Embed Size (px)
Citation preview
11
Access Control Systems & Access Control Systems & MethodologyMethodology
[email protected]@vsnl.com98402 9993398402 99933
22
Topics to be coveredTopics to be covered
OverviewOverview Access control Access control
implementationimplementation Types of access control Types of access control MAC & DACMAC & DAC Orange BookOrange Book AuthenticationAuthentication PasswordsPasswords BiometricsBiometrics
Tokens/SSO Kerberos Attacks/Vulnerabilities/
Monitoring IDS Object reuse TEMPEST RAS access control Penetration Testing
33
What is access control?What is access control? Access controls are the collection of mechanisms that
specify what users can do on the system, such as what resources they can access and what operations they can perform.• The ability to allow only authorized users, programs or The ability to allow only authorized users, programs or
processes system or resource accessprocesses system or resource access
• The granting or denying, according to a particular security The granting or denying, according to a particular security model, of certain permissions to access a resourcemodel, of certain permissions to access a resource
• An entire set of procedures performed by hardware, An entire set of procedures performed by hardware, software and administrators, to monitor access, identify software and administrators, to monitor access, identify users requesting access, record access attempts, and grant users requesting access, record access attempts, and grant or deny access based on pre-established rulesor deny access based on pre-established rules..
44
The Big ThreeThe Big ThreeConfidentiality
An attack on confidentiality is when an entity, such as a person, program, or computer, gains unauthorized access to sensitive information.
Integrity An attack on integrity occurs when an unauthorized entity
gains access and tampers with a system resource. Another type of integrity attack occurs when an unauthorized entity inserts objects into the system or performs an unauthorized modification.
Availability An attack on availability is when an asset on the system is
destroyed, rendered unavailable, or caused to be unusable.
55
Access control Cont…Access control Cont…AuthenticationAuthentication
Process through which one proves and verifies certain informationProcess through which one proves and verifies certain information
IdentificationIdentification Process through which one ascertains the identity of another Process through which one ascertains the identity of another
person or entityperson or entity
Separation of DutiesSeparation of Duties A process is designed so that separate steps / operations must be A process is designed so that separate steps / operations must be
performed by different people.performed by different people. Collusion is an agreement among two or more people to commit Collusion is an agreement among two or more people to commit
fraud.fraud.
Least PrivilegeLeast Privilege A policy that limits both the system’s users and processes to A policy that limits both the system’s users and processes to
access only those resources necessary to perform assigned access only those resources necessary to perform assigned functions.functions.
66
How can AC be implemented?How can AC be implemented?
HardwareHardwareSoftwareSoftware
• ApplicationApplication
• Protocol (Kerberos, IPSec…)Protocol (Kerberos, IPSec…)
PhysicalPhysicalLogical (policies)Logical (policies)
77
Access Control ProtectsAccess Control Protects
Data - Unauthorized viewing, modification or copyingData - Unauthorized viewing, modification or copying System - Unauthorized use, modification or denial of System - Unauthorized use, modification or denial of
serviceservice It should be noted that nearly every network operating It should be noted that nearly every network operating
system (Win2K, NT, Unix, Vines, NetWare…) is based system (Win2K, NT, Unix, Vines, NetWare…) is based on a secure physical infrastructureon a secure physical infrastructure
Protection from ThreatsProtection from Threats Prepares for minimal ImpactPrepares for minimal Impact AccountabilityAccountability
88
Proactive access controlProactive access control Awareness trainingAwareness training Background checksBackground checks Separation of dutiesSeparation of duties Split knowledgeSplit knowledge PoliciesPolicies Data classificationData classification Effective user registrationEffective user registration Termination proceduresTermination procedures Change control proceduresChange control procedures
99
Physical ControlPhysical Control
GuardsGuards LocksLocks MantrapsMantraps ID badgesID badges CCTV, sensors, alarmsCCTV, sensors, alarms BiometricsBiometrics Fences - the higher the voltage the betterFences - the higher the voltage the better Card-key and tokensCard-key and tokens Guard dogsGuard dogs
1010
Technical (Logical) ControlsTechnical (Logical) Controls
