkan 12
digit angka rahasia
(what you know)
3. Komputer secara
acak akan
memilihkan kata-
kata yang harus
diucapkan ulang
(who you are)
Typical Access Rights
 Read, inquiry or copy only
 Write, create, update or delete only
 Execute only
 A combination of the above

Mandatory vs Discretionary
Access Control
• Mandatory
– “The system decided how the data will be shared”
– Enforces corporate security policy
– Compares sensitivity of information resources
• Discretionary
– “You decided how you want to protect and share
your data”
– Enforces data-owner-defined sharing of
information resources
Mandatory Access Control
• Assigns sensitivity levels, AKA labels

• Every object is given a sensitivity label & is accessible only
to users who are cleared up to that particular level.
• Only the administrators, not object owners, make change
the object level
• Generally more secure than DAC
• Orange book B-level
• Used in systems where security is critical, i.e., military
• Hard to program for and configure & implement
15
Mandatory Access Control

(Continued)
• Downgrade in performance
• Relies on the system to control access
• Example: If a file is classified as confidential,
MAC will prevent anyone from writing secret
or top secret information into that file.
• All output, i.e., print jobs, floppies, other
magnetic media must have be labeled as to the
sensitivity level
16
Discretionary Access Control
• Access is restricted based on the authorization

granted to the user
• Orange book C-level
• Prime use to to separate and protect users
from unauthorized data
• Used by Unix, NT, NetWare, Linux, Vines, etc.
• Relies on the object owner to control access
17
Access control lists (ACL)
• A file used by the access control system to

determine who may access what programs and
files, in what method and at what time
• Different operating systems have different ACL
terms
• Types of access:
– Read/Write/Create/Execute/Modify/Delete/Rename
18
Standard UNIX file permissions
Permission Allowed action, if Allow action if object is a

object is a file directory
R (read) Reads contents of a file List contents of the directory
X (execute) Execute file as a program Search the directory
W (write) Change file contents Add, rename, create files and
subdirectories
19
Standard NT file permissions
Permission Allowed action, if Allow action if object is a

object is a file directory
No access None None
List N/A RX
Read RX RX
Add N/A WX
Add & Read N/A RWX
Change RWXD RWXD
Full Control All All
R- Read X - Execute W - Write D - Delete
20
Authentication
3 types of authentication:
 Something you know - Password, PIN,
mother‟s maiden name, passcode, fraternity
chant
 Something you have - ATM card, smart card,
token, key, ID Badge, driver license, passport
 Something you are - Fingerprint, voice scan,
iris scan, retina scan, body odor, DNA
21
Multi-factor authentication
 2-factor authentication. To increase the level of
security, many systems will require a user to provide 2
of the 3 types of authentication.
 ATM card + PIN
 Credit card + signature
 PIN + fingerprint
 Username + Password (NetWare, Unix, NT default)
 3-factor authentication -- For highest security

 Username + Password + Fingerprint
 Username + Passcode + SecurID token
22
Problems with passwords

 Insecure - Given the choice, people will choose easily
remembered and hence easily guessed passwords such as names
of relatives, pets, phone numbers, birthdays, hobbies, etc.
 Easily broken - Programs such as crack, SmartPass, PWDUMP,
NTCrack & l0phtcrack can easily decrypt Unix, NetWare & NT
passwords.
 Dictionary attacks are only feasible because users choose easily
guessed passwords!
 Inconvenient - In an attempt to improve security, organizations
often issue users with computer-generated passwords that are
difficult, if not impossible to remember
 Repudiable - Unlike a written signature, when a transaction is
signed with only a password, there is no real proof as to the
identity of the individual that made the transaction
23
Kerugian Password
• Eavesdropper mencuri password saat sedang
diucapkan
• Maling bisa mencuri daftar password di server
• Password mungkin mudah ditebak
• Guna meningkatkan keamanan penggunaan password,
mungkin komputer justru malah meningkatkan
ketidaknyamanan penggunaan komputer. Mis:
komputer yang memilihkan password, harus ganti
password setelah sekian lama
Classic password rules
• The best passwords are those that are both easy to

remember and hard to crack using a dictionary attack.
The best way to create passwords that fulfill both
criteria is to use two small unrelated words or
phonemes, ideally with a special character or number.
Good examples would be hex7goop or -typetin
• Don‟t use:
– common names, DOB, spouse, phone #, etc.
– word found in dictionaries
– password as a password
– systems defaults 25
On-Line password guessing &

