2 Access Control This Chapter presents the following material Identification Methods and technologiesAuthentication MethodsDAC, MAC and role based (non-DAC) modelsAccountability, monitoring, and auditingUnauthorized Disclosure of InformationIntrusion Detection SystemsThreats to access control practices and technologies
3 Access ControlsAccess controls are security features that control how people can interact with systems, and resources.Goal is to protect from un-authorized access.
4 Access Access is the data flow between an subject. Subject is a person, process or programObject is a resource (file, printer etc)
5 Access Control (157) Access control should support the CIA triad! Let’s quickly go over the CIA triad again
6 Components of Access Control (158) Quick overview: details on each coming upIdentification – who am I? (userid etc)Authentication – prove that I am who I say IAuthorization – now what am I allowed to accessAuditing – Big Brother can see what I accessed.
7 CISSP BUZZWORDLogical (technical) access controls are used for these 4 items.*Things like smart cards and biometrics, and passwords, and audit system, and SELinux these are all examples of logical
8 Identification (159 & 162) Identifies a user uniquely (hopefully) SSN, UID, SID, UsernameShould Uniquely identify a user for accountability (don’t share)Standard naming scheme should be usedIdentifier should not indicate extra information about user (like position)DO NOT SHARE (NO group accounts)
9 Authentication (160)Proving who you say you are, usually one of these 3Something you know (password)Something you have (smart card)Something you are (biometrics)What is wrong with just using one of these methods?
10 Strong Authentication (161) Strong Authentication is the combination of 2 or more of these (also called multi-factor authentication) and is encouraged!Strong Authentication provides a higher level of assurance*
11 Authorization What does this mean? What are some type of authorization mechanism? (ACLs, permissions)We will go more indepth on this laterAuthorization is a preventative “control”* (we will talk about controls later)
12 Auditing What is the purpose of auditing? Auditing is a “detective” control* (we will talk about this later)
13 Recap Identification – what is it? Authentication – how is this different from identificationAuthorization – what does this mean?Auditing – what’s the point?
14 Identity Management (162) Identity management products are used to id, authenticate and authorize users in an automated means. It’s a broad term.These products may (or may not) includeUser account managementAccess controlsPassword managementSingle Sign onPermissions
15 ID Management and the CISSP (164) Know for the exam that ID management solutions includeDirectoriesWeb Access ManagementPassword ManagementSingle Sign OnAccount ManagementProfile update
16 Profiles updates What is a profile (not a windows profile) A profiles is the collection of data about aHome addressPhoneStart dateCertificationsetc
17 Profile updates (117)IdM systems may have centralized tools to manage profiles, may have “self service” portals where users can update their own info.Profiles are similar to ‘digital Identity’
18 Directories (165) Information about the users and resources LDAP (based on X.500)Key concept is namespaces (like branches of a tree) and DN (distinguished names) Can anyone explain namespaces and DNs?DN=CN and multiple DCs can include OUsActive Directory (an implementation of LDAP)Legacy NT (flat directory structure)Novell Netware (???)
19 Directories Role in ID management Specialized database optimized for reading and searching operationsImportant because all resource info, users attributes, authorization info, roles, policies etc can be stored in this single place.Directories allow for centralized management! However these can be broken up and delegated. (trees in a forest)
20 Meta and Virtual Directories (167) Meta-directories allow for a centralized directory if users information is in multiple different directories (meta-directories synchronizes it’s data against the other databases)Like meta-dirs, but instead of storing data, just provide links or pointers to the data in the alternate directoryAdvantages and Disadvantages?
21 Web Access management (168) Uses a webserver(s) to deliver resourcesUsers authentications against the web server using whatever Auth scheme implementedIf authenticated requests and objectWeb server verifies authorizationIf so web server returns objectsMainly used for external users/accessVery Web 2.0, you probably see a lot of this now a days.
22 Password Management (171) Allows for users to change their passwords,May allow users to retrieve/reset password automatically using special information (challenge questions) or processesHelpdesk assisted resets/retrievals (same as above, but helpdesk people might ask questions instead of automated)May handle password synchronization
23 Single Sign On Log in one time, and access resources many places Not the same as password synchronizationSSO software handles the authorization to multiple systemsWhat is a security problems with this?What are advantages?