Access control software, such as firewalls, proxy servers
Anti-virus software Passwords Smart cards/biometrics/badge systems Encryption Dial-up callback systems Audit trails Intrusion detection systems (IDSs)
1111
Administrative ControlAdministrative Control
Policies and procedures Security awareness training Separation of duties Security reviews and audits Rotation of duties Procedures for recruiting and terminating employees Security clearances Background checks Alert supervision Performance evaluations Mandatory vacation time
1212
AC & privacy issuesAC & privacy issues
Expectation of privacyExpectation of privacyPoliciesPoliciesMonitoring activity, Internet usage, e-mailMonitoring activity, Internet usage, e-mailLogin banners should detail expectations of Login banners should detail expectations of
privacy and state levels of monitoring privacy and state levels of monitoring
1313
Types of Access Control Types of Access Control
Mandatory (MAC)Mandatory (MAC) Discretionary (DAC)Discretionary (DAC) Lattice / Role Based / Task BasedLattice / Role Based / Task Based Formal models:Formal models:
Bell-La Padula - Focuses on the Bell-La Padula - Focuses on the confidentiality of of classified information classified information
Biba - Rules for the protection of Information IntegrityBiba - Rules for the protection of Information IntegrityTake/Grant – A directed Graph to specify the rights that Take/Grant – A directed Graph to specify the rights that
a subject can transfer to, or take from, another subject a subject can transfer to, or take from, another subject Clark/Wilson – The Integrity Model based on Well Clark/Wilson – The Integrity Model based on Well
Formed TransactionsFormed Transactions
1414
Mandatory Access ControlMandatory Access Control Assigns sensitivity levels, AKA labelsAssigns sensitivity levels, AKA labels Every object is given a sensitivity label & is accessible Every object is given a sensitivity label & is accessible
only to users who are cleared up to that particular only to users who are cleared up to that particular level.level.
Only the administrators, not object owners, make Only the administrators, not object owners, make change the object levelchange the object level
Generally more secure than DACGenerally more secure than DAC Orange book B-levelOrange book B-level Used in systems where security is critical, i.e., militaryUsed in systems where security is critical, i.e., military Hard to program for and configure & implementHard to program for and configure & implement
1515
Mandatory Access Control Cont…Mandatory Access Control Cont…
Downgrade in performanceDowngrade in performance Relies on the system to control accessRelies on the system to control access Example: If a file is classified as confidential, MAC will Example: If a file is classified as confidential, MAC will
prevent anyone from writing secret or top secret prevent anyone from writing secret or top secret information into that file.information into that file.
All output, i.e., print jobs, floppies, other magnetic All output, i.e., print jobs, floppies, other magnetic media must have be labeled as to the sensitivity level media must have be labeled as to the sensitivity level
1616
Discretionary Access ControlDiscretionary Access Control
Access is restricted based on the Access is restricted based on the authorization granted to the userauthorization granted to the user
Orange book C-levelOrange book C-levelPrime use to separate and protect users from Prime use to separate and protect users from
unauthorized dataunauthorized dataUsed by Unix, NT, NetWare, Linux, Vines, Used by Unix, NT, NetWare, Linux, Vines,
etc.etc.Relies on the object owner to control accessRelies on the object owner to control access
1717
Access control lists (ACL)Access control lists (ACL)
A file used by the access control system to A file used by the access control system to determine who may access what programs determine who may access what programs and files, in what method and at what timeand files, in what method and at what time
Different operating systems have different Different operating systems have different ACL termsACL terms
Types of access:Types of access:Read/Write/Create/Execute/Modify/Delete/Read/Write/Create/Execute/Modify/Delete/
RenameRename
1818
Standard UNIX file Standard UNIX file permissionspermissions
Permission Allowed action, if object is a file
Allow action if object is a directory
R (read) Reads contents of a file List contents of the directory
X (execute) Execute file as a program Search the directory
W (write) Change file contents Add, rename, create files and subdirectories
1919
Standard NT file permissionsStandard NT file permissions
Permission Allowed action, if object is a file
Allow action if object is a directory
No access None None
List N/A RX
Read RX RX
Add N/A WX
Add & Read N/A RWX
Change RWXD RWXD
Full Control All All
