Chapter 5 Access Controls
What are some Identification methods?
1 User name 2. Smart Card 3.Biometrics
RADIUS
A client configuration file that contains the client address and the shared secret for transaction authentication A user configuration file that contains the user identification and authentication data as well as the connection and authorization information
Concern surrounding biometrics
Accuracy Acceptability Reaction Time
Authentication
Can their identities be verified?
UPD
Computer applications that use UDP send messages, known as datagrams, to other hosts on an Internet Protocol (IP) network. UDP does this without requiring special transmission channels or data paths. As such, UDP's service is somewhat unreliable because datagrams can arrive out of order
Share permissions
Full, change, read, and deny
Infrastructure as a service
IaaS provides users with access to a physical or virtual machine. Users must select and load their own operating systems. They then manage all aspects of the machine, just as if it were a local computer.
Public Cloud
This type of cloud infrastructure is available to unrelated organizations or individuals. Public clouds are generally available for public use and are managed by a third-party provider
Community Cloud
This type of infrastructure provides services for several organizations. The different organizations share the cloud environment and use it for their specific needs. The infrastructure can be managed by one of the participating organizations or by a third party.
Problems with Time based
Time: This system requires that the clock in the token remains in sync with the clock in the authentication server, If the clocks drift out of sync, the server can search3 or 4 min on each side of the time to detect an offset, if difference is too great you must resynchronize them.
What are the permission levels?
User based Job based or role based access controls Project based task based
The policy enforcement phase?
grants or rejects requests for access based on the authorization
Temporal isolation
restricts access to specific times. It first classifies the sensitivity level of objects. Then it allows access to those objects only at certain times. Temporal isolation is often used in combination with role based access control.
Knowledge
something you know, such as a password, PN etc.
What are examples of Logical system controls for HR?
1.Deciding which users can get into the system. 2. Monitoring what the user does in the system, certain employees might be allowed to view docs but other employees might be able to actually edit those docs. Restraining or influencing the user's behavior on that system. Ex. An HR staffer who repeatedly tries to get into restricted information might be denied access to entire system.
Summarize Logical Access Control:
A computer system manager uses logical access controls to decide who can get into a system and what tasks they can perform, monitoring what the user does, and influencing the users behavior on that system. (Username and password)
Actions
Activities that authorized users can perform on resources.
Summarize Physical Access Control:
An organizations facilities manager is often responsible for physical access control so they issue you an employee smart card. You can use this card to gain access to company areas like the office, elevator etc. Card gives access to physical resources.
Reaction Time
Each biometric device requires time for the system to check an identity and give a response. A system that takes too long may not work
Accuracy
Each has at least two error rates associated with it. The false rejection rate (FRR) is the rate at which valid subjects are rejected. The false acceptance rate (FAR) is the rate at which invalid subjects are accepted. There is a tradeoff between the FRR and the FAR. The point at which the two rates are equal is called the crossover error rate (CER). The CER is the measure of the system's accuracy expressed as a percentage
Collusion
Employees work together (colluding) to avoid the controls and assist each other in performing unauthorized tasks. Job rotation reduces the risk of collusion.
Security permissions
Full, modift, list folder contents, read-execute, read, write,special, and deny
Accountability
How are actions traced to an individual to ensure that the person who makes changes to data or systems can be identified.
Identification
How are they identified
Passphrase
Is different than a password, it is longer and generally harder to guess.
Security Kernel?
Is the central part of a computing environments hardware, software and firmware that enforces access control for computer systems. It provides a central point of access control and implements the reference monitor concept
Relationships
Optional conditions that exist between users and resources. they are permissions granted to an authorized user, such as read, write, execute.
Periodic review
Over time, users often get special permission to complete a particular project or perform some special task. These permissions need to be reviewed from time to time to make sure they stop when they are no longer needed.
Platform as a service
PaaS provides the user with access to a physical or a virtual machine running any of a number of popular operating systems. Unlike IaaS, with PaaS, the CSP manages the operating system and the underlying hardware. Instead of connecting to a local server, the user connects to a virtual server in the cloud. Once the connection is made, the user treats the cloud instance just like any other computer. The user can install and run software as if the server were in the local data center.
Users?
People who use the system or processes that perform some service for other people or processes. aka subjects
Organizations control access to resources primarily on two levels:
Physical access controls Logical access controls
Resources?
Protected in the system. Resources can be accessed only by authorized subjects.
3 types of AAA servers
Radius, TACACS+, Diameter
Biometrics broken into two categories
Static (physical) Dynamic ( behavioral)
Bell - La Padula model
The Bell-La Padula Model focuses on the confidentiality of data and the control of access to classified information. the parts of a system are divided into subjects and objects and the current condition of a system is described as its state
User based
The permissions granted to a user are often specific to that user. In this case, the rules are set according to a user ID or other unique identifier.
What phases are the four parts of access controls divided into?
The policy definition phase The policy enforcement phase
Which phase does authorization operate?
The policy definition phase.
Covert channels
These are hidden (covert) ways of passing information against organizational policy. There are two main types of covert channels: timing (signaling from one system to another) and storage (the storing of data in an unprotected or inappropriate place).
