IAS 2 Reviewer Access Control PDF

Summary

This document provides an overview of access control approaches, focusing on the different methods used in computer systems. Includes several models with details on functions and characteristics. The document covers a range of access control types and concepts involved in authorization and authentication.

Full Transcript

IAS 2 Reviewer Attribute-based Access Control – an access
control approach whereby the organization
ACCESS CONTROL
specifies the use of objects based on some
attribute of the user of the system.

Attribute – A characteristic of a
subject that can be used to restrict to
an object.

ACCESS CONTROL MECHANISMS

Four Fundamental Functions of Access
Control Systems

1. Identification - User
2. Authentication - Prove
3. Authorization - Allowed
The selective method by which the systems 4. Accountability – Track and Monitor
specify who may use a particular resource and Identification – Seeks label or username
how they may use it. known by the system.
Discretionary Access Controls - access Authentication – Requires validation and
controls that are implemented at the verification of an entity’s unsubstantiated
judgment or option of the data user.
3 Authentication Factors
Nondiscretionary Access Controls – access
controls that are implement by a central 1. Something you know (Password,
authority. Passphrases, Virtual Password)
2. Something you have (Smart Card,
Lattice-based Access Control – Variation on Dumb Cards, Virtual Password)
mandatory access controls that assigns users 3. Something you are (Fingerprints,
a matrix of authorizations for particular areas. Palm prints, Hand geometry and
Role-based Access Control – A topography, retina and iris scans,
nondiscretionary control where privileges are voice pattern, signatures,
tied to the role or job a user is performing. keyboard kinetic measurements)

Task-based Access Control – A Authorization – matching of an authenticated
nondiscretionary control where privileges are entity to a list of information assets and
temporarily granted to a user based on their corresponding access levels.
task. Accountability – ensures all actions on a
Mandatory Access Control – A required, system – authorized or unauthorized – can be
structured data classification scheme that attributed to an authenticated identity; also
assigns a sensitivity or classification rating to known as auditability.
each collection or information as well as each Biometrics Access Control – Use of
user. physiological characteristics to provide
authentication.
Access Control Architecture Models 8 Primitive Protection Rights

1. TSSEC’s Trusted Computing Base: A 1. Create Object
critical concept in the Trusted 2. Create Subject
Computer System Evaluation Criteria 3. Delete Object
(TCSEC) also known as the orange 4. Delete Subject
book. Developed by the US 5. Read Access Right
Department of Defense to evaluate 6. Grant Access Right
and classify the security of computing 7. Delete Access Right
systems. 8. Transfer Access Right
2. ITSEC – stands for Information
8. Harrison-Ruzzo-Ullman Model – An
Technology Security Evaluation
access control model designed to formally
Criteria, a European set of standards
specify how systems manage access rights
developed in the early 1990s to
and control who can access specific
evaluate the security of information
resources in a secure and structured manner.
systems and products.
Developed by Michael A. Harrison, Walter L.
3. Common Criteria – An International
Ruzzo, and Jeffrey D. Ullman in 1976.
Standard (ISO/IEC 15408) for
Computer Security Certification. HRU is built on an access control
4. Bell-LaPadula Confidentiality Model matrix and includes a set of generic rights and
– A formal security model focused on a specific set of commands.
maintaining confidentiality in multi-
level security systems. It was - Create Object/Subject
developed in the early 1970s by David - Enter specific command or generic
Bell and Leonard LaPadula. right into a subject or object
5. Biba Integrity Model – A formal model - Delete specific command or generic
designed to maintain the integrity of right into a subject or object
data in a system, ensuring that - Destroy Object/Subject
information cannot be improperly 9. Zero Trust Architecture – An approach to
altered. Developed by Kenneth J. Biba access control in IT Networks that does not
in 1977. rely on trusting devices or network
6. Clark-Wilson Integrity Model – A connections.
security model designed to ensure the
integrity of data by enforcing well-
formed transactions and preventing
unauthorized or improper
modifications. Developed by David D.
Clark and David R. Wilson in 1987.
7. Graham-Denning Access Control
Model – A formal security model that
defines how subjects and objects can
be securely managed within a
computer system.
FIREWALLS 7 OSI Layers

A firewall is a system, or group of systems, that
enforces an access control policy between
networks.