R- Read X - Execute W - Write D - Delete
2020
MAC vs. DACMAC vs. DAC
Discretionary Access ControlDiscretionary Access Control You decided how you want to protect and You decided how you want to protect and
share your datashare your data
MandatoryMandatory Access ControlAccess Control The system decided how the data will be The system decided how the data will be
sharedshared
2121
Problems with formal modelsProblems with formal models Based on a static infrastructureBased on a static infrastructure Defined and succinct policiesDefined and succinct policies These do not work in corporate systems which These do not work in corporate systems which
are extremely dynamic and constantly changingare extremely dynamic and constantly changing None of the formal models deals with:None of the formal models deals with:
Viruses/active contentViruses/active content
Trojan horsesTrojan horses
firewallsfirewalls Limited documentation on how to build these Limited documentation on how to build these
systemssystems
2222
Orange BookOrange Book
DoD Trusted Computer System Evaluation DoD Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, 1983Criteria, DoD 5200.28-STD, 1983
Provides the information needed to classify Provides the information needed to classify systems (A,B,C,D), defining the degree of systems (A,B,C,D), defining the degree of trust that may be placed in themtrust that may be placed in them
For stand-alone systems onlyFor stand-alone systems onlyWindows NT has a C2 utility, it does many Windows NT has a C2 utility, it does many
things, including disabling networking things, including disabling networking
2323
Orange book levelsOrange book levels
A - Verified protectionA - Verified protectionA1A1
B - MACB - MACB1/B2/B3B1/B2/B3
C - DACC - DACC1/C2C1/C2
D - Minimal security. Systems that have D - Minimal security. Systems that have been evaluated, but failedbeen evaluated, but failed
2424
The Orange Book LimitationsThe Orange Book Limitations
Based on an old model, Bell-La PadulaBased on an old model, Bell-La PadulaStand alone, no way to network systemsStand alone, no way to network systemsSystems take a long time (1-2 years) to certifySystems take a long time (1-2 years) to certify
Any changes (hot fixes, service packs, patches) Any changes (hot fixes, service packs, patches) break the certificationbreak the certification
Has not adapted to changes in client-server Has not adapted to changes in client-server and corporate computingand corporate computing
Certification is expensiveCertification is expensiveFor the most part, not used outside of the For the most part, not used outside of the
government sectorgovernment sector
2525
Red BookRed Book
Used to extend the Orange Book to networksUsed to extend the Orange Book to networksActually two works:Actually two works:
Trusted Network Interpretation of the TCSEC Trusted Network Interpretation of the TCSEC (NCSC-TG-005)(NCSC-TG-005)
Trusted Network Interpretation Environments Trusted Network Interpretation Environments Guideline: Guidance for Applying the Trusted Guideline: Guidance for Applying the Trusted Network Interpretation (NCSC-TG-011) Network Interpretation (NCSC-TG-011)
2626
AuthenticationAuthentication
Three Types of Authentication: Three Types of Authentication: Something you knowSomething you know - Password, PIN, - Password, PIN,
mother’s maiden name, passphrase…mother’s maiden name, passphrase…
Something you haveSomething you have - ATM card, smart card, - ATM card, smart card, token, key, ID Badge, driver license, token, key, ID Badge, driver license, passport…passport…
Something you areSomething you are - Fingerprint, voice scan, - Fingerprint, voice scan, iris scan, retina scan, DNA…iris scan, retina scan, DNA…
2727
Multi-factor authenticationMulti-factor authentication
2-factor authentication. To increase the level of 2-factor authentication. To increase the level of security, many systems will require a user to security, many systems will require a user to provide 2 of the 3 types of authentication.provide 2 of the 3 types of authentication. ATM card + PINATM card + PIN Credit card + signatureCredit card + signature PIN + fingerprintPIN + fingerprint Username + Password (NetWare, Unix, NT Username + Password (NetWare, Unix, NT
default)default)
3-factor authentication -- For highest security3-factor authentication -- For highest securityUsername + Password + FingerprintUsername + Password + FingerprintUsername + Passcode + SecurID tokenUsername + Passcode + SecurID token
2828
Problems with passwordsProblems with passwords InsecureInsecure - Given the choice, people will choose easily remembered - Given the choice, people will choose easily remembered
and hence easily guessed passwords such as names of relatives, and hence easily guessed passwords such as names of relatives, pets, phone numbers, birthdays, hobbies, etc. pets, phone numbers, birthdays, hobbies, etc.
