Lecture 15 Access Control Processes - PowerPoint PPT Presentation

About This Presentation
Title:

Lecture 15 Access Control Processes

Description:

Title: Strategic Management of Information Technology Author: Barbara Hecker Last modified by: Barbara Hecker Created Date: 7/3/2002 3:36:07 AM Document presentation ... – PowerPoint PPT presentation

Number of Views:230
Avg rating:3.0/5.0
Slides: 90
Provided by: BarbaraH157
Category:

less

Transcript and Presenter's Notes

Title: Lecture 15 Access Control Processes


1
Lecture 15Access Control Processes
2
What is Access Control?
  • Access Control
  • Access control is the policy-driven limitation of
    access to systems, data, and dialogs
  • Prevent attackers from gaining access, stopping
    them if they do

3
What is Access Control?
  • First Steps
  • Enumeration of Resources
  • Sensitivity of Each Resource
  • Next, who Should Have Access?
  • Can be made individual by individual
  • More efficient to define by roles (logged-in
    users, system administrators, project team
    members, etc.)

4
Access Control
  • What Access Permissions (Authorizations) Should
    They Have?
  • Access permissions (authorizations) define
    whether a role or individual should have any
    access at all
  • If so, exactly what the role or individual should
    be allowed to do to the resource.
  • Usually given as a list of permissions for users
    to be able to do things (read, change, execute
    program, etc.) for each resource

5
Access Control
  • How Should Access Control Be Implemented?
  • For each resource, need an access protection plan
    for how to implement protection in keeping with
    the selected control policy
  • For a file on a server, for instance, limit
    authorizations to a small group, harden the
    server against attack, use a firewall to thwart
    external attackers, etc.

6
Access Control
  • Policy-Based Access Control and Protection
  • Have a specific access control policy and an
    access protection policy for each resource
  • Focuses attention on each resource
  • Guides the selection and configuration of
    firewalls and other protections
  • Guides the periodic auditing and testing of
    protection plans

7
Password-Based Access Control
8
Server Password Cracking
  • Reusable Passwords
  • A password you use repeatedly to get access to a
    resource on multiple occasions
  • Bad because attacker will have time to learn it
    then can use it
  • Difficulty of Cracking Passwords by Guessing
    Remotely
  • Usually cut off after a few attempts
  • However, if can steal the password file, can
    crack passwords at leisure

9
Server Password Cracking
  • Hacking Root
  • Super accounts (can take any action in any
    directory)
  • Hacking root in UNIX
  • Super accounts in Windows (administrator) and
    NetWare (supervisor)
  • Hacking root is rare usually can only hack an
    ordinary user account
  • May be able to elevate the privileges of the user
    account to take root action

10
Server Password Cracking
  • Physical Access Password Cracking
  • l0phtcrack
  • Lower-case L, zero, phtcrack
  • Password cracking program
  • Run on a server (need physical access)
  • Or copy password file and run l0phtcrack on
    another machine.

11
Server Password Cracking
  • Physical Access Password Cracking
  • Brute-force password guessing
  • Try all possible character combinations
  • Longer passwords take longer to crack
  • Using more characters also takes longer
  • Alphabetic, no case (26 possibilities)
  • Alphabetic, case (52)
  • Alphanumeric (letters and numbers) (62)
  • All keyboard characters (80)

12
Password Length
Password Length In Characters
Alphanumeric Letters Digits (N62)
All Keyboard Characters (N80)
Alphabetic, Case (N52)
Alphabetic, No Case (N26)
1
62
80
52
26
2 (N2)
3,844
6,400
2,704
676
4 (N4)
14,776,336
40,960,000
7,311,616
456,976
6
56,800,235,584
2.62144E11
19,770,609,664
308,915,776
8
2.1834E14
1.67772E15
5.34597E13
2.08827E11
10
8.39299E17
1.07374E19
1.44555E17
1.41167E14
13
Server Password Cracking
  • Physical Access Password Cracking
  • Brute Force Attacks
  • Try all possible character combinations
  • Slow with long passwords length
  • Dictionary attacks
  • Try common words (password, ouch, etc.)
  • There are only a few thousand of these
  • Cracked very rapidly
  • Hybrid attacks
  • Common word with single digit at end, etc.