24 Account Management Software Idea is to centrally manage user accounts rather than to manually create/update them on multiple systemsOften include workflow processes that allow distributed authorization. I.e.. A manager can put in a user request or authorize a request, tickets might be generated for a Key card system for their locations, Permissions might be created for their specific needs etc.Automates processesCan includes records keeping/auditing functionsCan ensure all accesses/accounts are cleaned up with users leave.
25 Federation (I hate this word) (178) A Federation is multiple computing and/or network providers agreeing upon standards of operation in a collective fashion. (self governing entities that agree on common grounds to easy access between them)A federated Identity is an identity and entitlements that can be used across business boundaries. (MS passport, Google checkout)
26 Identity Management Overview Idea is to manage, identify and authorize users in an automated fashionKnow for the exam that ID management solutions includeDirectoriesWeb Access ManagementPassword ManagementSingle Sign OnAccount ManagementProfile update
27 Who needs ID management (178) Really everyone! (at least anyone that you will probably deal with)See table on Page 178
29 Biometrics (179) Bio – life, metrics - measure Biometrics verifies (authenticates) an individuals identity by analyzing unique personal attribute (something they ARE)Require enrollment before being used* (what is enrollment? Any ideas)EXPENSIVECOMPLEX
30 Biometrics (179) Can be based on Can give incorrect results behavior (signature dynamics) – might change over timePhysical attribute (fingerprints, iris, retina scans)We will talk about the different types of biometrics laterCan give incorrect resultsFalse negative – Type 1 error* (annoying)False positive – Type 2 error* (very bad)
31 CER (179)Crossover Error Rate (CER)* is an important metric that is stated as a percentage that represents the point at which the false rejection rate equals the false positive rate.Lower number CER is better/more accurate*. (3 is better than an 4)Also called Equal Error RateUse CER to compare vendors products objectively
32 Biometrics (180)Systems can be calibrated, for example of you adjust the sensitivity to decrease fall positives, you probably will INCREASE false negatives, this is where the CER come in.Draw diagram on boardSome areas (like military) are more concerned with one error than the other (ex. Would rather deny a valid user than accept an invalid user)Can you think of any situations for each case?
33 Biometric problems? Expensive Unwieldy Intrusive Can be slow (should not take more than 5-10 seconds)*Complex (enrollment)
34 Biometric Types Overview* (182) We will talk in more depth of each in the next couple slidesFingerprintPalm ScanHand GeometryRetina ScanIris ScanKeyboard DynamicsVoice PrintFacial ScanHand Topography
35 Fingerprint (182)Measures ridge endings an bifurcations (changes in the qualitative or topological structure) and other details called “minutiae”Full fingerprint is stored, the scanners just compute specific features and values and sends those for verification against the real fingerprint.
36 Palm ScanCreases, ridges, groovesCan include fingerprints
37 Hand Geometry Overall shape of hand Length and width of fingers This is significantly different between individuals
38 Retina Scan Reads blood vessel patterns on the back of the eye. Patterns are extremely unique
39 Iris Scan Measures colors Measures rifts Measures rings Measures furrow (wrinkle, rut or groove)Most accurate of all biometric systemsIRIS remains constant through adulthoodPlace scanner so sun does NOT shine through aperture*
40 Signature Dynamics Most people sign in the same manner (really???) Monitor the motions and the pressure while moving (as opposed to a static signature)Type I (what is type I again?) error highType II (what is type II again?) error low
41 Keyboard dynamicsMeasure the speeds and motions as you type, including timed difference between characters typed. For a given phraseThis is more effective than a password believe it or not, as it is hard to repeats someone's typing style, where as it’s easy to get someone's password.