Easily brokenEasily broken - Programs such as crack, SmartPass, PWDUMP, - Programs such as crack, SmartPass, PWDUMP, NTCrack & l0phtcrack can easily decrypt Unix, NetWare & NT NTCrack & l0phtcrack can easily decrypt Unix, NetWare & NT passwords. passwords. Dictionary attacks are only feasible because users choose easily Dictionary attacks are only feasible because users choose easily
guessed passwords! guessed passwords!
InconvenientInconvenient - In an attempt to improve security, organizations often - In an attempt to improve security, organizations often issue users with computer-generated passwords that are difficult, if issue users with computer-generated passwords that are difficult, if not impossible to remember not impossible to remember
RepudiableRepudiable - Unlike a written signature, when a transaction is - Unlike a written signature, when a transaction is signed with only a password, there is no real proof as to the identity signed with only a password, there is no real proof as to the identity of the individual that made the transactionof the individual that made the transaction
2929
Classic password rulesClassic password rules The best passwords are those that are both easy to The best passwords are those that are both easy to
remember and hard to crack using a dictionary attack. remember and hard to crack using a dictionary attack. The best way to create passwords that fulfill both criteria The best way to create passwords that fulfill both criteria is to use two small unrelated words or phonemes, ideally is to use two small unrelated words or phonemes, ideally with a special character or number. Good examples with a special character or number. Good examples would be would be hex7goophex7goop or or -typetin-typetin
Don’t use: Don’t use: common names, DOB, spouse, phone #, etc.common names, DOB, spouse, phone #, etc. word found in dictionaries word found in dictionaries password as a passwordpassword as a password systems defaultssystems defaults
3030
Password managementPassword management
Configure system to use string passwordsConfigure system to use string passwordsSet password time and lengths limitsSet password time and lengths limitsLimit unsuccessful loginsLimit unsuccessful loginsLimit concurrent connectionsLimit concurrent connectionsEnabled auditingEnabled auditingHow policies for password resets and How policies for password resets and
changeschangesUse last login dates in bannersUse last login dates in banners
3131
Password AttacksPassword AttacksDictionaryDictionary
CrackCrackJohn the RipperJohn the Ripper
Brute forceBrute forcel0phtcrackl0phtcrack
Hybrid AttackHybrid AttackDictionary and Brute ForceDictionary and Brute Force
Trojan horse login programTrojan horse login programPassword sending TrojansPassword sending Trojans
3232
BiometricsBiometricsAuthenticating a user via human characteristicsAuthenticating a user via human characteristicsUsing measurable physical characteristics of a Using measurable physical characteristics of a
person to prove their identificationperson to prove their identificationFingerprintFingerprintsignature dynamicssignature dynamicsIrisIrisretinaretinavoicevoicefacefaceDNA, bloodDNA, blood
3333
Advantages of fingerprint-based Advantages of fingerprint-based biometricsbiometrics
Can’t be lent like a physical key or token and Can’t be lent like a physical key or token and can’t be forgotten like a passwordcan’t be forgotten like a password
Good compromise between ease of use, Good compromise between ease of use, template size, cost and accuracytemplate size, cost and accuracy
Fingerprint contains enough inherent variability to Fingerprint contains enough inherent variability to enable unique identification even in very large enable unique identification even in very large (millions of records) databases(millions of records) databases
Basically lasts forever -- or at least until Basically lasts forever -- or at least until amputation or dismembermentamputation or dismemberment
Makes network login & authentication effortlessMakes network login & authentication effortless
3434
Biometric DisadvantagesBiometric Disadvantages
Still relatively expensive per user Still relatively expensive per user
Companies & products are often new & Companies & products are often new & immatureimmature
No common API or other standardNo common API or other standard
Some hesitancy for user acceptanceSome hesitancy for user acceptance
3535
Biometric privacy issuesBiometric privacy issues
Tracking and surveillanceTracking and surveillance - Ultimately, the - Ultimately, the ability to track a person's movement from hour ability to track a person's movement from hour to hourto hour
AnonymityAnonymity - Biometric links to databases - Biometric links to databases could dissolve much of our anonymity when could dissolve much of our anonymity when we travel and access serviceswe travel and access services
ProfilingProfiling - Compilation of transaction data - Compilation of transaction data about a particular person that creates a about a particular person that creates a picture of that person's travels, preferences, picture of that person's travels, preferences, affiliations or beliefsaffiliations or beliefs
3636
Practical biometric applicationsPractical biometric applications Network access controlNetwork access control
Staff time and attendance trackingStaff time and attendance tracking
Authorizing financial transactionsAuthorizing financial transactions
Government benefits distribution (Social Security, welfare, etc.)Government benefits distribution (Social Security, welfare, etc.)
