Defenisi Access Controls
β’
Access control
is the collection of
mechanisms that permits managers of
a system to exercise a directing or
restraining influence over the behavior,
use, and content of a system. It
use, and content of a system. It
Lingkup Materi Access Controls
β’
Konsep Access control
β’
Metodologi Access control
β’
Implementation within centralized and
decentralized environments across the
enterpriseβs computer systems.
β’
Access control techniques, detective
Overview Access Control
ο§ Access Controls: The security features that control how users and systems communicate and interact with one another.
ο§ Access: The flow of information between subject and object
ο§ Subject: An active entity that requests access
ο§ Subject: An active entity that requests access to an object or the data in an object
Terminologi dalam Akses Kontrol
Accountable person who desires access
User or process
acting for person Potential actions that may be applied
Resource subject to access control
Secure Computing: Threats and Safeguards, 1997, Rita C. Summers
Computer Security, 1996, John Carroll
Subject Subject Rights Object
User
Identifier User Identifier Access Control List Data Identifier
Computer Communications Security, 1994,
Warwick Ford
X/Open Distributed Security Framework, 1994, The Open Group
CORBA Security Services Specification 1.0, 1996,
Identifier Identifier Control List
User Access Target
Permissions Initiator
User Initiator ACL Target
Target ACL Initiator
Prinsip Keamanan
ο§
The three main security principles
also pertain to access control:
β’
Availability
β’
Integrity
β’
Integrity
Prinsip Keamanan :
Mengukur Nilai informasi β Segitiga CIA
The value of information comes from the
characteristics it possesses
Prinsip Keamanan : Model
ISO untuk Otorisasi
Access Control
Enforcement Function Resource
Principal
Identity,
Access Request Access
Prinsip Keamanan : Konsep
Manajemen Privilege
Who are
you? Prove it! your stuff...Hereβs
Identification Authentication Authorization
ο§ Identification:The presentation of
Identifikasi, Otentikasi, dan Otorisasi
ο§
Identification, Authentication, and
Authorization are distinct functions.
1. Identification 2. Authentication 3. Authorization 3. Authorization
ο§
Identity Management:
A broad term to
include the use of different products to
identify, authenticate, and authorize
Identifikasi
ο§
Identification
β’ Method of establishing the subjectβs (user, program, process) identity.
Β» Use of user name or other public information.
information.
Β» Know identification component requirements.
Otentikasi
ο§
Authentication
β’ Method of proving the identity.
Β» Something a person is, has, or does.
Β» Use of biometrics, passwords, passphrase, token, or other private information.
token, or other private information.
ο§
Strong Authentication is important
ο§ Authentication: proven assertion of identity
β’ Userid and password
Otentikasi
ο§
Passwords
β’ User name + password most common identification, authentication scheme.
β’ Weak security mechanism, must implement strong password protections
Otentikasi
ο§
Techniques to attack passwords
β’ Electronic monitoring
β’ Access the password file β’ Brute Force Attacks
β’ Dictionary Attacks β’ Dictionary Attacks β’ Social Engineering
ο§
Know difference between a password
Otentikasi
ο§
Passphrase
β’ Is a sequence of characters that is longer than a password.
β’ Takes the place of a password.
β’ Can be more secure than a password β’ Can be more secure than a password
Otentikasi
ο§
One Time Passwords (aka Dynamic
Passwords)
β’ Used for authentication purposes and are only good once.
Otentikasi
ο§ Two types of Token
Devices (aka Password Generator)
β’ Synchronous
Β» Time/event Based
Β» Using one-time password or hashed values
or hashed values
Β» Authentication server knows expected value from the token
Β» Counter Synchronization
Token: Two Factor Authentication
ο§
First factor:
what user
knows
ο§
Second factor:
what user
Otentikasi
ο§
Second factor:
what user
has
Token: Two Factor Authentication
Otentikasi
Smart Cards and Memory Cards
β’ Memory Cards: Holds but cannot process information.
β’ Smart Cards: Holds and can process information.
Β» Contact
Otentikasi
ο§
Attacks on Smart Cards
β’ Fault Generation β’ Microprobing
β’ Side Channel Attacks (nonintrusive attacks)
Β» Differential Power Analysis Β» Differential Power Analysis Β» Electromagnetic Analysis Β» Timing
Otentikasi
Hashing & Encryption
β’ Hash or encrypting a password to ensure that passwords are not sent in clear text (means extra security)
ο§
Windows environment, know syskey
ο§
Windows environment, know syskey
modes.
