Upload
elana
View
92
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Lecture 15 Access Control Processes. What is Access Control?. Access Control Access control is the policy-driven limitation of access to systems, data, and dialogs Prevent attackers from gaining access, stopping them if they do. What is Access Control?. First Steps Enumeration of Resources - PowerPoint PPT Presentation
Citation preview
Lecture 15
Access Control Processes
2
What is Access Control?
Access Control
Access control is the policy-driven limitation of access to systems, data, and dialogs
Prevent attackers from gaining access, stopping them if they do
3
What is Access Control?
First Steps
Enumeration of Resources
Sensitivity of Each Resource
Next, who Should Have Access?
Can be made individual by individual
More efficient to define by roles (logged-in users, system administrators, project team members, etc.)
4
Access Control
What Access Permissions (Authorizations) Should They Have?
Access permissions (authorizations) define whether a role or individual should have any access at all
If so, exactly what the role or individual should be allowed to do to the resource.
Usually given as a list of permissions for users to be able to do things (read, change, execute program, etc.) for each resource
5
Access Control
How Should Access Control Be Implemented?
For each resource, need an access protection plan for how to implement protection in keeping with the selected control policy
For a file on a server, for instance, limit authorizations to a small group, harden the server against attack, use a firewall to thwart external attackers, etc.
…
6
Access Control
Policy-Based Access Control and Protection
Have a specific access control policy and an access protection policy for each resource
Focuses attention on each resource
Guides the selection and configuration of firewalls and other protections
Guides the periodic auditing and testing of protection plans
Password-Based Access Control
8
Server Password Cracking
Reusable Passwords A password you use repeatedly to get access to
a resource on multiple occasions
Bad because attacker will have time to learn it; then can use it
Difficulty of Cracking Passwords by Guessing Remotely Usually cut off after a few attempts
However, if can steal the password file, can crack passwords at leisure
9
Server Password Cracking
Hacking Root
Super accounts (can take any action in any directory)
Hacking root in UNIX
Super accounts in Windows (administrator) and NetWare (supervisor)
Hacking root is rare; usually can only hack an ordinary user account
May be able to elevate the privileges of the user account to take root action
10
Server Password Cracking
Physical Access Password Cracking
l0phtcrack
Lower-case L, zero, phtcrack
Password cracking program
Run on a server (need physical access)
Or copy password file and run l0phtcrack on another machine.
11
Server Password Cracking
Physical Access Password Cracking Brute-force password guessing
Try all possible character combinations
Longer passwords take longer to crack
Using more characters also takes longer Alphabetic, no case (26 possibilities) Alphabetic, case (52) Alphanumeric (letters and numbers) (62) All keyboard characters (~80)
12
Password Length
PasswordLength In
Characters
1
2 (N2)
4 (N4)
6
8
10
Alphanumeric:Letters &
Digits (N=62)
62
3,844
14,776,336
56,800,235,584
2.1834E+14
8.39299E+17
All KeyboardCharacters
(N=~80)
80
6,400
40,960,000
2.62144E+11
1.67772E+15
1.07374E+19
Alphabetic,Case
(N=52)
52
2,704
7,311,616
19,770,609,664
5.34597E+13
1.44555E+17
Alphabetic,No
Case (N=26)
26
676
456,976
308,915,776
2.08827E+11
1.41167E+14
13
Server Password Cracking
Physical Access Password Cracking Brute Force Attacks
Try all possible character combinations Slow with long passwords length
Dictionary attacks Try common words (“password”, “ouch,” etc.) There are only a few thousand of these Cracked very rapidly
Hybrid attacks Common word with single digit at end, etc.
14
Server Password Cracking
Password Policies
Good passwords
At least 6 characters long
Change of case not at beginning
Digit (0 through 9) not at end
Other keyboard character not at end
Example: triV6#ial
15
Server Password Cracking
Password Policies
Testing and enforcing password policies
Run password cracking program against own servers
Caution: requires approval! SysAdmins have been fired for doing this without permission—and should be
Password duration policies: How often passwords must be changed
16
Server Password Cracking
Password Policies
Password sharing policies: Generally, forbid shared passwords
Removes ability to learn who took actions; loses accountability
Usually is not changed often or at all because of need to inform all sharers
17
Server Password Cracking
Password Policies
Disabling passwords that are no longer valid
As soon as an employee leaves the firm, etc.