Verifying identities at point of sale Verifying identities at point of sale
Using in conjunction with ATM , credit or smart cards Using in conjunction with ATM , credit or smart cards
Controlling physical access to office buildings or homes Controlling physical access to office buildings or homes
Protecting personal propertyProtecting personal property
Prevent against kidnapping in schools, play areas, etc.Prevent against kidnapping in schools, play areas, etc.
Protecting children from fatal gun accidentsProtecting children from fatal gun accidents
Voting/passports/visas & immigrationVoting/passports/visas & immigration
3737
TokensTokens
Used to facilitate one-time passwordsUsed to facilitate one-time passwordsPhysical cardPhysical cardSecurIDSecurIDS/KeyS/KeySmart cardSmart cardAccess tokenAccess token
3838
Synchronous TokenSynchronous Token
3939
Asynchronous TokenAsynchronous Token
4040
Smart CardSmart Card
4141
Single sign-onSingle sign-onUser has one password for all enterprise User has one password for all enterprise
systems and applicationssystems and applicationsThat way, one strong password can be That way, one strong password can be
remembered and usedremembered and usedAll of a users accounts can be quickly created All of a users accounts can be quickly created
on hire, deleted on dismissalon hire, deleted on dismissalHard to implement and get workingHard to implement and get workingKerberos, CA-Unicenter, Memco Proxima, Kerberos, CA-Unicenter, Memco Proxima,
IntelliSoftIntelliSoft SnareWorks, Tivoli Global Sign-On, SnareWorks, Tivoli Global Sign-On, x.509x.509
4242
KerberosKerberosPart of MIT’s Project AthenaPart of MIT’s Project AthenaKerberos is an authentication protocol used for Kerberos is an authentication protocol used for
network wide authenticationnetwork wide authenticationAll software must be All software must be kerberizedkerberizedTickets, authenticators, key distribution center Tickets, authenticators, key distribution center
(KDC)(KDC)Divided into Divided into realmsrealmsKerberos is the three-headed dog that guards Kerberos is the three-headed dog that guards
the entrance to Hades (this won’t be on the the entrance to Hades (this won’t be on the test)test)
4343
Kerberos RolesKerberos Roles
KDC divided into Authentication Server & KDC divided into Authentication Server & Ticket Granting Server (TGS)Ticket Granting Server (TGS)
Authentication Server - authentication the Authentication Server - authentication the identities of entities on the networkidentities of entities on the network
TGS - Generates unique session keys TGS - Generates unique session keys between two parties. Parties then use these between two parties. Parties then use these session keys for message encryptionsession keys for message encryption
4444
Kerberos Authentication Kerberos Authentication User must have an account on the KDCUser must have an account on the KDCKDC must be a trusted server in a secured KDC must be a trusted server in a secured
locationlocationShares a DES key with each userShares a DES key with each userWhen a user want to access a host or application, When a user want to access a host or application,
they request a ticket from the KDC via they request a ticket from the KDC via klogin klogin & & generate an authenticator that validates the ticketsgenerate an authenticator that validates the tickets
User provides ticket and authenticator to the User provides ticket and authenticator to the application, which processes them for validity and application, which processes them for validity and will then grant access.will then grant access.
