Domain 2 – Access Control Systems Flashcards
Confidentiality
Not disclosed to unauthorized person
Integrity
- Prevention of modification by unauthorized users
- Prevention of unauthorized changes by otherwise authorized users
- Internal and External Consistency
- Internal Consistency within the system (i.e. within a database the sum of subtotals is equal to the sum of all units)
- External Consistency – database with the real world (i.e. database total is equal to the actual inventory in the warehouse)
Availability
Timely access
Three things to consider
- Threats – potential to cause harm
- Vulnerabilities – weakness that can be exploited
- Risk – potential for harm
Controls-Preventative
prevent harmful occurrence
Controls-Detective
detect after harmful occurrence
Controls-Corrective
restore after harmful occurrence
Controls-Administrative
polices and procedures
Controls-Logical or Technical
restricted access
Controls-Physical
locked doors
Mandatory access control (MAC)
Authorization of subject’s access to an object depends on labels (sensitivity levels), which indicate subject’s clearance, and the classification or sensitivity of the object
• Every Object is assigned a sensitivity level/label and only users authorized up to that particular level can access the object
• Access depends on rules and not by the identity of the subjects or objects alone
• Only administrator (not owners) may change category of a resource — Orange book B-level
• Output is labeled as to sensitivity level
• Unlike permission bits or ACLs, labels cannot ordinarily be changed
• Can’t copy a labeled file into another file with a different label
• Rule based AC
- Discretionary Access Control (DAC)
Subject has authority, within certain limits, to specify what objects can be accessible (e.g., use of ACL)
• User-directed means a user has discretion
• Identity-based means discretionary access control is based on the subjects identity
• Very common in commercial context because of flexibility
• Orange book C level
• Relies on object owner to control access
• Identity Based AC
- Non-Discretionary Access Control
Central authority determines what subjects can have access to certain objects based on organization’s security policy (good for high turnover)
• May be based on individual’s role in the organization (Role-Based) or the subject’s responsibilities or duties (task-based)
Lattice based
provides least access privileges of the access pair
• Greatest lower bound
• Lowest upper bound
Administrative Preventative
Policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks.
Administrative Detective
Polices and procedures, job rotation, sharing of responsibilities
Technical Preventative
Logical system controls, smart cards, bio-metrics, menu shell
Technical Detective
IDS, logging, monitoring, clipping levels
Physical Preventative
Restrict physical access, guards, man trap, gates
Physical Detective
Motion detectors, cameras, thermal detectors
Identification
establishes accountability
Three Factor Authentication
- Something you know (password)
- Something you have (token)
- Something you are (biometrics)
- Sometimes - something you do
Passwords
- Static – same each time
* Dynamic – changes each time you logon
Tokens – Smartcards
Static Password (like software with pin)
• Owner Authenticates to the token
• Token authenticates to the system
Synchronous Dynamic Password
- Token – generates passcode value
- Pin – user knows
- Token and Pin entered into PC
- Must fit in valid time window
Asynchronous
• Similar to synchronous, new password is generated asynchronously, No time window
Challenge Response
- System generates challenge string
- User enters into token
- Token generates response entered into workstation
- Mechanism in the workstation determines authentication
False Rejection Rate (FRR)
Type I error
FAR
Crossover Error Rate – (CER) – CER = % when FRR = FAR
Biometric Issues
- Enrollment Time – Acceptable rate is 2 minutes per person
* Throughput Time – acceptable rate is 10 people per minute
Acceptability Issues
privacy, physical, psychological
Types of Biometrics-Fingerprints
Are made up of ridge endings and bifurcations exhibited by the friction ridges and other detailed characteristics that are called minutiae.
Types of Biometrics-Retina Scans
Scans the blood-vessel pattern of the retina on the backside of the eyeball.
Types of Biometrics-Iris Scans
Scan the colored portion of the eye that surrounds the pupil.
Types of Biometrics-Facial Scans
Takes attributes and characteristics like bone structures, nose ridges, eye widths, forehead sizes and chin shapes into account.
Types of Biometrics-Palm Scans
The palm has creases, ridges and grooves throughout it that are unique to a specific person.
Types of Biometrics-Hand Geometry
The shape of a person’s hand (the length and width of the hand and fingers) measures hand geometry.
Types of Biometrics-Voice Print
Distinguishing differences in people’s speech sounds and patterns.
Types of Biometrics-Signature Dynamics
Electrical signals of speed and time that can be captured when a person writes a signature.
Types of Biometrics-Keyboard Dynamics
Captures the electrical signals when a person types a certain phrase.
Types of Biometrics-Hand Topology
Looks at the size and width of an individual’s hand and fingers.