Password Hashes
ο§ LM hash is weak, no longer used in Win 7
ο§ NT hash is stronger, but not salted
Otentikasi
ο§
Cryptographic Keys
β’ Use of private keys or digital signatures to prove identity
ο§
Private Key
ο§
Digital Signature
Otentikasi
ο§ Biometrics
β’ Verifies an identity by analyzing a unique person attribute or behavior (e.g., what a person βisβ).
ο§ Most expensive way to prove identity, also has difficulties with user acceptance.
has difficulties with user acceptance.
Otentikasi
ο§
Most common biometric systems:
β’ Fingerprint β’ Palm Scan
β’ Hand Geometry β’ Iris Scan
β’ Iris Scan
β’ Signature Dynamics β’ Keyboard Dynamics β’ Voice Print
β’ Facial Scan
Otentikasi
ο§
Biometric systems can be hard to
compare.
ο§
Type I Error: False rejection rate.
ο§
Type II Error: False acceptance rate.
β’ This is an important error to avoid.
Otorisasi
ο§
Authorization
β’
Determines that the proven identity has
some set of characteristics associated
with it that gives it the right to access
the requested resources.
Otorisasi
ο§
Access Criteria can be thought of as:
β’
Roles
β’
Groups
β’
Location
β’
Location
β’
Time
Otorisasi
ο§
Authorization concepts to keep in
mind:
β’
Authorization Creep
β’
Default to Zero
β’
Default to Zero
Otorisasi
ο§
Problems in controlling access to
assets:
β’
Different levels of users with different
levels of access
levels of access
β’
Resources may be classified differently
β’
Diverse identity data
Otorisasi
ο§
Solutions that enterprise wide and single
sign on solutions supply:
β’ User provisioning
β’ Password synchronization and reset β’ Self service
β’ Self service
β’ Centralized auditing and reporting
Otorisasi
ο§
Single Sign On Capabilities
β’ Allow user credentials to be entered one time and the user is then able to access all
resources in primary and secondary network domains
ο§
SSO technologies include:
ο§
SSO technologies include:
β’ Kerberos β’ Sesame
ο§ Authentication
β’ Use a unique identifierβ
Β» Example: user ID, Account number, PIN
β’ 3 main datum used for authentication
Β» Something requester know
β Passwords β Pass-phrases
Β» Something the requester is
Step dalam Mengakses Sistem
Β» Something the requester is
β Biometrics
β Physical characteristics
Β» Something the requester has
β Tokens (one-time passwords, time synchronized token) β Smart Cards
β USB Tokens
Model Access Control
ο§
Access Control Models
Three Main Types
1. Discretionary
2. Mandatory
2. Mandatory
Model Access Control
ο§
Discretionary Access Control (DAC)
β’ A system that uses discretionary access
control allows the owner of the resource to specify which subjects can access which
resources. resources.
Model Access Control
ο§
Mandatory Access Control (MAC)
β’ Access control is based on a security labeling system. Users have security clearances and resources have security labels that contain data classifications. labels that contain data classifications.
β’ This model is used in environments where information classification and
Model Access Control
ο§
Non-Discretionary (Role Based)
Access Control Models
β’ Role Based Access Control (RBAC) uses a centrally administered set of controls to determine how subjects and objects
determine how subjects and objects interact.
Teknologi Access Control
ο§ There are a number of different access controls and technologies available to support the different models.
β’ Rule Based Access Control
β’ Constrained User Interfaces
β’ Constrained User Interfaces
β’ Access Control Matrix
β’ Content Dependent Access Control
Teknologi Access Control
ο§
Rule Based Access Control
β’ Uses specific rules that indicate what can and cannot happen between a subject and an object.
an object.
β’ Not necessarily identity based.
β’ Traditionally, rule based access control has been used in MAC systems as an
Teknologi Access Control
ο§ Constrained User Interfaces
β’ Restrict userβs access abilities by not allowing them certain types of access, or the ability to request certain functions or information
ο§ Three major types
ο§ Three major types
β’ Menus and Shells
β’ Database Views
Teknologi Access Control
ο§ Access Control Matrix
β’ Is a table of subjects and objects indicating what actions individual subjects can take upon
individual objects.