prevensinya
• Dictionary attack
• Ada komputer yang memaksa pemasukkan password hanya oleh manusia
(bukan program). Manusia relatif tidak cepat.
• Ada maximum retries. Mis: kartu ATM bisa ditelan. Tapi bisa
menyebabkan vandalisme: jika dia punya seluruh username, dia bisa coba
bikin program yang mencoba login ke seluruh username. Setelah 5 kali,
system akan lock!
• Ada cara lain: setiap memasukkan password yang salah akan diproses
secara l a m b a t s e k a l I .. .. .. !
• Bisa mendeteksi: last successful & unsucessfull login dari mana dan
kapan
• Ada yang memaksa user menggunakan password yang dibuat oleh
komputer: user tak senang mengingatnya… sehingga user menulisnya di
kertas! Mis: geocities
• Suka pakai kombinasi @$*%$ angka huruf BESAR
• Ada juga yang memaksa ganti password setelah sekian lama
Off-line Password Guessing
• Menebak password melalui hashnya,

karena hash dari password yang umum
pasti sama
• Backup dari disk yang ada di server juga
harus dienkripsi
Password distribution
• User datang ke administrator. Kalo ada orang
menyamar?
• Pakai KTP/SIM/KTM yang ada fotonya
• User di depan terminal khusus memilih passwordnya.
• Atau user diberi password yang dipakai untuk login
pertama kali, habis itu dipaksa mengganti password.
Disebut pre-expired password
• Cara yang tidak tepat: passwordnya adalah NPM, dan
memberitahu dengan cara broadcast (misalnya posting
di papan pengumuman).
• Kalau di bank, kita akan dikirimi surat yang isinya PIN
kita. Pendapat anda?
Authentication Token
• What you have!

• kunci rumah, kartu kredit
• bisa dicuri!
• Mungkin keuntungannya psikologis: orang
kurang rela meminjamkan kartu ketimbang
password!
• Biasanya butuh hardware tambahan: misalnya
smart card / magentic card reader
Smart Card
Ukuran kartu kredit, tapi di dalamnya ada processor. Ada macam-
macam:
• PIN protected memory card: isi hanya bisa dibuka kalau PIN-nya
benar
• Cryptographic challenge & response cards
• Contactless smart card
Kegunaannya:
– Bank Cards: debit & credit
– ID-card, termasuk untuk login.
One card for all access Bank Card
– Wallet for e-cash
– Payphone Dr. John Tralala
– Loyality program
4532 1234 8321 3912
– Ticket parkir exp 04/03
– Health-card: bisa jaga rahasia
Biometrics
• Authenticating a user via human characteristics

• Using measurable physical characteristics of a person
to prove their identification
– Fingerprint
– signature dynamics
– Iris
– retina
– voice
– face
– DNA, blood
31
Identifikasi Fisik Manusia
Fingerprint scan
Hand Signature
Hand Geometry
Advantages of fingerprint-based
biometrics
 Can‟t be lent like a physical key or token and can‟t be
forgotten like a password
 Good compromise between ease of use, template size,
cost and accuracy
 Fingerprint contains enough inherent variability to
enable unique identification even in very large (millions
of records) databases
 Basically lasts forever -- or at least until amputation or
dismemberment
 Makes network login & authentication effortless
33
Biometric Disadvantages
 Still relatively expensive per user

 Companies & products are often new &
immature
 No common API or other standard
 Some hesitancy for user acceptance
34
Performance Issues
• False Rejection Rate (type 1 error): prosentase
subjek yang benar, tapi ditolak
• False Acceptance Rate (type 2 error):
prosentase subjek yang invalid, tapi diakui
sistem
• Cross Error Rate (CER): FRR sama dengan FAR
• Masalahnya kalau sensitifitas dinaikkan, FRR
naik, FAR turun. Perlu dicarititik optimum,
yakni CER
Cross Error Rate

FRR
FAR
%
CER
Sensitifitas
Random Number Generator
• Misalnya KeyBCA
• Challenge & respond
• Termasuk apa?
– What you know?
– What you have?
– Who you are?
Logical Access Control

Logical Access Controls
• Akses kontrol infrastruktur TI dapat dilakukan pada

berbagai tingkat
– Front end & Back end
– How networks segregate & protect access to information
resources.
• Paths of Logical Access
– General points of entry
• Network connectivity
• Remote access
• Operator console
• Online workstations or terminals
Logical Access Controls:

Protection
• Logical Access Control Software
– Prevents unauthorized access and modification to an
organization‟s sensitive data and use of system critical
functions
– Semua layer: networks, operating systems, databases &
application systems
– Fungsi software:
• Identifikasi dan otentikasi
• Otorisasi akses
• Monitor: Logging aktifitas user, reporting
– Implementasi paling efektif: tingkat networks dan operating
system (membatasi privileges pada low level)
Logical Access Controls