42 Voice Print Enrollment, you say several different phrases. For authentication words are jumbled.Measures speech patterns, inflection and intonation (i.e.. pitch and tone)
43 Facial Scan Geometric measurements of Bone structure Nose ridges Eye widthChin shapeForehead size
44 Hand TopographyPeaks and valleys of hand along with overall shape and curvatureThis is opposed to size and width of the fingers (hand geometry)Camera on the side at an angle snaps a picturesNot unique enough to stand on it’s own, but can be used with hand geometry to add assurance
45 Biometrics wrap up We covered a bunch of different biometrics Understand some are behavioral* basedVoice printKeyboard dynamicsCan change over timeSome are physically basedFingerprintIris scan
46 Biometrics wrap UpFingerprints are probably the most commonly used and cheapestIris scanning provides the most “assurance”Some methods are intrusiveUnderstand Type I and Type II errorsBe able to define CER, is a lower CER value better or worse?
47 Passwords (184)What is a password? (someone tell me because I forgot…)Works on what you KNOWSimplest form of authentication*Cheapest form of authentication*Oldest form of authenticationMost commonly used form of authentication*WEAKEST form of authentication*
48 Problems with Passwords (184) People write down passwords (bad)People use weak passwords (bad)People re-use passwords (bad)If you make passwords to hard to remember people often write them downIf you make them too easy… they are easily cracked
49 How to make a good password Don’t use common wordsDon’t use names or birthdatesUse at least 8 charactersCombine numbers, symbols and caseUse a phrase and take attributes of a phrase, transpose characters
50 Attacks on Password (185) Sniffing (Electronic Monitoring) Brute force attacksDictionary AttackSocial Engineering (what is social Engineering?)Rainbow tables – a table that contains passwords in hash format for easy/quick comparison
51 Passwords and the OS (184) The OS should enforce password requirements Aging –when a password expiresReuse of old passwordsMinimum number of charactersLimit login attempts – disable logins after a certain number of failed attempts
52 System password protection System should NOT store passwords in plaintext. Use a hash (what is a hash?)Can encrypt hashesPasswords salts – random values added to the encryption/hash process to make it harder to brute force (one password may hash/encrypt to multiple different results)
53 Cognitive passwords (187) Not really passwords, but facts that only a user would know. Can be used to verify who you are talking to without giving out password, or for password reset challenges.Not really secure, I’m not a big fan.
54 One Time Password Password is good only once then no longer valid Used in high security environmentsVERY secureNot vulnerable to electronic eavesdropping, but vulnerable to loss of token, (though must have pin)Require a token device to generate passwords. (RSA SecureID key is an example)
55 One Time Password Token Type One of 2 typesSynchronous – uses time to synchronize between token and authentication serverClocks must be synchronized!Can also use counter-sync which a button is pushed that increments values on the token and the server
56 OTP Token Types (189) Asynchronous Challenge response Auth sends a challenge (a random value called a nonce)*User enters nonce into token, along with PINToken encrypts nonce and returns valueUsers inputs value into workstationIf server can decrypt then you are good.
57 Other Types of Authentication (190) Digital Signature (talk about in more depth in chapter 8).Take a hash value of a message, encrypt hash with your private keyAnyone with your public key can decrypt and verify message is from you.
58 Passphrase (190)Simply a phrase, application will probably make a “virtual password” from the passphrase (etc a hash)Generally more secure than a passwordLongerYet easier to remember
59 Memory Cards (191) NOT a smart card Holds information, does NOT processA memory card holds authentication info, usually you’ll want to pair this with a PIN… WHY? You tell me.A credit card or ATM card is a type of memory card, so is a key/swipe cardUsually insecure, easily copied.*
60 Smart Card (193) Much more secure than memory cards Can actually process informationIncludes a microprocessor and ICsCan provide two factor authentication, as you the card can store authentication protected by a pin. (so you need the card, and you need to know something)Two typeContactcontactless
61 Smart Card Attacks (193) There are attacks against smart cards Fault generation – manipulate environmental controls and measure errors in order to reverse engineer logic etc.