14
Server Password Cracking
  • Password Policies
  • Good passwords
  • At least 6 characters long
  • Change of case not at beginning
  • Digit (0 through 9) not at end
  • Other keyboard character not at end
  • Example triV6ial

15
Server Password Cracking
  • Password Policies
  • Testing and enforcing password policies
  • Run password cracking program against own servers
  • Caution requires approval! SysAdmins have been
    fired for doing this without permissionand
    should be
  • Password duration policies How often passwords
    must be changed

16
Server Password Cracking
  • Password Policies
  • Password sharing policies Generally, forbid
    shared passwords
  • Removes ability to learn who took actions loses
    accountability
  • Usually is not changed often or at all because of
    need to inform all sharers

17
Server Password Cracking
  • Password Policies
  • Disabling passwords that are no longer valid
  • As soon as an employee leaves the firm, etc.
  • As soon as contractors, consultants leave
  • In many firms, a large percentage of all accounts
    are for people no longer with the firm

18
Server Password Cracking
  • Password Policies
  • Lost passwords
  • Password resets Help desk gives new password for
    the account
  • Opportunities for social engineering attacks
  • Leave changed password on answering machine
  • Biometrics voice print identification for
    requestor (but considerable false rejection rate)

19
Server Password Cracking
  • Password Policies
  • Lost passwords
  • Automated password resets
  • Employee goes to website
  • Must answer a question, such as In what city
    were you born?
  • Problem of easily-guessed questions that can be
    answered with research

20
UNIX/etc/passwd File Entries
Without Shadow Password File
With Shadow Password File
Pleex473Pat Lee/usr/plee//bin/csh
The x indicates that the password is stored in a
separate shadow password file
21
UNIX/etc/passwd File Entries
  • Unix passwd File
  • Contains the username, password, and other
    information is semi-standard form
  • In the /etc directory that is accessible to
    anyone
  • Anyone can steal the passwd file and crack the
    passwords
  • Unix Shadow File
  • Newer versions of Unix store passwords in a
    protected shadow file
  • In the passwd file, there is an x in the password
    position

22
Server Password Cracking
  • Password Policies
  • Encrypted (hashed) password files
  • Passwords not stored in readable form
  • Encrypted with DES or hashed with MD5
  • In UNIX, etc/passwd puts x in place of password
  • Encrypted or hashed passwords are stored in a
    different (shadow) file to which only high-level
    accounts have access

23
Password Hashing (or Encryption)
2. Hash My4Bad 11110000
1. User Lee Password My4Bad
3. Hashes Match
Client PC User Lee
Hashed Password File Brown 11001100 Lee 11110000 C
hun 00110011 Hatori 11100010
4. Hashes Match, So User is Authenticated
24
Server Password Cracking
  • Password Policies
  • Windows passwords
  • Obsolete LAN manager passwords (7 characters
    maximum) should not be used
  • Windows NTLM passwords are better
  • Option (not default) to enforce strong passwords

25
Server Password Cracking
  • Shoulder Surfing
  • Watch someone as they type their password
  • Keystroke Capture Software
  • Professional versions of windows protect RAM
    during password typing
  • Consumer versions do not
  • Trojan horse throws up a login screen later,
    reports its finding to attackers

26
Server Password Cracking
  • Windows Client PC Software
  • Consumer version login screen is not for security
  • Windows professional and server versions provide
    good security with the login password
  • BIOS passwords allow boot-up security
  • Can be disabled by removing the PCs battery
  • But during a battery removal, the attacker will
    be very visible
  • Screen savers with passwords allow away-from-desk
    security after boot-up

27
  • Physical Building Security

28
Building Security
  • Building Security Basics
  • Single point of (normal) entry to building
  • Fire doors, etc. use closed-circuit television
    (CCTV) and alarms to monitor them
  • Security centers
  • Monitors for closed-circuit TV (CCTV)
  • Videotapes that must be retained (Dont reuse too
    much or the quality will be bad)
  • Alarms