Common Properties

1. Firewalls are resistant to network
attacks.
2. Firewalls are the only transit point
between integral corporate networks
and external networks because all
traffic flows through firewalls.
3. Firewalls enforce the access control
policy

Benefits

1. Prevent exposure of sensitive hosts,
resources, and applications to
untrusted users.
2. Sanitize flow protocol, which prevents
the exploitation of protocol flaws. TYPES OF FIREWALLS
3. Blocks malicious data from servers 1. Packet Filtering Firewalls – Usually a
and clients. part of a router firewall, which permits
4. Reduce security management or denies traffic based on Layer 3 and
complexity by off-loading most of Layer 4 information.
network access control to a few 2. Stateful Firewalls – Provide stateful
firewalls in the network. packet filtering by using connection
Limitations information maintained in a state
table. It’s classified at the network
1. A misconfigured firewall can be a layer. It also analyzes traffic at OSI
single point of failure. Layer 4 and 5.
2. Data from many applications cannot 3. Application Gateway Firewall -
be passed over firewalls securely. Filters information at Layers 3, 4, 5,
3. Users may try to install an unsafe and 7 of the OSI reference model.
application bypassing the firewall that 4. Next-Generation Firewalls –
can lead to exposure. Integrated intrusion prevention,
4. Network performance can slow down. application awareness and control to
5. Unauthorized traffic can be tunneled see block risky apps, upgrade paths to
or hidden as legitimate traffic through include future information feeds,
the firewall. techniques to address evolving
security threats.
5. Host-based Firewall – A PC or server
with firewall software running on it.
 6. Transparent Firewall – Filters IP traffic 3. Stateful firewalls improve
between a pair of bridged interfaces. performance over packet filters or
7. Hybrid Firewall – A combination of the proxy servers.
various firewall. 4. Stateful firewalls defend against
spoofing and DoS attacks by
PACKET FILTERING BENEFITS AND
determining whether packets
LIMITATIONS
belong to an existing connection or
Advantages are from an unauthorized source.
5. Stateful firewalls provide more log
1. Packet filters implement simple information than a packet filtering
permit or deny rule sets. firewall.
2. Packet filters have a low impact o
network performance. Disadvantages
3. Packet filters are easy to
1. Stateful firewalls cannot prevent
implement and are supported by
application layer attacks because
most routers.
they do not examine the actual
4. Packet filters provide an initial
contents of the HTTP connection.
degree of security at the network
2. Not all protocols stateful.
layer.
3. It’s difficult to track connections
5. Packet filters perform almost all
that use dynamic port
the tasks of a high-end firewall at a
negotiations.
much lower cost.
4. Stateful firewalls do not support
Disadvantages user authentication.

