Note: This notes were made using the following books: “CISPP Study Guide” and “CISSP for dummies”. The purpose of access control is to allow authorized users access to appropriate data and deny access to unauthorized users and the mission and purpose of access control is to protect the confidentiality, integrity, and availability of data. Access control is
performed by implementing strong technical, physical and administrative measures. Access control protect against threats such as unauthorized access, inappropriate modification of data, loss of confidentiality. CIA triad and his opposite (DAD) – see (My) CISSP Notes – Information Security Governance and Risk Management A subject is an active entity on a data system. Most examples of subjects involve people accessing data files. However, running computer programs are subjects as well. A Dynamic Link Library file or a Perl script that updates database files with new
information is also a subject. An object is any passive data within the system. Objects can range from databases to text files. The important thing remember about objects is that they are passive within the system. They do not manipulate other objects. Access control systems provide three essential services: Discretionary Access Control (DAC) gives subjects full control of objects they have been given access to, including sharing the objects with other subjects.
Subjects are empowered and control their data. Standard UNIX and Windows operating systems use DAC for filesystems. Major disadvantages of DAC include: Mandatory
Access Control (MAC) is system-enforced access control based on subject’s clearance and object’s labels. Subjects and Objects have clearances and labels, respectively, such as confidential, secret, and top secret. A subject may access an object only if the subject’s clearance is equal to or greater than the object’s label. Subjects cannot share objects with other subjects who lack the proper clearance, or “write down” objects to a lower classification level (such as from top
secret to secret). MAC systems are usually focused on preserving the confidentiality of data. In MAC, the system determines the access policy. Common MACs models includes Bell-La Padula, Biba, Clark-Wilson; for more infos about these models please see : (My) CISSP Notes – Security Architecture and Design . Major disadvantages of MAC control techniques include:
Access control administrationAn organization must choose the type of access control model : DAC or MAC. After choosing a model, the organization must select and implement different access control technologies and techniques. What is left to work out is how the organization will administer the access control model. Access control administration comes in two basic flavors: centralized and decentralized. Centralized access models systems maintains user account information in a central location. Centralized access control systems allow organizations to implement a more consistent, comprehensive security policy, but they may not be practical in large organizations. Exemples of centralized access control systems and protocols commonly used for authentication of remote users:
Decentralized access control allows IT administration to occur closer to the mission and operations of the organization. In decentralized access control, an organization spans multiple locations, and the local sites support and maintain independent systems, access control databases, and data. Decentralized access control is also called distributed access control. Access control defensive categories and typesAccess control is achieved throughout an entire et of control which , identified by purpose, include;
These access control types can fall into one of three categories: administrative, technical, or physical.
Preventive controls prevents actions from occurring. Detective controls are controls that alert during or after a successful attack. Corrective controls work by “correcting” a damaged system or process. The corrective access control typically works hand in hand with detective access controls. After a security incident has occurred, recovery controls may need to be taken in order to restore functionality of the system and organization. The connection between corrective and recovery controls is important to understand. For example, let us say a user downloads a Trojan horse. A corrective control may be the antivirus software “quarantine.” If the quarantine does not correct the problem, then a recovery control may be implemented to reload software and rebuild the compromised system. Deterrent controls deter users from performing actions on a system. Examples include a “beware of dog” sign: A compensating control is an additional security control put in place to compensate for weaknesses in other controls. Here are more clear-cut examples: Preventive
Detective
Deterrent
Authentication methodsA key concept for implementing any type of access control is controlling the proper authentication of subjects within the IT system. There are three basic authentication methods:
Biometric Enrollment and ThroughputEnrollment describes the process of registering with a biometric system: creating an account for the first time. Throughput describes the process of authenticating to a biometric system. Three metrics are used to judge biometric accuracy:
Types of biometric controlFingerprints are the most widely used biometric control available today. A retina scan is a laser scan of the capillaries which feed the retina of the back of the eye. An iris scan is a passive biometric control. A camera takes a picture of the iris (the colored portion of the eye) and then compares photos within the authentication database. In hand geometry biometric control, measurements are taken from specific points on the subject’s hand: “The devices use a simple concept of measuring and recording the length, width, thickness, and surface area of an individual’s hand while guided on a plate.” Keyboard dynamics refers to how hard a person presses each key and the rhythm by which the keys are pressed. Dynamic signatures measure the process by which someone signs his/her name. This process is similar to keyboard dynamics, except that this method measures the handwriting of the subjects while they sign their name. A voice print measures the subject’s tone of voice while stating a specific sentence or phrase. This type of access control is vulnerable to replay attacks (replaying a recorded voice), so other access controls must be implemented along with the voice print. Facial scan technology has greatly improved over the last few years. Facial scanning (also called facial recognition) is the process of passively taking a picture of a subject’s face and comparing that picture to a list stored in a database. Access control technologiesThere are several technologies used for the implementation of access control. Single Sign-On (SSO) allows multiple systems to use a central authentication server (AS). This allows users to authenticate once, and then access multiple, different systems. SSO is an important access control and can offer the following benefits:
The disadvantages of SSO are listed below and must be considered before implementing SSO on a system:
SSO is commonly implemented by third-party ticket-based solutions including Kerberos, SESAME or KryptoKnight. Kerberos is a third-party authentication service that may be used to support Single Sign-On. Kerberos uses secret key encryption and provides mutual authentication of both clients and servers. It protects against network sniffing and replay attacks. Kerberos has the following components:
Kerberos provides mutual authentication of client and server.Kerberos mitigates replay attacks (where attackers sniff Kerberos credentials and replay them on the network) via the use of timestamps. The primary weakness of Kerberos is that the KDC stores the plaintext keys of all principals (clients and servers). A compromise of the KDC (physical or electronic) can lead to the compromise of every key in the Kerberos realm. The KDC and TGS are also single points of failure. SESAME is Secure European System for Applications in a Multi-vendor Environment, a single sign-on system that supports heterogeneous environments. “SESAME adds to Kerberos: heterogeneity, sophisticated access control features, scalability of public key systems, better manageability, audit and delegation.”20 Of those improvements, the addition of public key (asymmetric) encryption is the most compelling. It addresses one of the biggest weaknesses in Kerberos: the plaintext storage of symmetric keys. Assessing access controlA number of processes exist to assess the effectiveness of access control. Tests with a narrower scope include penetration tests, vulnerability assessments, and security audits. Penetration testsPenetration tests may include the following tests:
A zero-knowledge (also called black box) test is “blind”; the penetration tester begins with no external or trusted information, and begins the attack with public information only. A full-knowledge test (also called crystal-box) provides internal information to the penetration tester, including network diagrams, policies and procedures, and sometimes reports from previous penetration testers. Penetration testers use the following methodology:
Vulnerability testingVulnerability scanning (also called vulnerability testing) scans a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching. A vulnerability testing tool such as Nessus (http://www.nessus.org) or OpenVAS (http://www.openvas.org) may be used to identify the vulnerabilities. Security auditA security audit is a test against a published standard. Organizations may be audited for PCI (Payment Card Industry) compliance, for example. PCI includes many required controls, such as firewalls, specific access control models, and wireless encryption. Security assessmentsSecurity assessments view many controls across multiple domains, and may include the following:
Which of the following is an example of a Type 2 authentication factor?Two-factor authentication methods rely on a user providing a password as the first factor and a second, different factor -- usually either a security token or a biometric factor, such as a fingerprint or facial scan.
Which of these protocol provides mutual authentication?Mutual authentication is most commonly associated with the Transport Layer Security (TLS) protocol, but it can be used by other protocols and in other contexts too.
What is authorization and authentication?Authentication and authorization are two vital information security processes that administrators use to protect systems and information. Authentication verifies the identity of a user or service, and authorization determines their access rights.
Which of the following describes a distinction between Kerberos and sesame?B. Kerberos uses symmetric encryption; SESAME uses asymmetric encryption.
|