62 Smart Card AttacksSide Channel Attacks – Measure the cards while they workDifferential power analysis – measure power emissionsElectromagnetic analysis – example frequencies emitted
63 Smart Card AttacksMicro probing* - using needles to vibrations to remove the outer protection on the cards circuits. Then tap into ROMS if possible or “die” ROMS to read data (use chemicals to stain ROMS and determine values) (this is actually done… someone just reversed engineered the game boy BIOS using this method)
65 Authorization Now that I am who I say I am, what can I do? Both OSes and Applications can provide this functionality.Authorization can be provided based on user, groups, roles, rules, physical location, time of day (temporal isolation)* or transaction type (example a teller may be able to withdrawal small amounts, but require manager for large withdrawals)
66 Authorization principals (pg 197) Default NO access (implicit deny)*Need to Know
67 Authorization Creep* (197) What is authorization creep*? (permissions accumulate over time even if you don’t need them anymore)Auditing authorization can help mitigate this. SOX requires yearly auditing.
68 Single Sign on (200)Why is this section here? It’s poorly located, but anyway let’s follow the flow of the book)
69 SSOIdeaOne identification/authentication instance for all networks/systems/resourcesEases managementMakes things more secure (not written down passwords hopefully)Can focus budgets and time on securing one method rather than many!Makes things integrated
70 SSO downsides Centralized point of failure* Can cause bottlenecks* All vendors have to play nicely (good luck)Often very difficult to accomplish* (golden ring of network authentication)One ring to bind them all! (wait...no…) If you can access once, you can access ALL!
72 Kerberos (201) From MIT’s Athena project Designed to eliminate transmitting passwords over the network.Scalable, reliable, secure, flexibleUses Symmetric Key cryptology*
73 Kerberos Components* (201) Key Distribution Center. (you CAN/SHOULD have backups KDCs, though the exam states that this is a central point of failure for Kerberos*)Principals (users, applications, and services) each principal gets an account!*Tickets, generated by TGS on KDCImportant ticket is the Ticket Granting Ticket*Realm is the domain of all principals that a Kerberos server provides tickets for.
74 Kerberos Process (202) Go over process on page 202* Understand the different between a session key and a secret key* (pg 203)Note* Kerberos systems MUST be time synchronized
75 Kerberos Problems*Single point of failure* (though this can be made redundant)KDC must be scalableSecret keys are stored on the workstation, if you can get these keys, you can break thingsSame with session keysVulnerable to password guessingTraffic is not encrypted if not enabled
76 SESAMEEuropean technology, developed to extend Kerberos and improve on it’s weaknessesSesame uses both symmetric and asymmetric cryptography.Uses “Privileged Attribute Certificates” rather than tickets, PACS are digitally signed and contain the subjects identity, access capabilities for the object, access time period and lifetime of the PAC.PACS come from the Privileged Attribute Server.
77 SESAME procedure (205)See page 206, note that SESAME uses public/private keys for initial authentication. (send an authenticator message, and a timestamp or random number, sign this message)
78 Access Control Models (211) A framework that dictates how subjects access objects.Uses access control technologies and security mechanisms to enforce the rulesBusiness goals and culture of the organization will prescribe which model it usesEvery OS has a security kernel/reference monitor (talk about in another chapter) that enforces the access control model.
79 Access Control Models DAC MAC Roles based Each will be discussed in upcoming slides
80 DAC Discretionary Access Control* Owner or creator of resource specifies which subjects have which access to a resource. Based on the Discretion of the data owner*Common example is an ACL (what is an ACL?)Commonly implemented in commercial products (Windows, Linux, MacOS)
81 MAC Mandatory Access Control* Data owners cannot grant access!* OS makes the decision based on a security label system*Users and Data are given a clearance level (confidential, secret, top secret etc)*Rules for access are configured by the security officer and enforced by the OS.
82 MAC (212)MAC is used where classification and confidentiality is of utmost importance… military.Generally you have to buy a specific MAC system, DAC systems don’t do MACSELinuxTrusted Solaris
83 MAC sensitivity labels Again all objects in a MAC system have a security label*Security labels can be defined the organization.They also have categories to support “need to a certain level.Categories can be defined by the organizationIf I have “top secret” clearance can I see all projects in the “secret” level???
84 Role Based Access Control (214) Also called non-discretionary.Uses a set of controls to determine how subjects and objects interact.Allows you to be assigned a role, and your roles dictates your access to a resources, rather than your direct user.This scales better than DAC methodsYou don’t have to continually change ACLs or permissions per user, nor do you have to remember what perms to set on a new user, just make them a certain roleYou can simulate this with “groups” in Windows and Linux, especially with LDAP/AD.