29
Building Security
  • Building Security Basics
  • Interior doors to control access between parts of
    the building
  • Piggybacking holding the door open so that
    someone can enter without identification defeats
    this protection
  • Enforcing policies You get what you enforce
  • Training security personnel
  • Training all employees

30
Building Security
  • Building Security Basics
  • Phone stickers with security center phone number
  • Thwarting piggybacking by employee education and
    sanctions for allowing it
  • Dumpster diving by keeping Dumpsters in locked,
    lighted area
  • Drive shredding programs for discarded disk
    drives that do more than reformat drives

31
Physical building Cabling
3. Entrance Facility with Termination Equipment
6. Vertical Riser Space
5. Core Switch (Chassis)
4. Router
2. To WAN
1. Equipment Room (Usually in Basement)
32
Physical building Cabling
  • Vertical
  • Distribution

5. Horizontal Distribution
4. Workgroup Switch
3. Telecommunications Closet on Floor
2. Optical Fiber One Pair per Floor
33
Physical building Cabling
Horizontal and Final Distribution
Workgroup Switch in Telecoms Closet
1. Horizontal Distribution One 4-Pair UTP Cord
34
Building Security
  • Data Wiring Security
  • Telecommunications closets should be locked
  • Wiring conduits should be hard to cut into
  • Servers rooms should have strong access security

35
Access Cards and Tokens
36
Access Cards
  • Magnetic Stripe Cards
  • Smart Cards
  • Have a microprocessor and RAM
  • More sophisticated than mag stripe cards
  • Release only selected information to different
    access devices

37
Access Cards
  • Tokens
  • Small device with constantly-changing password
  • Or device that can plug into USB port or another
    port
  • Proximity Tokens
  • Use short-range radio transmission
  • Can be detected and tested without physical
    contact
  • Allows easier access used in Tokyo subways

38
Access Cards
  • Card Cancellation
  • Requires a central system
  • PINs
  • Personal Identification Numbers
  • Short about 4 digits
  • Can be short because attempts are manual (10,000
    combinations to try with 4 digits)

39
Access Cards
  • PINs
  • Should not allow obvious combinations (1111,
    1234) or important dates
  • Provide two-factor authentication
  • E.g., PIN and card
  • Dont allow writing PIN on card

40
Biometric Authentication
41
Biometric Authentication
  • Biometric Authentication
  • Authentication based on body measurements and
    motions
  • Because you always bring your body with you
  • Biometric Systems
  • Enrollment
  • Later access attempts
  • Acceptance or rejection

42
Biometric Authentication System
1. Initial Enrollment
User Lee Scanning
User Lee Template (01101001)
Processing (Key Feature Extraction) A01, B101,
C001
Template Database Brown 10010010 Lee
01101001 Chun 00111011 Hirota 1101110

3. Match Index Decision Criterion (Close Enough?)
2. Subsequent Access
Applicant Scanning
User Access Data (01111001)
Processing (Key Feature Extraction) A01, B111,
C001
43
Biometric Authentication
  • Verification Versus Identification
  • Verification Are applicants who they claim to
    be? (compare with single template)
  • Identification Who is the applicant? (compare
    with all templates)
  • More difficult than verification because must
    compare to many templates
  • Watch list is this person a member of a specific
    group (e.g., known terrorists)
  • Intermediate in difficulty

44
Biometric Authentication
  • Verification Versus Identification
  • Verification is good for replacing passwords in
    logins
  • Identification is good for door access and other
    situations where entering a name would be
    difficult

45
Biometric Authentication
FAR
  • Precision
  • False acceptance rates (FARs) Percentage of
    unauthorized people allowed in
  • Person falsely accepted as member of a group
  • Person allowed through a door who should be
    allowed through it
  • Very bad for security

46
Biometric Authentication
FRR
  • Precision
  • False rejection rates (FRRs) Percentage of
    authorized people not recognized as being members
    of the group
  • Valid person denied door access or server login
    because not recognized
  • Can be reduced by allowing multiple access
    attempts
  • High FRRs will harm user acceptance because users
    are angered by being falsely forbidden

