IAS 2 Reviewer Access Control PDF

Document Details

KindlySteelDrums

Uploaded by KindlySteelDrums

Tags

access control security information systems computer systems

Summary

This document provides an overview of access control approaches, focusing on the different methods used in computer systems. Includes several models with details on functions and characteristics. The document covers a range of access control types and concepts involved in authorization and authentication.

Full Transcript

IAS 2 Reviewer Attribute-based Access Control – an access control approach whereby the organization ACCESS CONTROL specifies the use of objects based on some...

IAS 2 Reviewer Attribute-based Access Control – an access control approach whereby the organization ACCESS CONTROL specifies the use of objects based on some attribute of the user of the system. Attribute – A characteristic of a subject that can be used to restrict to an object. ACCESS CONTROL MECHANISMS Four Fundamental Functions of Access Control Systems 1. Identification - User 2. Authentication - Prove 3. Authorization - Allowed The selective method by which the systems 4. Accountability – Track and Monitor specify who may use a particular resource and Identification – Seeks label or username how they may use it. known by the system. Discretionary Access Controls - access Authentication – Requires validation and controls that are implemented at the verification of an entity’s unsubstantiated judgment or option of the data user. 3 Authentication Factors Nondiscretionary Access Controls – access controls that are implement by a central 1. Something you know (Password, authority. Passphrases, Virtual Password) 2. Something you have (Smart Card, Lattice-based Access Control – Variation on Dumb Cards, Virtual Password) mandatory access controls that assigns users 3. Something you are (Fingerprints, a matrix of authorizations for particular areas. Palm prints, Hand geometry and Role-based Access Control – A topography, retina and iris scans, nondiscretionary control where privileges are voice pattern, signatures, tied to the role or job a user is performing. keyboard kinetic measurements) Task-based Access Control – A Authorization – matching of an authenticated nondiscretionary control where privileges are entity to a list of information assets and temporarily granted to a user based on their corresponding access levels. task. Accountability – ensures all actions on a Mandatory Access Control – A required, system – authorized or unauthorized – can be structured data classification scheme that attributed to an authenticated identity; also assigns a sensitivity or classification rating to known as auditability. each collection or information as well as each Biometrics Access Control – Use of user. physiological characteristics to provide authentication. Access Control Architecture Models 8 Primitive Protection Rights 1. TSSEC’s Trusted Computing Base: A 1. Create Object critical concept in the Trusted 2. Create Subject Computer System Evaluation Criteria 3. Delete Object (TCSEC) also known as the orange 4. Delete Subject book. Developed by the US 5. Read Access Right Department of Defense to evaluate 6. Grant Access Right and classify the security of computing 7. Delete Access Right systems. 8. Transfer Access Right 2. ITSEC – stands for Information 8. Harrison-Ruzzo-Ullman Model – An Technology Security Evaluation access control model designed to formally Criteria, a European set of standards specify how systems manage access rights developed in the early 1990s to and control who can access specific evaluate the security of information resources in a secure and structured manner. systems and products. Developed by Michael A. Harrison, Walter L. 3. Common Criteria – An International Ruzzo, and Jeffrey D. Ullman in 1976. Standard (ISO/IEC 15408) for Computer Security Certification. HRU is built on an access control 4. Bell-LaPadula Confidentiality Model matrix and includes a set of generic rights and – A formal security model focused on a specific set of commands. maintaining confidentiality in multi- level security systems. It was - Create Object/Subject developed in the early 1970s by David - Enter specific command or generic Bell and Leonard LaPadula. right into a subject or object 5. Biba Integrity Model – A formal model - Delete specific command or generic designed to maintain the integrity of right into a subject or object data in a system, ensuring that - Destroy Object/Subject information cannot be improperly 9. Zero Trust Architecture – An approach to altered. Developed by Kenneth J. Biba access control in IT Networks that does not in 1977. rely on trusting devices or network 6. Clark-Wilson Integrity Model – A connections. security model designed to ensure the integrity of data by enforcing well- formed transactions and preventing unauthorized or improper modifications. Developed by David D. Clark and David R. Wilson in 1987. 