ο§ Two types
ο§ Two types
β’ Capability Table (bound to a subject)
Access Control Matrix
READ WRITE READ WRITE READ READ READ Bob AliceA B C D
Resources
Principals
Bobβs
Access Control System
Bob carries around Identity AZN System checks Principal identity
Teknologi Access Control
READ WRITE READ WRITE READ WRITE READ READ READ
READ WRITE READ READ Alpha n Alpha 1 Eve β¦ Bobβs Capability List
A collection of principals with the same rights forms a Group
Principal identity
Capability Based System
Bob carries around Capability List AZN System checks
Teknologi Access Control
ο§ Content Dependent Access Control:
Access to an object is determined by the content within the object.
ο§ Context Based Access Control: Makes
ο§ Context Based Access Control: Makes access decision based on the context of a
Administrasi Access Control
ο§ First an organization must choose the access control model (DAC, MAC, RBAC).
ο§ Then the organization must select and implement different access control technologies.
ο§ Access Control Administration comes in two basic forms:
forms:
β’ Centralized
Administrasi Access Control
ο§ Centralized Access Control Administration:
β’ One entity is responsible for overseeing access to all corporate resources.
β’ Provides a consistent and uniform method of controlling access rights.
controlling access rights.
Β» Protocols: Agreed upon ways of communication Β» Attribute Value Pairs: Defined fields that accept
certain values.
Administrasi Access Control
ο§ Decentralized Access Control Administration:
β’ Gives control of access to the people who are closer to the resources
β’ Has no methods for consistent control, lacks proper consistency.
Metode Access Control
ο§ Access controls can be implemented at
various layers of an organization, network, and individual systems
ο§ Three broad categories:
β’ Administrative (aka Management)
β’ Administrative (aka Management)
β’ Physical (aka Operational)
ο§
Administrative
β’ Examples: separation of duties, dual control, etc
ο§
Physical
Metode Access Control
ο§
Physical
β’ Examples: fences, alarms, badges, CCTV, etc
ο§
Technical
Metode Access Control
ο§
Administrative Controls
β’ Policy and Procedure β’ Personnel Controls
Β» Separation of Duties Β» Rotation of Duties Β» Rotation of Duties Β» Mandatory Vacation
β’ Supervisory Structure
Metode Access Control
ο§ Physical Controls
β’ Network Segregation
β’ Perimeter Security
β’ Computer Controls
β’ Work Area Separation
β’ Work Area Separation
β’ Data Backups
β’ Cabling
Metode Access Control
ο§ Technical (Logical) Controls
β’ System Access
β’ Network Architecture
β’ Network Access
β’ Encryption and protocols
Tipe-tipe Access Control
ο§ Each control works at a different level of granularity, but can also perform several functions
ο§ Access Control Functionalities
β’ Prevent
β’ Detect
β’ Detect
β’ Correct
β’ Deter
β’ Recover
ο§ Preventive Access controls
β’ Avoid having unwanted actions/events by blocking the ability to do them.
ο§ Detective
β’ Identify unwanted actions or events after they occur.
ο§ Corrective
β’ Remedy circumstances that enabled the unwanted activity. β’ Return to state prior to the unwanted activity.
Tipe-tipe Access Control
β’ Return to state prior to the unwanted activity.
ο§ Directive
β’ Dictated by higher authority in laws or regulations or those specified in organization policy
ο§ Deterrent
Preventive Controls
ο§
Block or control specific events
β’ Firewalls
β’ Anti-virus software
Tipe-tipe Access Control
β’ Anti-virus software β’ Encryption
β’ Key card systems
ο§ Deterrent Controls
β’ Highly visible
β’ Prevent offenses by influencing choices of would-be intruders
Tipe-tipe Access Control
ο§ Detective Controls
ο§ Corrective Controls
β’ Post-event controls to prevent recurrence
β’ βCorrectiveβ refers to when it is implemented
β’ Examples (if implemented after an incident)
Β» Spam filter
Tipe-tipe Access Control
Β» Anti-virus on e-mail server Β» WPA Wi-Fi encryption
ο§ Recovery Control
Compensating Controls
ο§ Control that is introduced that
compensates for the absence or failure of a control
ο§ βCompensatingβ refers to why it is
Tipe-tipe Access Control
ο§ βCompensatingβ refers to why it is implemented
ο§ Examples
β’ Daily monitoring of anti-virus console
Hubungan Metode dan Tipe Access Control
Controls Administrative Technical Physical
Directive Policy Warning Banner βDo Not Enterβ
Deterrent Demotion Violation
Reports βBeware of Dogβ Preventive User Registration Passwords, Tokens Fences, Bollards
Registration Tokens Bollards
Detective Report Reviews Audit Logs, IDS Sensors, CCTV
Corrective Employee Termination Connection Management Fire Extinguisher
Recovery DRP Backups Reconstruct,
Akuntabilitas
ο§
Accountability is tracked by recording
user, system, and application activities.