The policy definition phase
This phase determines who has access and what systems or resources they can use.
Access control method
Today's operating systems contain access control settings for individual users (rule based) or for groups of users (role based). Which method you use depends on the size of the organization and how specific access rights need to be for individuals or roles
What are the 4 central elements of access to manage access control policies well?
Users Resources Actions Relationships
Authorization
Whos is approved for access and what, exactly can they use?
USB token
is a hardware device that you plug into your comp, the device is encoded with your digital signature. With it you don't have to type anything
Advantage of smart cards
is that the user authentication process is completed at the user location between the smart card and the reader. Avoids the trusted path problem and avoids sniffers or tappers.
Need to Know
is the concept of preventing people from gaining access to information they don't need to carry out their duties. Providing access on the basis of need-to-know can reduce the chance of improper handling of data or the improper release of information.
Separation of duties
is the process of dividing a task into a series of unique activities performed by different people, each of whom is allowed to execute only one part of the overall task.
What is access controls?
is the process of protecting a resource so that it is used only by those allowed to use it.
Continuous authentication
is used by systems to continuously validate the user, done with proximity cards.
Problem with Event based
is when users create a password suing the token but don't use the password to logon on, the counter in the server and the counter in the token become out of sync.
Sesame
it improves key management by using both symmetric and asymmetric keys to protect interchanged data. It is essentially an extension of Kerberos. It offers public key cryptography and role based access control abilities.
What is special about deny?
its overrides every other permission
Role based access control characteristics
policy bases access control approvals on the jobs the user is assigned. The security administrator assigns each user to one or more roles
Acceptability
such as retinal scans, are more objectionable to some users than other biometric measurements, such as signature dynamics. If users are not comfortable using the system, they may refuse to submit to it.
Time based synchronization system
the current time is used as the input, the token generates a new dynamic password that is displayed in the window of the token. To gain access, the password is entered with the users PIN at the work station, No token keyboard required.
Threshold
the number of failed logon attempts
Discretionary access control (DAC)
the owner of the resource decides who gets in and changes permissions as needed. The owner can give that job to others.
How does MAC work
the system and the owner jointly make the decision to allow access. The owner gives the need-to-know element. Not all users with a privilege or clearance level for sensitive material need access to all sensitive information. The system compares the subject and object labels that go with the terms of the Bell- La Padula confidentiality model
Synchronous tokens
uses an algorithm that calculates a number at both the authentication server and the device. it displays the number on the device screen. the user enters this number as a logon authenticator
Dynamic
What you do. Behavioral biometrics include voice inflections, keyboard strokes, and signature motions.
Characteristics
Something unique about you, like your finger print, retina, or signature
What s the Password best practices guidelines?
1.Dont use weak passwords 2.Dont store written copy of the password unless absolutely necessary 3.Never share passwords with anyone 4.Use different password for different accounts 5.If you think a password is compromised, change it immediately 6.Be careful when saving passwords on computers 7. Choose passwords difficult to guess.
Disadvantages to SSO
A compromised password lets an intruder into all areas open to the password owner. Using dynamic passwords and/or two-factor authentication can reduce this problem. Static passwords provide very limited security. Two-factor authentication or, at least, one-time (dynamic) passwords are required for access by the user using SSO. Scripts make things easier to administer, but they expose data
Auditing logon events
A method to track who is accessing your computing environment, provides you with a record of when every user logs on or off a computer.
Private Cloud
All of the hardware and software required to provide services, including the network infrastructure, is operated for a single organization. The components may be managed by the organization or by a third-party provider. The actual infrastructure can be located within the organization's network or outside it.
What are the four parts of Access Control?
Authorization Identification Authentication Accountability
Diameter consists of:
Base protocol—The base protocol defines the message format, transport, error reporting, and security used by all extensions. Extensions—The extensions conduct specific types of authentication, authorization, or accounting transactions.
What are Logical access controls?
Control access to a computer system or network. Require unique username and password.
What are Physical access controls?
Control entry into buildings, parking lots, and protected areas. Ex key
Software as a service
In the SaaS model, users access software from cloud clients. The most basic type of cloud client is the Web browser. Users do not need to install or manage any software. All they have to do is connect to the correct server and use the software as if it were running in their local network. Some popular examples of SaaS are Google Apps, Microsoft Office 365, and SalesForce.
What does the reference monitor do? and what is a part of?
It permits access and creates a log entry only when the appropriate rules or conditions are met.
Kerberos functions
It serves as the authentication server, and it serves as the ticket granting server.
Advantages to SSO
It's an efficient logon process. The user has to log on only once.It can provide for stronger passwords. With only one password to remember, users are generally willing to use stronger passwords.It provides continuous, clear reauthentication
Kerberos
Kerberos is a computer-network authentication protocol that allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner
What are the Authentication types?
Knowledge Ownership Characteristics
Asynchronous Tokens
Looks like a credit card sized calculator. The authentication server issues a challenge number that the user enters, the token computes a response to the value provided by the authentication server, the user then replies with the value displayed on the token.