As soon as contractors, consultants leave
In many firms, a large percentage of all accounts are for people no longer with the firm
18
Server Password Cracking
Password Policies
Lost passwords
Password resets: Help desk gives new password for the account
Opportunities for social engineering attacks
Leave changed password on answering machine
Biometrics: voice print identification for requestor (but considerable false rejection rate)
19
Server Password Cracking
Password Policies
Lost passwords Automated password resets
Employee goes to website
Must answer a question, such as “In what city were you born?”
Problem of easily-guessed questions that can be answered with research
20
UNIX/etc/passwd File Entries
Plee:x:47:3:Pat Lee:/usr/plee/:/bin/csh
plee:6babc345d7256:47:3:Pat Lee:/usr/plee/:/bin/cshPassword Group ID Home Directory
User Name User ID GCOS Shell
Without Shadow Password File
With Shadow Password File
The x indicates that the password is storedin a separate shadow password file
21
UNIX/etc/passwd File Entries
Unix passwd File
Contains the username, password, and other information is semi-standard form
In the /etc directory that is accessible to anyone
Anyone can steal the passwd file and crack the passwords
Unix Shadow File
Newer versions of Unix store passwords in a protected shadow file
In the passwd file, there is an x in the password position
22
Server Password Cracking
Password Policies
Encrypted (hashed) password files Passwords not stored in readable form
Encrypted with DES or hashed with MD5
In UNIX, etc/passwd puts x in place of password
Encrypted or hashed passwords are stored in a different (shadow) file to which only high-level accounts have access
23
Password Hashing (or Encryption)
Client PCUser Lee
Server
1.User = Lee
Password = My4Bad
2.Hash
My4Bad=
11110000
3.Hashes Match
Hashed Password FileBrown 11001100Lee 11110000Chun 00110011Hatori 11100010
4. Hashes Match,
So User isAuthenticated
24
Server Password Cracking
Password Policies
Windows passwords
Obsolete LAN manager passwords (7 characters maximum) should not be used
Windows NTLM passwords are better
Option (not default) to enforce strong passwords
25
Server Password Cracking
Shoulder Surfing Watch someone as they type their password
Keystroke Capture Software
Professional versions of windows protect RAM during password typing
Consumer versions do not
Trojan horse throws up a login screen later, reports its finding to attackers
26
Server Password Cracking
Windows Client PC Software Consumer version login screen is not for security
Windows professional and server versions provide good security with the login password
BIOS passwords allow boot-up security Can be disabled by removing the PC’s battery But during a battery removal, the attacker will
be very visible
Screen savers with passwords allow away-from-desk security after boot-up
Physical Building Security
28
Building Security
Building Security Basics
Single point of (normal) entry to building
Fire doors, etc.: use closed-circuit television (CCTV) and alarms to monitor them
Security centers Monitors for closed-circuit TV (CCTV) Videotapes that must be retained (Don’t
reuse too much or the quality will be bad) Alarms
29
Building Security
Building Security Basics
Interior doors to control access between parts of the building Piggybacking: holding the door open so that
someone can enter without identification defeats this protection
Enforcing policies: You get what you enforce
Training security personnel
Training all employees
30
Building Security
Building Security Basics
Phone stickers with security center phone number
Thwarting piggybacking by employee education and sanctions for allowing it
Dumpster diving by keeping Dumpsters in locked, lighted area
Drive shredding programs for discarded disk drives that do more than reformat drives
31
Physical building Cabling
1. Equipment Room (Usually in Basement)
2. ToWAN
3. EntranceFacility withTerminationEquipment
5. CoreSwitch
(Chassis)
6. VerticalRiserSpace4. Router
32
Physical building Cabling
3. TelecommunicationsCloset on Floor
2. Optical FiberOne Pair per Floor
4. Workgroup Switch
5. Horizontal Distribution
1. VerticalDistribution
33
WorkgroupSwitch inTelecoms
Closet
Physical building Cabling
1. Horizontal DistributionOne 4-Pair UTP Cord
Horizontal and Final Distribution
34
Building Security
Data Wiring Security
Telecommunications closets should be locked
Wiring conduits should be hard to cut into
Servers rooms should have strong access security
Access Cards and Tokens
36
Access Cards
Magnetic Stripe Cards
Smart Cards
Have a microprocessor and RAM
More sophisticated than mag stripe cards
Release only selected information to different access devices
37
Access Cards
Tokens Small device with constantly-changing password
Or device that can plug into USB port or another port
Proximity Tokens Use short-range radio transmission
Can be detected and tested without physical contact
Allows easier access; used in Tokyo subways
38
Access Cards
Card Cancellation
Requires a central system
PINs
Personal Identification Numbers
Short: about 4 digits
Can be short because attempts are manual (10,000 combinations to try with 4 digits)
39
Access Cards
PINs
Should not allow obvious combinations (1111, 1234) or important dates
Provide two-factor authentication E.g., PIN and card Don’t allow writing PIN on card