4545
Problems with KerberosProblems with KerberosEach piece of software must be Each piece of software must be kerberizedkerberizedRequires synchronized time clocksRequires synchronized time clocksRelies on UDP which is often blocked by Relies on UDP which is often blocked by
many firewallsmany firewallsKerberos v4 binds tickets to a single network Kerberos v4 binds tickets to a single network
address for a hosts. Host with multiple NIC’s address for a hosts. Host with multiple NIC’s will have problems using ticketswill have problems using tickets
4646
AttacksAttacks Passive attack - Monitor network traffic and then use Passive attack - Monitor network traffic and then use
data obtained or perform a replay attack.data obtained or perform a replay attack.Hard to detectHard to detect
Active attack - Attacker is actively trying to break-in. Active attack - Attacker is actively trying to break-in. Exploit system vulnerabilitiesExploit system vulnerabilitiesSpoofingSpoofingCrypto attacksCrypto attacks
Denial of service (DoS) - Not so much an attempt to gain Denial of service (DoS) - Not so much an attempt to gain access, rather to prevent system operationaccess, rather to prevent system operationSmurf, SYN Flood, Ping of deathSmurf, SYN Flood, Ping of deathMail bombsMail bombs
4747
VulnerabilitiesVulnerabilitiesPhysicalPhysicalNaturalNatural
Floods, earthquakes, terrorists, power outage, lightningFloods, earthquakes, terrorists, power outage, lightning
Hardware/SoftwareHardware/SoftwareDesign WeaknessDesign Weakness
MediaMediaCorrupt electronic media, stolen disk drivesCorrupt electronic media, stolen disk drives
EmanationEmanationEMR, RFEMR, RF
CommunicationsCommunicationsSniffing, Wire Tapping, RadiationSniffing, Wire Tapping, Radiation
HumanHumanSocial engineering, disgruntled staffSocial engineering, disgruntled staff
4848
MonitoringMonitoring
IDSIDSNetwork based and Host Based (Signature and Anomaly Network based and Host Based (Signature and Anomaly
Detection)Detection)
LogsLogsSystem Logs and Audit LogsSystem Logs and Audit Logs
Audit trailsAudit trails Network tools Network tools
Network Monitor (Sniffers and SNMP Based Tools)Network Monitor (Sniffers and SNMP Based Tools)TivoliTivoliSpectrumSpectrumOpenViewOpenView
4949
Intrusion Detection SystemsIntrusion Detection Systems
IDS monitors system or network for attacksIDS monitors system or network for attacksIDS engine has a library and set of signatures IDS engine has a library and set of signatures
that identify an attackthat identify an attackAdds defense in depthAdds defense in depthShould be used in conjunction with a system Should be used in conjunction with a system
scanner (CyberCop, ISS S3) for maximum scanner (CyberCop, ISS S3) for maximum securitysecurity
5050
Object reuseObject reuse Must ensure that magnetic media must not have any Must ensure that magnetic media must not have any
remanance of previous dataremanance of previous data Also applies to buffers, cache and other memory Also applies to buffers, cache and other memory
allocationallocation Required at TCSEC B2/B3/A1 levelRequired at TCSEC B2/B3/A1 level Secure Deletion of Data from Magnetic and Solid-State Secure Deletion of Data from Magnetic and Solid-State
MemoryMemory Documents recently declassified Documents recently declassified Objects must be declassifiedObjects must be declassified Magnetic media must be degaussed or have secure Magnetic media must be degaussed or have secure
overwrites overwrites
5151
TEMPESTTEMPESTElectromagnetic emanations from keyboards, cables, printers, Electromagnetic emanations from keyboards, cables, printers,
modems, monitors and all electronic equipment. With modems, monitors and all electronic equipment. With appropriate and sophisticated enough equipment, data can be appropriate and sophisticated enough equipment, data can be readable at a few hundred yards.readable at a few hundred yards.