Account lockout policy
Many systems disable the user ID after a certain number of consecutive failed attempts,
Access Control lists
Most operating systems provide several options to associate lists or permissions with objects
comprised controls, Accessing networks
Networks often include unprotected connections. Many organizations build their networks with more drops (female connectors at wall plates) than they need. This allows the organization to add more users in the event of future growth. These unused connection points are often active connections. Intruders can use these connections to gain network access
Non discretionary access control
Non-discretionary access controls are closely monitored by the security administrator, and not the system administrator.
Rule based access control
Non-discretionary access controls are closely monitored by the security administrator, and not the system administrator.
Job based or role based access control
Permissions are based on a common set of permissions for all people in the same or similar job roles.
Non-Discretionary characteristics:
Security administrators have enough control in non-discretionary access control to make sure sensitive files are write-protected for integrity and readable only by authorized users to preserve confidentiality. The chances that a corrupted program will be used are reduced because users can run only those programs they are expressly allowed to run. helps ensure that system security is enforced and tamperproof. The data owner, who is often the user, does not make access decisions. This allows you to enjoy some of the benefits of MAC without the added administrative overhead
Exploiting applications
Several programs and modules have a common programming weakness known as buffer overflow. This happens when an attacker enters more characters than expected into an input field. It allows malicious code throughout the application. There are many other ways to exploit weaknesses in applications, and attackers are always on the lookout to find new ways to compromise applications.
Ownership
Something you own. Smart Card, key, badge or token.
Rule based access control characteristics.
This type of access control pushes much of the administration down to the data owner. For technical and security-conscious users, this type of access control tends to work well. It doesn't work as well in environments with many users or where users lack the necessary technical skills and training.
Hybrid Cloud
This type of cloud infrastructure contains components of more than one type of cloud, including private, community, and public clouds. Hybrid clouds are useful to extend the limitations of more restrictive environments. They often are used to provide resiliency and load-balancing by distributing workload among several infrastructures or segments
Static
What you are. Physiological biometrics include recognizing fingerprints, iris granularity, retina blood vessels, facial looks, hand geometry, and so on
What do access controls define?
Users ( people or computer processes), what users can do, which resources they can reach and what operations they can perform.
Project based
When a group of people (for example, a project team) are working on a project, they are often granted access to documents and data related just to that project
Password Reset and Storage
When a user forgers a password, or the password must be reset by the help desk, the new password should be valid for only a single logon.
New User Registration
When new users are brought into an organization, their user accounts must be created. This can take a lot of time. It must be done quickly, however, so new people can do their jobs. User registration must be standardized, efficient, and accurate.
Single Sign On
allows users to sign on to a computer or network once, and have their identification and authorization credentials allow them into all computers and systems where they are authorized. They don't need to enter multiple user IDs or passwords. SSO reduces human error, which is a major part of system failures. It is highly desirable but difficult to put in place.
Authority level policy
a higher degree of authority to access certain resources is needed, only a senior level member in IT group has permission to server room.
DAC criteria
a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject
Constrained user interface
a user's ability to get into—or interface with—certain system resources is restrained by two things. The user's rights and permissions are restricted and constraints are put on the device or program providing the interface. A device such as an ATM or software such as on a public-access kiosk browser lets users reach only specific functions, files, or other resources.
Mandatory access control (MAC)
anything to do with military. permission to access a system or any resource is determined by the sensitivity of the resource and the security level of the subject. It cannot be given to someone else. This makes MAC stronger than DAC.
Content dependent access control
access control is based on what is contained in the data. It requires the access control mechanism (the arbiter program, which is part of the application, not the operating system) to look at the data to decide who should get to see it.
Task based
access control limits a person to executing certain functions and often enforces mutual exclusivity. In other words, if a person executes one part of a task, he or she might not be allowed to execute another related part of the task.
Multi-tenancy
allows different groups of users to access a database without being able to access each other's data
Event based synchronization system
avoids the time-based synchronization problem by increasing the value of a counter with each use. the computer is the input value. the user presses a button to generate a one time password and then enters this password with hos or her PIN at the workstation to gain access.
Smart Card
can take form of plastic credit card, make it easy for subjects to provide complex identification credentials without have to remember long passwords.
Biba integrity model
first model to address integrity in computer systems based on integrity levels. Consists of three parts: subjects cannot read objects that have a lower level of integrity than the subject does. A subject cannot change objects that have a higher level of integrity. A subject may not ask for service from subjects that have a higher integrity.
Who is responsible for physical access control?
facilities manager
Clark and Wilson integrity model
focuses on what happens when users allowed into a system try to do things they are not permitted to do. It also looks at internal integrity threats. These two components were missing from Biba's model. This model looks at whether the software does what it is designed to do. That is a major integrity issue.
Decentralized
handle access control decisions and administration locally. That means access control is in the hands of the people, such as department managers who are closest to the system users. Access requests are not processed by one centralized entity
Group membership policy
in this policy authorization is defined by what groups you are in. Like security card for IT department only has access to computer equipment.