85 Role based Access control When to useIf you need centralized accessIf you DON’T need MAC ;)If you have high turnover*
86 Software and Hardware Guards Allow the exchange of data between trusted and less trusted systems. We will talk about this in another chapter, let’s not worry about it now.
87 Access Control technologies that support access control models (217) We will talk more in depth of each in the next few slides.Rule-based Access ControlConstrained User InterfacesAccess Control MatrixAccess Control ListsContent-Dependant Access ControlContext-Dependant Access Control
88 Rule Based Access Control (217) Uses specific rules that indicate what can and cannot transpire between subject and object.“if x then y” logicBefore a subject can access and object it must meet a set of predefined rules.ex. If a user has proper clearance, and it’s between 9AM -5PM then allow accessHowever it does NOT have to deal specifically with identity/authorizationEx. May only accept attachments 5M or less
89 Rules Based Access Control Is considered a “compulsory control” because the rules are strictly enforced and not modifiable by users.Routers and firewalls use Rule Based access control heavily
90 Constrained User Interfaces (218) Restrict user access by not allowing them see certain data or have certain functionalityViews – only allow access to certain data (canned interfaces)Restricted shell – like a real shell but only with certain commands. (like Cisco's non-enable mode)Menu – similar but more “gui”Physically constrained interface – show only certain keys on a keypad/touch screen. – like an ATM. (a modern type of menu) Difference is you are physically constrained from accessing them.
91 Access Control Matrix* (220) Table of subjects and objects indicating what actions individuals subjects can take on individual objects*See page 220 (top)
92 Capability Table*Bound to subjects, lists what permissions a subject has to each objectThis is a row in the access matrix(see 220 bottom)NOT an ACL.. In fact the opposite
93 ACL* Lists what (and how) subjects may access a certain object. It’s a column of an access matrixSee page 220
94 Content Dependant Access Controls (221) Access is determined by the type of data.Example, filters that look for specific things like “confidential”, “SSN”, images.Web Proxy servers may be content based.
95 Context Dependant Access Control (221) System reviews a Situation then makes a decision on access.A firewall is a great example of this, if session is established, then allowAnother example, allow access to certain body imagery if previous web sessions are referencing medical data.
96 Review of Access Control Technology / Techniques Constrained User Interfaces*view, shell, menu, physicalAccess Control Matrix*Capability Tables*ACL*Content Dependant Access ControlContext Dependant Access ControlYou should really know ALL of these and be able to differential between similar types!
97 Centralized Access Control Administration (223) What is it?A centralized place for configuring and managing access controlAll the ones we will talk about (next) are “AAA” protocols*AuthenticationAuthorizationAuditing
98 Centralized Access Control Technologies We will talk about each of these in the upcoming slidesRadiusTACACS, TACACS+Diameter
99 Radius* (223)Initially developed by Livingston to authenticate modem usersAccess Server sends credentials to Radius server. Which sends back authorization and connection parameters (IP address etc) (see diagram on 224)Can use multiple authentication type (PAP, CHAP, EAP)Uses UDP port 1812 , and auditing 1813*Sends Attribute Value Pair (Ex. IP= )Access server notifies Radius server on disconnect (for auditing)
100 What is radius used for Network access Dial up VLAN provisioning IP address assignment
101 Radius benefitsIt’s been around, a lot of vendor support
102 Radius issuesRadius can share symmetric key between NAS and Radius server, but does not encrypt attribute value pairs, only user info. This could provide info to people doing reconnaissancePAP password go clear text from dial up user to NAS
103 TACACS(+) (225) TACACS uses fixed passwords TACACS uses TCP or UDP port 49TACACS is old (1990) TACACS+ replaces itTACACS+ can support one time passwordsProvides the same functionality of RadiusTACACS+ uses TCP port 49
104 TACACS+ benefits TCP? Is this a benefit? Discuss… Encrypts ALL traffic TACACS+ separates each AAA function.For example can use AD for authentication (radius can actually do this too.. But you have to write plug-ins)Has more AVP pairs than Radius, more flexible
105 Diameter (229) Builds upon Radius Similar functionality to Radius and TACACS+NOT Backwards compatible with Radius (book is wrong) but is similar and an upgrade pathUses TCP, or STCP (stream TCP)
106 Diameter benefitsWith Diameter the DS can connect to the NAS (i.e.. Could say kick user off now). Radius servers only respond to client requests.Has a lot more AVP pairs (2^32 rather than 2^8)
107 Centralized Access Controls overview Idea centralize access controlRadius, TACACS, diameterIs Active Directory a type of Centralized Access Control?Decentralized is simply maintaining access control on all nodes separately.