Kerberos…
Kerberos-Symmetric key encryption
Kerberos-KDC
Kerberos-trusted Key Distribution Center
Kerberos-TGS
Ticket Granting Service
Kerberos-AS
Authentication Server
Kerberos…
KDC knows secret keys of Client and Server
Kerberos…
KDC exchanges info with the Client and the Server using symmetric keys
Kerberos…
Using TGS grants temporary symmetric key
Kerberos-Initial Exchange
Client sends Hash Password to the TGS Server, TGS verifies with the Auth. Server
TGS Server responds with:
1) Key for Client and TGS server encrypted with Client Key [K(c,tgs)]Kc
2) Ticket Granting Ticket (TGT) = [K(c, tgs), c,a,v]K(tgs)
Kerberos-Request for Service
Client sends request for service to TGS with
1) TGT = [K(c, tgs), c,a,v]K(tgs)
2) Authenticator K(c, tgs)
Kerberos-TGS Issues Ticket for Service
TGS sends Client back ticket for server and authenticator for server
1) Ticket T(c,s) = [s,c,a,v,K(c,s)]Ks
2) [K(c,s)]K(c,tgs)
Kerberos-Receive Service from Server
Client sends Server
1) Ticket T(c,s) = [s,c,a,v,K(c,s)]Ks
2) authenticator = [c,t,key]K(c,s)
Kerberos weaknesses…
Replay is possible within time frame
Kerberos weaknesses…
TGS and Auth server are vulnerable as they know everything
Kerberos weaknesses…
Initial exchange passed on password authentication
Kerberos weaknesses…
Keys are vulnerable
SESAME
Secure European System for Applications in a Multi-vendor Environment
• Uses Needham-Schroeder protocol
• Uses public key cryptography
• Supports MD5 and CRC32 Hashing
• Uses two tickets
1) One contains authentication
2) One contains the access rights to the client
SESAME weaknesses…Only authenticates by using first block of message
Only authenticates by using first block of message
SESAME weaknesses…Initial exchange passed on password authentication
SESAME weaknesses…SESAME incorporates two certificates or tickets: One certificate provides authentication as in Kerberos and the other certificate defines the access privileges that are assigned to a client.
KryptoKnight
Peer to peer relationship between KDC – Key Distribution Center and parties (Client and Server) NetSP is based on KryptoKnight Supported by RACF • Authentication • Key Distribution • Data Privacy • Data Integrity • Single Sign-On • Administration
Centralized ACL-RADIUS
Remote Access Dial-In User Service (incorporates an AS and dynamic password)
Centralized ACL-TACACS
Terminal Access Controller Access Control System (for network applications, static pwd)
Centralized ACL-TACACS+
Terminal Access Controller Access Control System Plus, supports token authentication
Centralized ACL-CHAP
Challenge Handshake Authentication Protocol
Supports encryption, protects password
Decentralized ACL-Relational Database Security
- Relational Databases support queries
* Object oriented databases do not support queries
Relational Database
- Data structures called tables (relations)
- Integrity Rules on allowable values
- Operators on the data in tables
Persistency
preservation of integrity through the use of nonvolatile storage media
Schema
- Description of the database
* Defined by Data Description Layer (DDL)
DBMS
Database Management System
• provides access to the database
• Allows restriction of access
Relational Database
- Relation (table) is the basis of a relational database – relation is represented by a table
- Rows = Records (tuples)
- Column = Attributes
Relational Database-Primary Key
- Unambiguously identifies a record. Points to a record (tuple)
- Every row (record, tuple) must contain the primary key of the relation (table)
Relational Database-Cardinality
of rows in a relationship (table)
Relational Database-Degree
of columns in a relationship (table)
Relational Database-Candidate key
any identifier that is a unique to the record
Relational Database-Foreign Key
any value that matches the primary key of another relation (table)
Relational Database Operations
- Select – based on criteria i.e. all items with value > $300.00
- Join - join tables based on a common value
- Union – forms a new relation (table) from two other relations
- View – (virtual table) uses join, project, select - Views can be used to restrict access (least privileges)
Relational Database Query plan
- Comprised of implementation procedures, lowest cost plan based on “cost”
- Costs are CPU time, Disk Access
- Bind – used to create plan
Data Normalization
Ensures that attributes in a table rely only on the primary key
• Eliminates repeating groups
• Eliminates redundant data
• Eliminates attributes not dependent on the primary key
SQL – Structured Query Language
- Select
- Update
- Delete
- Insert
- Grant – Access Privileges
- Revoke – Access Privileges
OODB
Object Oriented Databases:
• Best suited for multi-media, graphics
• Steep learning curve
• High overhead
Network Based IDS
- Real Time
* Passive
Host Based IDS
- System and event logs
* Limited by log capabilities
Signature Based – (Knowledge Based) IDS
- Signatures of an attack are stored and referenced
- Failure to recognize slow attacks
- Must have signature stored to identify
Statistical Anomaly Based (Behavior Based) IDS
- IDS determines “normal” usage profile using statistical samples
- Detects anomaly from the normal profile
Access Control Issues
- Confidentiality
- Integrity
- Availability
- Accountability of users
Measures for compensating for both internal and external access violations
- Backups
- RAID – Redundant Array of Inexpensive Disks
- Fault Tolerance
- Business Continuity Planning
- Insurance