ο§
Audit information must be reviewed
β’ Event Oriented Audit Review
β’ Real Time and Near Real Time Review β’ Real Time and Near Real Time Review β’ Audit Reduction Tools
Akuntabilitas
ο§ Other accountability conceptsβ¦
ο§ Keystroke Monitoring
β’ Can review and record keystroke entries by a user during an active session.
β’ A hacker can also do this
β’ May have privacy implications for an organization
Penerapan Access Control
ο§
Know the access control tasks that need
to be accomplished regularly to ensure
satisfactory security. Best practices
include:
β’ Deny access to anonymous accounts β’ Enforce strict access criteria
Penerapan Access Control
ο§ Unauthorized Disclosure of Information
β’ Object Reuse
β’ Data Hiding
ο§ Emanation Security (Security to block electrical signals from
electronic equipment.)
β’ Tempest : a project started by the DoD and then turned into a standard that outlines how to develop
into a standard that outlines how to develop
countermeasures that control spurious electrical signals that are emitted by electronic equipment
Testing Access Controls
ο§
Access controls are the primary
defense that protect assets
ο§
Types of tests:
β’
Penetration tests
β’
Penetration tests
Penetration Testing
ο§
Automatic scans to discover
vulnerabilities
Testing Access Controls
ο§
Example tools: Nessus, Nikto,
SAINT, Superscan, Retina, ISS,
Microsoft Baseline Security
Application Vulnerability Testing
ο§
Discover vulnerabilities in an application
ο§
Automated tools and manual tools
Testing Access Controls
ο§
Example vulnerabilities
Audit Log Analysis
ο§
Regular examination of audit and
event logs
ο§
Detect unwanted events
Testing Access Controls
ο§
Detect unwanted events
Monitoring Access Control
ο§
Intrusion Detection
β’ Three Common Components
Β» Sensors Β» Analyzers
Β» Administrator Interfaces Β» Administrator Interfaces
β’ Common Types
Monitoring Access Control
ο§ Two Main Types of Intrusion Detection Systems
β’ Network Based (NIDS)
β’ Host Based (HIDS)
ο§ HIDS and NIDS can be:
β’ Signature Based
β’ Signature Based
β’ Statistical Anomaly Based
Monitoring Access Control
ο§
Intrusion Prevention Systems
β’ The next big thing
β’ Is a preventative and proactive
technology, IDS is a detective technology. β’ Two types: Network Based (NIPS) and
Monitoring Access Control
ο§ Honeypots
β’ An attractive offering that hopes to lure attackers away from critical systems
ο§ Network sniffers
β’ A general term for programs or devices that are
Tantangan untuk Access Control
ο§ A few threats to access control
β’ Insiders
Β» Countermeasures include good policies and procedures, separation of duties, job rotation
β’ Dictionary Attacks
Β» Countermeasures include strong password policies, strong authentication, intrusion detection and
strong authentication, intrusion detection and prevention
β’ Brute Force Attacks
Serangan pada Access Control
ο§ Intruders will try to defeat, bypass, or trick access controls in order to reach their target
ο§ Attack objectives
β’ Guess credentials
β’ Malfunction of access controls
β’ Malfunction of access controls
β’ Bypass access controls
β’ Replay known good logins
Buffer Overflow
ο§ Cause malfunction in a way that permits illicit access
ο§ Send more data than application was
Serangan pada Access Control
ο§ Send more data than application was designed to handle properly
Script Injection
ο§
Insertion of scripting language
characters into application input fields
β’ Execute script on server side
Serangan pada Access Control
β’ Execute script on server side
β’ Execute script on client side β trick user or browser
Data Remanence
ο§
Literally: data that remains after it has
been βdeletedβ
ο§
Examples
Serangan pada Access Control
ο§
Examples
β’ Deleted hard drive files β’ Erased files
Denial of Service (DoS)
ο§
Actions that cause target system to
fail, thereby
denying service
to
legitimate users
Serangan pada Access Control
legitimate users