7. Graham-Denning Access Control Model – A formal security model that defines how subjects and objects can be securely managed within a computer system. FIREWALLS 7 OSI Layers A firewall is a system, or group of systems, that enforces an access control policy between networks. Common Properties 1. Firewalls are resistant to network attacks. 2. Firewalls are the only transit point between integral corporate networks and external networks because all traffic flows through firewalls. 3. Firewalls enforce the access control policy Benefits 1. Prevent exposure of sensitive hosts, resources, and applications to untrusted users. 2. Sanitize flow protocol, which prevents the exploitation of protocol flaws. TYPES OF FIREWALLS 3. Blocks malicious data from servers 1. Packet Filtering Firewalls – Usually a and clients. part of a router firewall, which permits 4. Reduce security management or denies traffic based on Layer 3 and complexity by off-loading most of Layer 4 information. network access control to a few 2. Stateful Firewalls – Provide stateful firewalls in the network. packet filtering by using connection Limitations information maintained in a state table. It’s classified at the network 1. A misconfigured firewall can be a layer. It also analyzes traffic at OSI single point of failure. Layer 4 and 5. 2. Data from many applications cannot 3. Application Gateway Firewall - be passed over firewalls securely. Filters information at Layers 3, 4, 5, 3. Users may try to install an unsafe and 7 of the OSI reference model. application bypassing the firewall that 4. Next-Generation Firewalls – can lead to exposure. Integrated intrusion prevention, 4. Network performance can slow down. application awareness and control to 5. Unauthorized traffic can be tunneled see block risky apps, upgrade paths to or hidden as legitimate traffic through include future information feeds, the firewall. techniques to address evolving security threats. 5. Host-based Firewall – A PC or server with firewall software running on it. 6. Transparent Firewall – Filters IP traffic 3. Stateful firewalls improve between a pair of bridged interfaces. performance over packet filters or 7. Hybrid Firewall – A combination of the proxy servers. various firewall. 4. Stateful firewalls defend against spoofing and DoS attacks by PACKET FILTERING BENEFITS AND determining whether packets LIMITATIONS belong to an existing connection or Advantages are from an unauthorized source. 5. Stateful firewalls provide more log 1. Packet filters implement simple information than a packet filtering permit or deny rule sets. firewall. 2. Packet filters have a low impact o network performance. Disadvantages 3. Packet filters are easy to 1. Stateful firewalls cannot prevent implement and are supported by application layer attacks because most routers. they do not examine the actual 4. Packet filters provide an initial contents of the HTTP connection. degree of security at the network 2. Not all protocols stateful. layer. 3. It’s difficult to track connections 5. Packet filters perform almost all that use dynamic port the tasks of a high-end firewall at a negotiations. much lower cost. 4. Stateful firewalls do not support Disadvantages user authentication. 1. Packet filters are susceptible to IP COMMON SECURITY ARCHITECTURES spoofing. 1. Firewall design is primarily about 2. Packet filters do not reliably filter device interfaces permitting or fragmented packets. denying traffic based on the source, 3. Packet filters use complex ACLs the destination, and the type of traffic. which can be difficult to 2. Public Network -> Untrusted, Private implement and maintain. Network -> Trusted 4. Packet filters cannot dynamically 3. Typically, a firewall with two interfaces filter certain services. is configures as follows: STATEFUL FIREWALL BENEFITS AND a. Traffic origination from the LIMITATIONS private network is permitted and inspected as it travels Advantages toward the public network. 1. Stateful firewalls are often used as b. Traffic originating from the a primary means of defense by public network and traveling to filtering unwanted, unnecessary, the private network is generally or undesirable traffic. blocked. 2. Stateful firewalls strengthen 4. A Demilitarized Zone (DMZ) is packet filtering by providing more firewall design where there is typically stringent control over security. one interface connected to the private network, one outside interface A Network Administrator must consider many connected to the public network, and factors when building a complete in-depth one DMZ interface. defense: a. Traffic origination from the 1. Firewalls typically do not stop private network is permitted intrusions that come from hosts and inspected as it travels within a network or zone. toward the public network. 2. Firewalls do not protect against b. Traffic originating from the rogue access point installations. DMZ network and traveling to 3. Firewalls do not replace backup the private network is usually and disaster recovery blocked. mechanisms resulting from attack c. Traffic originating from the or hardware failure. DMZ network and traveling to 4. Firewalls are no substitute for the public network is informed administrators and selectively permitted based on users. service requirements. d. Traffic originating from the BEST PRACTICES FOR FIREWALLS public network and traveling toward the DMZ is selectively 1. Position firewalls at security permitted and inspected. boundaries. e. Traffic originating from the 2. Deny all traffic by default. public network and traveling to 3. Permit only services that are needed. the private network is blocked. 