47
Biometric Authentication
  • Precision
  • Vendor claims for FARs and FRRs tend to be
    exaggerated because they often perform tests
    under ideal circumstances
  • For instance, having only small numbers of users
    in the database
  • For instance, by using perfect lighting,
    extremely clean readers, and other conditions
    rarely seen in the real world

48
Biometric Authentication
  • User Acceptance is Crucial
  • Strong user resistance can kill a system
  • Fingerprint recognition may have a criminal
    connotation
  • Some methods are difficult to use, such as iris
    recognition, which requires the eye to be lined
    up carefully.
  • These require a disciplined group

49
Biometric Authentication
  • Biometric Methods
  • Fingerprint recognition
  • Dominates the biometric market today
  • Based on a fingers distinctive pattern of
    whorls, arches, and loops
  • Simple, inexpensive, well-proven
  • Weak security can be defeated fairly easily with
    copies
  • Useful in modest-security areas

50
Biometric Authentication
  • Biometric Methods
  • Iris recognition
  • Pattern in colored part of eye
  • Very low FARs
  • High FRR if eye is not lined up correctly can
    harm acceptance
  • Reader is a cameradoes not send light into the
    eye!

51
Biometric Authentication
  • Biometric Methods
  • Face recognition
  • Can be put in public places for surreptitious
    identification (identification without citizen
    or employee knowledge). More later.
  • Hand geometry shape of hand
  • Voice recognition
  • High error rates
  • Easy to fool with recordings

52
Biometric Authentication
  • Biometric Methods
  • Keystroke recognition
  • Rhythm of typing
  • Normally restricted to passwords
  • Ongoing during session could allow continuous
    authentication
  • Signature recognition
  • Pattern and writing dynamics

53
Biometric Authentication
  • Biometric Standards
  • Almost no standardization
  • Worst for user data (fingerprint feature
    databases)
  • Get locked into single vendors

54
Biometric Authentication
  • Can Biometrics be Fooled?
  • Airport face recognition
  • Identification of people passing in front of a
    camera
  • False rejection rate rate of not identifying
    person as being in the database
  • Fail to recognize a criminal, terrorist, etc.
  • FRRs are bad

55
Biometric Authentication
  • Can Biometrics be Fooled?
  • Airport face recognition
  • 4-week trial of face recognition at Palm Beach
    International Airport
  • Only 250 volunteers in the user database
    (unrealistically small)
  • Volunteers were scanned 958 times during the
    trial
  • Only recognized 455 times! (47)
  • 53 FRR

56
Biometric Authentication
  • Can Biometrics be Fooled?
  • Airport face recognition
  • Recognition rate fell if wore glasses (especially
    tinted), looked away
  • Would be worse with larger database
  • Would be worse if photographs were not good

57
Biometric Authentication
  • Can Biometrics be Fooled?
  • DOD Tests indicate poor acceptance rates when
    subjects were not attempting to evade
  • 270-person test
  • Face recognition recognized person only 51
    percent of time
  • Even iris recognition only recognized the person
    94 percent of the time!

58
Biometrics Authentication
  • Can Biometrics be Fooled?
  • Other research has shown that evasion is often
    successful for some methods
  • German ct magazine fooled most face and
    fingerprint recognition systems
  • Prof. Matsumoto fooled fingerprint scanners 80
    percent of the time with a gelatin finger created
    from a latent (invisible to the naked eye) print
    on a drinking glass

59
802.11 Wireless LAN Security
60
802.11 Wireless LAN (WLAN) Security
  • 802.11 Wireless LAN Family of Standards
  • Basic Operation (Figure 2-12 on next slide)
  • Main wired network for servers (usually 802.3
    Ethernet)
  • Wireless stations with wireless NICs
  • Access points
  • Access points are bridges that link 802.11 LANs
    to 802.3 Ethernet LANs