β’ Distributed Denial of Service (DDoS)
Eavesdropping
ο§
Interception of data transmissions
ο§
Countermeasures: encryption, stronger
encryption
Serangan pada Access Control
Spoofing and Masquerading
ο§
Specially crafted network packets that
contain forged address of origin
ο§
Countermeasures: router / firewall
Serangan pada Access Control
ο§
Countermeasures: router / firewall
Social Engineering
ο§
Tricking people into giving out
sensitive information by making them
think they are
helping
someone
Serangan pada Access Control
think they are
helping
someone
Phishing
ο§
Incoming, fraudulent e-mail
messages designed to give the
appearance of origin from a
Serangan pada Access Control
appearance of origin from a
legitimate institution
Pharming
ο§
Redirection of traffic to a forged
website
Serangan pada Access Control
website
ο§
Countermeasures: user awareness
Malicious Code
ο§
Viruses, worms, Trojan horses,
spyware, key logger
Harvest data or cause system
Serangan pada Access Control
ο§
Harvest data or cause system
malfunction
ο§
Countermeasures: virus,
Model Arsitektur Keamanan untuk AC
β’
Can help organizations quickly
make improvements through
adaptation
β’
Can focus on:
β’
Can focus on:
β computer hardware and software
β policies and practices
Bell-LaPadula Confidentiality Model
β’
A state machine model that helps
ensure the confidentiality of an
information system
Model Arsitektur Keamanan untuk AC
information system
Biba Integrity Model
β’ Provides access controls to ensure that objects or subjects cannot have less
integrity as a result of read/write operations
Model Arsitektur Keamanan untuk AC
operations
β’ Ensures no information from a subject can be passed on to an object in a higher
Clark-Wilson Integrity Model
β’
Built upon principles of change control
rather than integrity levels
β’
Its change control principles
Model Arsitektur Keamanan untuk AC
β’
Its change control principles
β No changes by unauthorized subjects
β No unauthorized changes by authorized subjects
Graham-Denning Access Control Model
β’ Composed of three parts
β A set of objects
β A set of subjects (a process and a domain)
Model Arsitektur Keamanan untuk AC
β A set of subjects (a process and a domain) β A set of rights
β’ Primitive protection rights
Harrison-Ruzzo-Ullman Model
β’ Defines a method to allow changes to
access rights and the addition and removal of subjects and objects
β Since systems change over time, their protective
Model Arsitektur Keamanan untuk AC
β Since systems change over time, their protective states need to change
β’ Built on an access control matrix
Brewer-Nash Model
(aka Chinese Wall)
β’ Designed to prevent a conflict of interest between two parties
Model Arsitektur Keamanan untuk AC
β’ Requires users to select one of two
The ISO 27000 Series
β’ Information Technology β Code of Practice for Information Security Management
β One of the most widely referenced and discussed security
models
Model Arsitektur Keamanan untuk AC
models
β Originally published as British Standard 7799 and then later
as ISO/IEC 17799
β Since been renamed ISO/IEC 27002
The ISO 27000 Series
Model Arsitektur Keamanan untuk AC
Control Objectives for Information
and Related Technology (COBIT)
β’
Control Objectives for Information and
Related Technology (COBIT)
Model Arsitektur Keamanan untuk AC
β Provides advice about the implementation of sound controls and control objectives for InfoSec
COSO
β’ U.S. private-sector initiative
β Major Objective: identify factors that cause fraudulent financial reporting and to make
Model Arsitektur Keamanan untuk AC
fraudulent financial reporting and to make recommendations to reduce its incidence
β Has established a common definition of internal controls, standards and criteria
COSO
(Lanjutan)β’ Built on five interrelated components:
β Control environment β Risk assessment
Model Arsitektur Keamanan untuk AC
β Risk assessment β Control activities