Biometric Authentication
41
Biometric Authentication
Biometric Authentication
Authentication based on body measurements and motions
Because you always bring your body with you
Biometric Systems
Enrollment
Later access attempts Acceptance or rejection
42
Biometric Authentication System
1. Initial Enrollment
2. Subsequent Access
User LeeScanning
ApplicantScanning
Template DatabaseBrown 10010010Lee 01101001Chun 00111011Hirota 1101110… …
3. Match IndexDecision Criterion(Close Enough?)
Processing(Key Feature Extraction)
A=01, B=101, C=001
User LeeTemplate
(01101001)
UserAccess Data(01111001)
Processing(Key Feature Extraction)
A=01, B=111, C=001
43
Biometric Authentication
Verification Versus Identification
Verification: Are applicants who they claim to be? (compare with single template)
Identification: Who is the applicant? (compare with all templates) More difficult than verification because must compare
to many templates
Watch list: is this person a member of a specific group (e.g., known terrorists) Intermediate in difficulty
44
Biometric Authentication
Verification Versus Identification
Verification is good for replacing passwords in logins
Identification is good for door access and other situations where entering a name would be difficult
45
Biometric Authentication
Precision
False acceptance rates (FARs): Percentage of unauthorized people allowed in
Person falsely accepted as member of a group
Person allowed through a door who should be allowed through it
Very bad for security
FAR
46
Biometric Authentication
Precision
False rejection rates (FRRs): Percentage of authorized people not recognized as being members of the group
Valid person denied door access or server login because not recognized
Can be reduced by allowing multiple access attempts
High FRRs will harm user acceptance because users are angered by being falsely forbidden
FRR
47
Biometric Authentication
Precision
Vendor claims for FARs and FRRs tend to be exaggerated because they often perform tests under ideal circumstances
For instance, having only small numbers of users in the database
For instance, by using perfect lighting, extremely clean readers, and other conditions rarely seen in the real world
48
Biometric Authentication
User Acceptance is Crucial Strong user resistance can kill a system
Fingerprint recognition may have a criminal connotation
Some methods are difficult to use, such as iris recognition, which requires the eye to be lined up carefully.
These require a disciplined group
49
Biometric Authentication
Biometric Methods
Fingerprint recognition
Dominates the biometric market today
Based on a finger’s distinctive pattern of whorls, arches, and loops
Simple, inexpensive, well-proven
Weak security: can be defeated fairly easily with copies
Useful in modest-security areas
50
Biometric Authentication
Biometric Methods
Iris recognition
Pattern in colored part of eye
Very low FARs
High FRR if eye is not lined up correctly can harm acceptance
Reader is a camera—does not send light into the eye!
51
Biometric Authentication
Biometric Methods
Face recognition Can be put in public places for
surreptitious identification (identification without citizen or employee knowledge). More later.
Hand geometry: shape of hand
Voice recognition High error rates Easy to fool with recordings
52
Biometric Authentication
Biometric Methods
Keystroke recognition Rhythm of typing Normally restricted to passwords Ongoing during session could allow
continuous authentication
Signature recognition Pattern and writing dynamics
53
Biometric Authentication
Biometric Standards
Almost no standardization
Worst for user data (fingerprint feature databases)
Get locked into single vendors
54
Biometric Authentication
Can Biometrics be Fooled?
Airport face recognition
Identification of people passing in front of a camera
False rejection rate: rate of not identifying person as being in the database
Fail to recognize a criminal, terrorist, etc.
FRRs are bad
55
Biometric Authentication
Can Biometrics be Fooled?
Airport face recognition
4-week trial of face recognition at Palm Beach International Airport
Only 250 volunteers in the user database (unrealistically small)
Volunteers were scanned 958 times during the trial
Only recognized 455 times! (47%)
53% FRR
56
Biometric Authentication
Can Biometrics be Fooled?