61
802.11 Wireless LAN
802.11 Frame Containing Packet
(3)
(1)
62
802.11 Wireless LAN
(2)
802.3 Frame Containing Packet
(1)
(3)
63
802.11 Wireless LAN (WLAN) Security
  • Basic Operation
  • Propagation distance farther for attackers than
    users
  • Attackers can have powerful antennas and
    amplifiers
  • Attackers can benefit even if they can only read
    some messages
  • Dont be lulled into complacency by internal
    experiences with useable distances

64
802.11 Wireless LAN Standards
Standard
Rated Speed (a)
Unlicensed Radio Band
Effective Distance (b)
802.11b
11 Mbps
2.4 GHz
30-50 meters
802.11a
54 Mbps
5 GHz
10-30 meters
802.11g
54 Mbps
2.4 GHz
?
Notes (a) Actual speeds are much lower and
decline with distance. (b) These are distances
for good communication attackers can read some
signals and send attack frames from longer
distances.
65
802.11 Wireless LAN (WLAN) Security
  • Apparent 802.11 Security
  • Spread spectrum transmission does not provide
    security
  • Signal is spread over a broad range of
    frequencies
  • Methods used by military are hard to detect
  • 802.11 spread spectrum methods are easy to detect
    so devices can find each other
  • Used in 802.11 to prevent frequency-dependent
    propagation problems rather than for security

66
802.11 Wireless LAN (WLAN) Security
  • Apparent 802.11 Security
  • SSIDs
  • Mobile devices must know the access points
    service set identifier (SSID) to talk to the
    access point
  • Usually broadcast frequently by the access point
    for ease of discovery, so offers no security.
  • Sent in the clear in messages sent between
    stations and access points

67
802.11 Wireless LAN (WLAN) Security
  • Wired Equivalent Privacy (WEP)
  • Biggest security problem Not enabled by default
  • 40-bit encryption keys are too small
  • Nonstandard 128-bit (really 104-bit) keys are
    reasonable interoperable

68
802.11 Wireless LAN (WLAN) Security
  • Wired Equivalent Privacy (WEP)
  • Shared passwords
  • Access points and all stations use the same
    password
  • Difficult to change, so rarely changed
  • People tend to share shared passwords too widely
  • Flawed security algorithms
  • Algorithms were selected by cryptographic
    amateurs

69
802.11 Wireless LAN (WLAN) Security
  • 802.1x and 802.11i (Figure 2-14)
  • Authentication server
  • User data server
  • Individual keys give out at access point

70
802.1x Authentication for 802.11i WLANs
RADIUS Server
2. Pass on Request to RADIUS Server
1. Authentication Data
4. Accept Applicant KeyXYZ
5. OK Use Key XYZ
3. Get User Lees Data (Optional RADIUS Server
May Store This Data)
Directory Server or Kerberos Server
71
802.11 Wireless LAN (WLAN) Security
  • 802.1x and 802.11
  • Control access when the user connects to the
    network
  • At a wired RJ-45 jack
  • At a wireless access point
  • 802.1x is a general approach to port
    authentication
  • 802.11i is the implementation of 802.1x on 802.11
    wireless LANs

72
802.11 Wireless LAN (WLAN) Security
  • 802.1x and 802.11
  • Extensible Authentication Protocol (EAP)
  • Supports multiple forms of authentication
  • EAP-TLS
  • EAP-TTLS
  • PEAP

73
802.11 Wireless LAN (WLAN) Security
  • 802.1x and 802.11
  • Extensible Authentication Protocol (EAP)
  • Authentication mechanisms
  • Passwords
  • Simple and inexpensive to implement
  • Low security
  • Digital Certificate
  • Complex and expensive to install digital
    certificates on many devices
  • Very strong authentication

74
802.11 Wireless LAN (WLAN) Security
Client Authentication Access Point Authentication Comment
EAP-TLS Digital Certificate orNothing at all Digital Certificate Expensive client authentication or none
EAP-TTLS Password or other authentication method Digital Certificate Fits reality that many users have passwords
PEAP (Protected EAP) Password or other authentication method Digital Certificate Strong. Supported by Microsoft, Cisco, and RSA
75
802.11 Wireless LAN (WLAN) Security
  • TLS
  • The default for 802.11i security but choice of
    either digital certificates for clients or no
    client authentication is undesirable
  • PEAP and TTLS
  • Very similar in terms of the authentication
    methods they support
  • PEAP is supported by Microsoft, Cisco, and RSA
  • TTLS is supported by a consortium of other vendors