TEMPEST certified equipment, which encases the hardware TEMPEST certified equipment, which encases the hardware into a tight, metal construct, shields the electromagnetic into a tight, metal construct, shields the electromagnetic emanations emanations
WANG Federal is the leading provider of TEMPEST hardwareWANG Federal is the leading provider of TEMPEST hardwareTEMPEST hardware is extremely expensive and can only be TEMPEST hardware is extremely expensive and can only be
serviced by certified techniciansserviced by certified techniciansRooms & buildings can be TEMPEST-certified Rooms & buildings can be TEMPEST-certified TEMPEST standards NACSEM 5100A NACSI 5004 are TEMPEST standards NACSEM 5100A NACSI 5004 are
classified documentsclassified documents
5252
BannersBannersBanners display at login or connection stating Banners display at login or connection stating
that the system is for the exclusive use of that the system is for the exclusive use of authorized users and that their activity may be authorized users and that their activity may be monitoredmonitored
Not foolproof, but a good start, especially from Not foolproof, but a good start, especially from a legal perspectivea legal perspective
Make sure that the banner does not reveal Make sure that the banner does not reveal system information, i.e., OS, version, system information, i.e., OS, version, hardware, etc.hardware, etc.
5353
RAS access controlRAS access control RADIUSRADIUS (Remote Authentication Dial-In User Service) - (Remote Authentication Dial-In User Service) -
client/server protocol & software that enables RAS to client/server protocol & software that enables RAS to communicate with a central server to authenticate dial-in communicate with a central server to authenticate dial-in users & authorize their access to requested systemsusers & authorize their access to requested systems
TACACS/TACACS+TACACS/TACACS+ (Terminal Access Controller Access (Terminal Access Controller Access Control System) - Authentication protocol that allows a Control System) - Authentication protocol that allows a RAS to forward a users logon password to an RAS to forward a users logon password to an authentication server. TACACS is an unencrypted protocol authentication server. TACACS is an unencrypted protocol and therefore less secure than the later TACACS+ and and therefore less secure than the later TACACS+ and RADIUS protocols. A later version of TACACS is RADIUS protocols. A later version of TACACS is XTACACS (Extended TACACS).XTACACS (Extended TACACS).May 1997 - TACACS and XTACACS are considered May 1997 - TACACS and XTACACS are considered
Cisco Cisco End-of-MaintenanceEnd-of-Maintenance
5454
Penetration TestingPenetration Testing Basically MeasuringBasically Measuring the Security of Your Network by Breaking Into itthe Security of Your Network by Breaking Into it Identifies weaknesses in Internet, Intranet, Extranet, and RAS Identifies weaknesses in Internet, Intranet, Extranet, and RAS
technologiestechnologies Discovery and footprint analysis Discovery and footprint analysis Exploitation Exploitation Physical Security Assessment Physical Security Assessment Social EngineeringSocial Engineering
Attempt to identify vulnerabilities and gain access to critical systems within Attempt to identify vulnerabilities and gain access to critical systems within organizationorganization
Identifies and recommends corrective action for the systemic problems Identifies and recommends corrective action for the systemic problems which may help propagate these vulnerabilities throughout an organizationwhich may help propagate these vulnerabilities throughout an organization
Assessments allow client to demonstrate the need for additional security Assessments allow client to demonstrate the need for additional security resources, by translating exiting vulnerabilities into real life business risksresources, by translating exiting vulnerabilities into real life business risks
5555
Rule of least privilegeRule of least privilege One of the most fundamental principles of infosecOne of the most fundamental principles of infosec States that: States that: Any object (user, administrator, program, Any object (user, administrator, program,
system) should have only the least privileges the object system) should have only the least privileges the object needs to perform its assigned task, and no more.needs to perform its assigned task, and no more.
An AC system that grants users only those rights An AC system that grants users only those rights necessary for them to perform their worknecessary for them to perform their work
Limits exposure to attacks and the damage an attack Limits exposure to attacks and the damage an attack can causecan cause
Physical security example: car ignition key vs. door key Physical security example: car ignition key vs. door key
5656
Implementing least privilegeImplementing least privilege
Ensure that only a minimal set of users have Ensure that only a minimal set of users have root accessroot access
Don’t make a program run Don’t make a program run setuid setuid to root if not to root if not needed. Rather, make file group-writable to needed. Rather, make file group-writable to some group and make the program run some group and make the program run setgidsetgid to to that group, rather than that group, rather than setuid setuid to rootto root
Don’t run insecure programs on the firewall or Don’t run insecure programs on the firewall or other trusted hostother trusted host
5757
??