Airport face recognition
Recognition rate fell if wore glasses (especially tinted), looked away
Would be worse with larger database
Would be worse if photographs were not good
57
Biometric Authentication
Can Biometrics be Fooled?
DOD Tests indicate poor acceptance rates when subjects were not attempting to evade
270-person test
Face recognition recognized person only 51 percent of time
Even iris recognition only recognized the person 94 percent of the time!
58
Biometrics Authentication
Can Biometrics be Fooled?
Other research has shown that evasion is often successful for some methods
German c’t magazine fooled most face and fingerprint recognition systems
Prof. Matsumoto fooled fingerprint scanners 80 percent of the time with a gelatin finger created from a latent (invisible to the naked eye) print on a drinking glass
802.11 Wireless LAN Security
60
802.11 Wireless LAN (WLAN) Security
802.11 Wireless LAN Family of Standards
Basic Operation (Figure 2-12 on next slide)
Main wired network for servers (usually 802.3 Ethernet)
Wireless stations with wireless NICs
Access points
Access points are bridges that link 802.11 LANs to 802.3 Ethernet LANs
61
802.11 FrameContaining Packet
802.11 Wireless LAN
NotebookWith PC CardWireless NIC
EthernetSwitch
AccessPoint
Server
802.3 FrameContaining Packet
(2)
(3)
Client PC
(1)
62
802.11 Wireless LAN
NotebookWith PC CardWireless NIC
EthernetSwitch
AccessPoint
Server
802.11 FrameContaining Packet
802.3 FrameContaining Packet
(2)
(1)
Client PC
(3)
63
802.11 Wireless LAN (WLAN) Security
Basic Operation
Propagation distance: farther for attackers than users
Attackers can have powerful antennas and amplifiers
Attackers can benefit even if they can only read some messages
Don’t be lulled into complacency by internal experiences with useable distances
64
802.11 Wireless LAN Standards
StandardRated Speed
(a)UnlicensedRadio Band
EffectiveDistance (b)
802.11b 11 Mbps 2.4 GHz ~30-50 meters
802.11a 54 Mbps 5 GHz ~10-30 meters
802.11g 54 Mbps 2.4 GHz ?
Notes: (a) Actual speeds are much lower and decline with distance. (b) These are distances for good communication; attackers can read some signals and send attack frames from longer distances.
65
802.11 Wireless LAN (WLAN) Security
Apparent 802.11 Security
Spread spectrum transmission does not provide security
Signal is spread over a broad range of frequencies
Methods used by military are hard to detect
802.11 spread spectrum methods are easy to detect so devices can find each other
Used in 802.11 to prevent frequency-dependent propagation problems rather than for security
66
802.11 Wireless LAN (WLAN) Security
Apparent 802.11 Security SSIDs
Mobile devices must know the access point’s service set identifier (SSID) to talk to the access point
Usually broadcast frequently by the access point for ease of discovery, so offers no security.
Sent in the clear in messages sent between stations and access points
67
802.11 Wireless LAN (WLAN) Security
Wired Equivalent Privacy (WEP)
Biggest security problem: Not enabled by default
40-bit encryption keys are too small Nonstandard 128-bit (really 104-bit) keys are
reasonable interoperable
68
802.11 Wireless LAN (WLAN) Security
Wired Equivalent Privacy (WEP)
Shared passwords
Access points and all stations use the same password
Difficult to change, so rarely changed
People tend to share shared passwords too widely
Flawed security algorithms Algorithms were selected by cryptographic
amateurs
69
802.11 Wireless LAN (WLAN) Security
802.1x and 802.11i (Figure 2-14)
Authentication server
User data server
Individual keys give out at access point
70
802.1x Authentication for 802.11i WLANs
AccessPoint
Applicant(Lee)
1.Authentication
Data
2.Pass on Request to
RADIUS Server
3.Get User Lee’s Data(Optional; RADIUSServer May Store
This Data)
4. AcceptApplicant Key=XYZ
5. OKUse
Key XYZ
DirectoryServer orKerberos
Server
RADIUS Server
71
802.11 Wireless LAN (WLAN) Security
802.1x and 802.11
Control access when the user connects to the network At a wired RJ-45 jack At a wireless access point
802.1x is a general approach to port authentication 802.11i is the implementation of 802.1x on
802.11 wireless LANs
72
802.11 Wireless LAN (WLAN) Security
802.1x and 802.11
Extensible Authentication Protocol (EAP) Supports multiple forms of authentication
EAP-TLS EAP-TTLS PEAP
73
802.11 Wireless LAN (WLAN) Security
802.1x and 802.11