76
802.11 Wireless LAN (WLAN) Security
  • 802.1x and 802.11i (Figure 2-14)
  • After authentication, the client must be given a
    key for confidentiality
  • Temporal Key Integrity Protocol (TKIP) is used in
    802.11i and 802.1x
  • Key changed every 10,000 frames to foil data
    collection for key guessing
  • This is an Advanced Encryption Standard (AES) key

77
Wi-Fi and WPA
  • Wi-Fi Alliance
  • Industry group that certifies 802.11 systems
  • Created the Wi-Fi Protected Access (WPA) system
    in 2002
  • WPA is basically 802.11i
  • But does not use AES keys
  • Many installed wireless products can be upgraded
    to WPA
  • Stop-gap measure before 802.11i

78
802.11i Today
  • 802.11i standard was released in July 2004
  • But products started appearing in 2003
  • What must firms do?
  • Throw out WEP-only products
  • In security, legacy technologies are not
    acceptable
  • Decide if it can have WPA and 802.11i products
    co-exist

79
802.11 Wireless LAN (WLAN) Security
  • Virtual Private Networks (VPNs)
  • Add security on top of network technology to
    compensate for WLAN weaknesses
  • Discussed in Chapter 8

WLAN, etc.
VPN
80
The Situation Today in Wireless Security
  • Wireless security is poor in most installations
    today
  • The situation is improving, and technology will
    soon be good
  • But old installations are likely to remain weak
    links in corporate security

81
Topics Covered
  • Policy-Driven Access Control
  • Identify resources
  • Create an access policy for each
  • Let the policy drive implementation and testing

82
Topics Covered
  • Password-Based Access Control
  • Reusable passwords are inexpensive because built
    into servers
  • Usually weak because people often pick cracked
    passwords
  • Hacking root is a key goal
  • Password resets are necessary but dangerous

83
Topics Covered
  • Building Security
  • Single point of (normal) entry to building
  • Fire doors, etc. use CCTV and alarms
  • Security centers
  • Interior doors locked (but piggybacking)
  • Dumpster diving control
  • Securing building wiring, including
    telecommunications closets

84
Topics Covered
  • Access Cards and Tokens
  • Magnetic strip cards
  • Smart cards with CPU and Memory
  • Tokens
  • Tokens with constantly-changing passwords
  • Tokens that plug into USB ports
  • Proximity cards with radio communication
  • Pins can be short because of manual entry

85
Topics Covered
  • Biometric Authentication
  • Can replace reusable passwords
  • Fingerprint scanning dominates biometrics
  • Inexpensive, somewhat secure
  • Iris recognition is more precise
  • Face recognition can be done surreptitiously
  • Identification vs verification vs watch list
  • FARs and FRRs
  • Often easily deceived by attackers

86
Topics Covered
  • 802.11 Wireless LAN Security
  • Signals travel outside building, allowing
    drive-by hacking
  • Initial security was WEP
  • Often not even turned on
  • Very easily cracked because uses shared static
    key for both confidentiality and authentication
  • Some firms added passwords and/or VPNs to allow
    secure communication anyway

87
Topics Covered
  • 802.11 Wireless LAN Security
  • Now, 802.11i security
  • Based on 802.1x security for wired LANs
  • Sophisticated authentication
  • EAP supports multiple methods
  • Not a single standard, so problems with equipment
    interoperability
  • Strong AES confidentiality

88
Topics Covered
  • 802.11 Wireless LAN Security
  • Now, 802.11i security
  • Requires an infrastructure
  • Central authentication server
  • Adequate for corporate needs
  • Today
  • Buy only 802.11i equipment
  • See if can keep WPA (post-WEP/pre-802.11i)
    products
  • Discard WEP products

89
End of Lecture
Write a Comment
User Comments (0)
About PowerShow.com