4. Ensure that physical access to the 5. Zone-based Policy Firewalls use the firewall is controlled. concept of zones to provide additional 5. Regularly monitor firewall logs. flexibility. 6. Practice change management for a. A zone is a group of one or firewall configuration changes. more interfaces that have 7. Remember that firewalls primarily similar functions or features. protect from technical attacks originating from the outside. LAYERED DEFENSE 8. All traffic from the trusted network is allowed out. 1. Network Core Security – Protects 9. The firewall device is never directly against malicious software and accessible from the public network or traffic anomalies, enforces configuration or management network policies, and ensure purposes. survivability. 10. Simple Mail Transfer Protocol data is 2. Perimeter Security – Secures allowed to enter through the firewall boundaries between zones. but is routed to a well-configured 3. Communications Security – SMTP gateway to filer and route Provides information assurance messing traffic securely 4. Endpoint Security – Provides 11. All Internet Control Message Protocol identity and device security policy data should be denied. compliance 12. Telnet (Terminal Emulation) access 3. Kerberos Ticket Granting Service should be blocked to all internal – Provides tickets to clients who servers from the public networks. requested services. A ticket is an 13. All data that is not verifiably authentic identification card for a particular should be denied. client that verifies to the server that the client is requesting RADIUS, DIAMETER AND TACACS services. RADIUS and TACACS are systems that KERBEROS PRINCIPLES: authenticate the credentials of users who are trying to access an organization’s network via 1. Knows the secret keys of all clients and a dial-up connection servers on the network. 2. Initially exchanges information with Remote Authentication Dial-In User the client and server by using these Service: A computer connection system that secret keys. centralizes the management of user 3. Authenticates a client to a requested authentication by placing the responsibility for service on a server through TGS and by authenticating each user on a central issuing temporary session keys for authentication server. communications. Diameter Protocol: Defines the minimum Secure European System for Applications in requirements for a system that provides a Multivendor Environment (SESAME): An authentication, authorization, and accounting advanced network authentication protocol services. designed to enhance the security features of Terminal Access Controller Access Control Kerberos while addressing some of its System: Remote access authorization system limitations, especially for large-scale, that is based on a client/server configuration distributed environments. 3 Versions of TACACS Sesame separates its functions between two servers: the Authentication Server and the TACACS Privilege Attribute Server Extended TACACS AS – Verifies their identity TACACS+ - Uses dynamic passwords and PAS – handles the authorization by incorporates two-factor authentication. issuing PACs. Kerberos: An authentication system that uses symmetric key encryption to validate an individual user’s access to various network VIRTUAL PRIVATE NETWORK resources by keeping a database containing - A private, secure network operated the private keys of clients and servers that are over a public and insecure network; it in the authentication domain it supervises. uses encryption to protect the data 1. Authentication Server – between endpoints. Authenticates clients and servers. TYPES OF VPNs 2. Key Distribution Center – Generates and issues session keys 1. Trusted VPN – Also known as legacy VPN, a VPN implementation that uses leased circuits from a service provider who gives contractual assurance that no one else is allowed to use these circuits that they are properly maintained and protected. 2. Secure VPN – A VPN implementation that uses security protocols to encrypt traffic transmitted across unsecured public networks. 3. Hybrid VPN – A combination of trusted and secure VPN implementations. A VPN that proposes to offer a secure and reliable capability while relying on public networks must accomplish the following: 1. Encapsulation 2. Encryption 3. Authentication IPSec, the dominant protocol used in VPNs, uses either transport or tunnel mode. It can be used as a stand-alone protocol or coupled with the Layer Two Tunneling Protocol (L2TP). Transport Mode – The data within an IP packet is encrypted, but the header information is not. Tunnel Mode – Establishes two perimeter tunnel servers to encrypt all traffic that will traverse an unsecured network.

Use Quizgecko on...
Browser
Browser