Extensible Authentication Protocol (EAP) Authentication mechanisms
Passwords Simple and inexpensive to implement Low security
Digital Certificate Complex and expensive to install digital
certificates on many devices Very strong authentication
74
802.11 Wireless LAN (WLAN) Security
Client Authentication
Access Point Authentication
Comment
EAP-TLS Digital Certificate orNothing at all
Digital Certificate
Expensive client authentication or none
EAP-TTLS Password or other authentication method
Digital Certificate
Fits reality that many users have passwords
PEAP (Protected EAP)
Password or other authentication method
Digital Certificate
Strong. Supported by Microsoft, Cisco, and RSA
75
802.11 Wireless LAN (WLAN) Security
TLS The default for 802.11i security but choice of
either digital certificates for clients or no client authentication is undesirable
PEAP and TTLS Very similar in terms of the authentication
methods they support
PEAP is supported by Microsoft, Cisco, and RSA
TTLS is supported by a consortium of other vendors
76
802.11 Wireless LAN (WLAN) Security
802.1x and 802.11i (Figure 2-14)
After authentication, the client must be given a key for confidentiality
Temporal Key Integrity Protocol (TKIP) is used in 802.11i and 802.1x
Key changed every 10,000 frames to foil data collection for key guessing
This is an Advanced Encryption Standard (AES) key
77
Wi-Fi and WPA
Wi-Fi Alliance
Industry group that certifies 802.11 systems
Created the Wi-Fi Protected Access (WPA) system in 2002
WPA is basically 802.11i But does not use AES keys Many installed wireless products can be
upgraded to WPA Stop-gap measure before 802.11i
78
802.11i Today
802.11i standard was released in July 2004
But products started appearing in 2003
What must firms do?
Throw out WEP-only products In security, legacy technologies are not
acceptable
Decide if it can have WPA and 802.11i products co-exist
79
802.11 Wireless LAN (WLAN) Security
Virtual Private Networks (VPNs)
Add security on top of network technology to compensate for WLAN weaknesses
Discussed in Chapter 8
WLAN, etc.
VPN
80
The Situation Today in Wireless Security
Wireless security is poor in most installations today
The situation is improving, and technology will soon be good
But old installations are likely to remain weak links in corporate security
81
Topics Covered
Policy-Driven Access Control
Identify resources
Create an access policy for each
Let the policy drive implementation and testing
82
Topics Covered
Password-Based Access Control
Reusable passwords are inexpensive because built into servers
Usually weak because people often pick cracked passwords
Hacking root is a key goal
Password resets are necessary but dangerous
83
Topics Covered
Building Security
Single point of (normal) entry to building
Fire doors, etc.: use CCTV and alarms
Security centers
Interior doors locked (but piggybacking)
Dumpster diving control
Securing building wiring, including telecommunications closets
84
Topics Covered
Access Cards and Tokens
Magnetic strip cards
Smart cards with CPU and Memory
Tokens Tokens with constantly-changing passwords Tokens that plug into USB ports
Proximity cards with radio communication
Pins can be short because of manual entry
85
Topics Covered
Biometric Authentication Can replace reusable passwords
Fingerprint scanning dominates biometrics Inexpensive, somewhat secure
Iris recognition is more precise
Face recognition can be done surreptitiously
Identification vs verification vs watch list
FARs and FRRs
Often easily deceived by attackers
86
Topics Covered
802.11 Wireless LAN Security
Signals travel outside building, allowing drive-by hacking
Initial security was WEP Often not even turned on Very easily cracked because uses shared
static key for both confidentiality and authentication
Some firms added passwords and/or VPNs to allow secure communication anyway
87
Topics Covered
802.11 Wireless LAN Security
Now, 802.11i security
Based on 802.1x security for wired LANs
Sophisticated authentication
EAP supports multiple methods
Not a single standard, so problems with equipment interoperability
Strong AES confidentiality
88
Topics Covered
802.11 Wireless LAN Security
Now, 802.11i security Requires an infrastructure
Central authentication server Adequate for corporate needs
Today Buy only 802.11i equipment See if can keep WPA (post-WEP/pre-802.11i)
products Discard WEP products
89
End of Lecture