Operating systems access control
• User identification and authentication mechanisms
• Restricted logon IDs
• Rules for access to specific information resources
• Create individual accountability and auditability
• Create or change user profiles
• Log events
• Log user activities
• Report capabilities
Database and/or application-level

access control
• Create or change data files and database profiles
• Verify user authorization at the application and
transaction levels
• Verify user authorization within the application
• Verify user authorization at the field level for changes
within a database
• Verify subsystem authorization for the user at the file
level
• Log database/data communications access activities for
monitoring access violations
Single sign-on (SSO)
SSO is the process for the consolidating all

organization platform-based administration,
authentication and authorization functions into a
single centralized administrative function. A single
sign-on product that interfaces with:
 client-server and distributed systems
 mainframe systems
 network security including remote access mechanisms
Single Sign On
Single sign-on (SSO) advantages
Multiple passwords are no longer required,

therefore, whereby a user may be more inclined
and motivated to select a stronger password
It improves an administrator‟s ability to manage
users‟ accounts and authorizations to all associates
systems
It reduces administrative overhead in resetting
forgotten passwords over multiple platforms and
applications
It reduces the time taken by users to log into
multiple applications and platforms
Single sign-on (SSO) disadvantages

Support for all major operating system
environments is difficult
The costs associated with SSO development
can be significant when considering the nature
and extent of interface development and
maintenance that may be necessary
The centralized nature of SSO presents the
possibility of a single point of failure and total
compromise of an organization‟s information
assets
Key Distribution Centre

(gambaran umum)
Untung rugi KDC

• Keuntungan:
– kalau ada user baru, tinggal menambahkan di KDC
– kalau seorang user ter-compromised, tidak semua
node akan tercompromised
• Kerugiannya:
– KDC bisa memalsukan jati diri orang lain
– KDC adalah titik lemah dari sistem
– Performa KDC bisa berkurang kalau banyak sekali
orang berhubungan ke KDC pada waktu yang
bersamaan.
Contoh KDC: Kerberos 5
• Dimuat dalam RFC 1510 oleh Kohl dan

Neuman pada tahun 1993, dan source
code-nya bisa diambil dari
http://web.mit.edu.
• Produk yang menggunakan antara lain
OSF Distributed Computing Environment
(DCE) dan Windows 2000.
Objek Kerberos
• Authentication: Token yang dibuat oleh client dan
dikirim ke server untuk membuktikan jati diri user
• Ticket: diterbitkan oleh TGS (ticket granting service),
yang dapat “ditunjukkan” oleh klien kepada suatu
server layanan tertentu (misalnya database server).
• Session key: kunci random yang dibuat oleh
Kerberos dan diberikan kepada klien saat ingin
berkomunikasi dengan server tertentu.
Catatan:
• Klien membutuhkan „ticket‟ dan session key untuk
berhubungan dg server tertentu, dimana ticket
tersebut memiliki periode pemakaian beberapa jam.
Rule of least privilege
• One of the most fundamental principles of infosec

• States that: Any object (user, administrator, program,
system) should have only the least privileges the object
needs to perform its assigned task, and no more.
• An AC system that grants users only those rights
necessary for them to perform their work
• Limits exposure to attacks and the damage an attack can
cause
• Ensure that only a minimal set of users have root access
52

Akses Kontrol Contoh

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Akses Kontrol Contoh

Uploaded by

Copyright:

Available Formats

University of Indonesia

Magister of Information Technology

Information Systems Security

Arrianto Mukti Wibowo, M.Sc.,

Access Control Systems &

• Mempelajari mekanisme dan metode

• Identification, • access control

What is access control?

How can AC be implemented?

What does AC hope to protect?

• Data - Unauthorized viewing,

Administrative access control

Physical access control

Typical Access Rights

 Read, inquiry or copy only

 Write, create, update or delete only

 A combination of the above

Mandatory Access Control

• Assigns sensitivity levels, AKA labels

Mandatory Access Control

Discretionary Access Control

• Access is restricted based on the authorization

Access control lists (ACL)

• A file used by the access control system to

Standard UNIX file permissions

Permission Allowed action, if Allow action if object is a

Standard NT file permissions

Permission Allowed action, if Allow action if object is a

 3-factor authentication -- For highest security

Problems with passwords

Classic password rules

• The best passwords are those that are both easy to

On-Line password guessing &

Off-line Password Guessing

• Menebak password melalui hashnya,

• What you have!

• Authenticating a user via human characteristics

Identifikasi Fisik Manusia

 Still relatively expensive per user

Cross Error Rate

Random Number Generator

Logical Access Control

Logical Access Controls

• Akses kontrol infrastruktur TI dapat dilakukan pada

Logical Access Controls:

Logical Access Controls

Database and/or application-level

Single sign-on (SSO)

SSO is the process for the consolidating all

Single sign-on (SSO) advantages

Multiple passwords are no longer required,

Single sign-on (SSO) disadvantages

Key Distribution Centre

Untung rugi KDC

Contoh KDC: Kerberos 5

• Dimuat dalam RFC 1510 oleh Kohl dan

Rule of least privilege

• One of the most fundamental principles of infosec

You might also like