1. Packet filters are susceptible to IP COMMON SECURITY ARCHITECTURES
spoofing.
1. Firewall design is primarily about
2. Packet filters do not reliably filter
device interfaces permitting or
fragmented packets.
denying traffic based on the source,
3. Packet filters use complex ACLs
the destination, and the type of traffic.
which can be difficult to
2. Public Network -> Untrusted, Private
implement and maintain.
Network -> Trusted
4. Packet filters cannot dynamically
3. Typically, a firewall with two interfaces
filter certain services.
is configures as follows:
STATEFUL FIREWALL BENEFITS AND a. Traffic origination from the
LIMITATIONS private network is permitted
and inspected as it travels
Advantages toward the public network.
1. Stateful firewalls are often used as b. Traffic originating from the
a primary means of defense by public network and traveling to
filtering unwanted, unnecessary, the private network is generally
or undesirable traffic. blocked.
2. Stateful firewalls strengthen 4. A Demilitarized Zone (DMZ) is
packet filtering by providing more firewall design where there is typically
stringent control over security. one interface connected to the private
 network, one outside interface A Network Administrator must consider many
connected to the public network, and factors when building a complete in-depth
one DMZ interface. defense:
a. Traffic origination from the
1. Firewalls typically do not stop
private network is permitted
intrusions that come from hosts
and inspected as it travels
within a network or zone.
toward the public network.
2. Firewalls do not protect against
b. Traffic originating from the
rogue access point installations.
DMZ network and traveling to
3. Firewalls do not replace backup
the private network is usually
and disaster recovery
blocked.
mechanisms resulting from attack
c. Traffic originating from the
or hardware failure.
DMZ network and traveling to
4. Firewalls are no substitute for
the public network is
informed administrators and
selectively permitted based on
users.
service requirements.
d. Traffic originating from the BEST PRACTICES FOR FIREWALLS
public network and traveling
toward the DMZ is selectively 1. Position firewalls at security
permitted and inspected. boundaries.
e. Traffic originating from the 2. Deny all traffic by default.
public network and traveling to 3. Permit only services that are needed.
the private network is blocked. 4. Ensure that physical access to the
5. Zone-based Policy Firewalls use the firewall is controlled.
concept of zones to provide additional 5. Regularly monitor firewall logs.
flexibility. 6. Practice change management for
a. A zone is a group of one or firewall configuration changes.
more interfaces that have 7. Remember that firewalls primarily
similar functions or features. protect from technical attacks
originating from the outside.
LAYERED DEFENSE 8. All traffic from the trusted network is
allowed out.
1. Network Core Security – Protects
9. The firewall device is never directly
against malicious software and
accessible from the public network or
traffic anomalies, enforces
configuration or management
network policies, and ensure
purposes.
survivability.
10. Simple Mail Transfer Protocol data is
2. Perimeter Security – Secures
allowed to enter through the firewall
boundaries between zones.
but is routed to a well-configured
3. Communications Security –
SMTP gateway to filer and route
Provides information assurance
messing traffic securely
4. Endpoint Security – Provides
11. All Internet Control Message Protocol
identity and device security policy
data should be denied.
compliance
 12. Telnet (Terminal Emulation) access 3. Kerberos Ticket Granting Service
should be blocked to all internal – Provides tickets to clients who
servers from the public networks. requested services. A ticket is an
13. All data that is not verifiably authentic identification card for a particular
should be denied. client that verifies to the server
that the client is requesting
RADIUS, DIAMETER AND TACACS
services.
RADIUS and TACACS are systems that
KERBEROS PRINCIPLES:
authenticate the credentials of users who are
trying to access an organization’s network via 1. Knows the secret keys of all clients and
a dial-up connection servers on the network.
2. Initially exchanges information with
Remote Authentication Dial-In User
the client and server by using these
Service: A computer connection system that
secret keys.
centralizes the management of user
3. Authenticates a client to a requested
authentication by placing the responsibility for
service on a server through TGS and by
authenticating each user on a central
issuing temporary session keys for
authentication server.
communications.
Diameter Protocol: Defines the minimum
Secure European System for Applications in
requirements for a system that provides
a Multivendor Environment (SESAME): An
authentication, authorization, and accounting
advanced network authentication protocol
services.
designed to enhance the security features of
Terminal Access Controller Access Control Kerberos while addressing some of its
System: Remote access authorization system limitations, especially for large-scale,
that is based on a client/server configuration distributed environments.

3 Versions of TACACS Sesame separates its functions between two
servers: the Authentication Server and the
TACACS Privilege Attribute Server
Extended TACACS AS – Verifies their identity
TACACS+ - Uses dynamic passwords and PAS – handles the authorization by
incorporates two-factor authentication. issuing PACs.
Kerberos: An authentication system that uses
symmetric key encryption to validate an
individual user’s access to various network VIRTUAL PRIVATE NETWORK
resources by keeping a database containing
- A private, secure network operated
the private keys of clients and servers that are
over a public and insecure network; it
in the authentication domain it supervises.
uses encryption to protect the data
1. Authentication Server – between endpoints.
Authenticates clients and servers.
TYPES OF VPNs
2. Key Distribution Center –
Generates and issues session keys
 1. Trusted VPN – Also known as legacy
VPN, a VPN implementation that uses
leased circuits from a service provider
who gives contractual assurance that
no one else is allowed to use these
circuits that they are properly
maintained and protected.
2. Secure VPN – A VPN implementation
that uses security protocols to encrypt
traffic transmitted across unsecured
public networks.
3. Hybrid VPN – A combination of trusted
and secure VPN implementations.

A VPN that proposes to offer a secure and
reliable capability while relying on public
networks must accomplish the following:

1. Encapsulation
2. Encryption
3. Authentication

IPSec, the dominant protocol used in VPNs,
uses either transport or tunnel mode. It can be
used as a stand-alone protocol or coupled
with the Layer Two Tunneling Protocol
(L2TP).

Transport Mode – The data within an IP packet
is encrypted, but the header information is
not.

Tunnel Mode – Establishes two perimeter
tunnel servers to encrypt all traffic that will
traverse an unsecured network.