108 Controls and Control Types* STOPBefore we move on you need to understand the definitions/terms that we are about to cover for the exam. (controls and control types) They are used ambiguously on the exam, so you need to think about them. We will give an overview now, but we’ll keep seeing them again and again.
109 Controls and Control Types* Not directly in book There are Controls and Control types, need to understand these `ControlsAdministrativePhysicalTechnicalNow we’ll talk about control types
110 Control types (241 skip ahead) Types (can occur in each “control” category)Deterrent – intended to discourage attacksPreventative – intended to prevent incidentsDetective – intended to detect incidentsCorrective – intended to correct incidentsRecovery – intended to bring controls back up to normal operationCompensative – provides alternative controls to other controls
111 Administrative Controls (back to 231) Personnel – HR practicesSupervisory – Management practices (supervisor, corrective actions)Training – that’s pretty obviousTesting – not technical, and managements* responsibility to ensure it happens
112 Physical Controls (223)Physical Network Segregation (not logical) – ensure certain networks segments are physically restrictedPerimeter Security – CCTV, fences, security guards, badgesComputer Controls – physical locks on computer equipment, restrict USB access etc.
113 Physical Controls continued Work Area Separation – keep accountants out of R&D areasCabling – shielding, FiberControl Zone – break up office into logical areas (lobby – public, R&D- Top Secret, Offices – secret)
114 Technical or Logical controls (235) Using technology to protectSystem Access – Kerberos, PKI, radius (specifically access to a system)Network Architecture – IP subnets, VLANS , DMZNetwork Access – Routers, Switches and Firewalls that control accessEncryption – protect confidentiality, integrityAuditing – logging and notification systems.
115 Ok we went out of order.. Skip to 247 This is out of WAY out of order, but for the exam you should know the table on 247 (Access control practices) let’s read it together.
116 Unauthorized Disclosure of Information Sometimes things are disclosed un-intentionally. In the next couple slides we will talk aboutObject reuseEmanation security
117 Object reuse (248) Media may be re-used without cleaning off old data! Fix thisDestroy or wipe (destroy) old dataWhy destroy?What is degaussing?*
118 Emanation Security (249)All devices give off electrical / magnetic signals. This can be used against you (we’ve all seen Alias and 24?)Hard/expensive to do often but not always.A non-obvious example is reading info from a CRT bouncing off something (we’ve seen CSI right?)Tempest* is a standard to develop countermeasures to protect against this.Let’s talk about emanation countermeasures
119 Emanation Countermeasures Faraday cage – a metal mesh cage around an object, it negates a lot of electrical/magnetic fields.White Noise – a device that emits uniform spectrum of random electronics signals. You can buy sounds frequency white noise machines. (call centers, doctors)Control Zones – protect sensitive devices in special areas with special walls etc.
120 Intrusion detection (250) IDS allow you to detect intrusion and unauthorized access.Different types (we will discuss), but usually consist ofSensorsStorageAnalysis engineManagement Console(see diagram on 260)
121 NIDS Network Based Monitor network traffic ONLY Can be of multiple types (discuss later)Watch out for switches (use mirroring), and subnets (use multiple sensors)
122 HIDS Host based – installed on computers Monitor logs Monitor system activityMonitor configuration filesCould monitor network traffic to and from the computer installed on only.Multiple types – discussed later
123 IDS types (251)Signature based – like a virus scanner, look for known attack signatureMUST be updated with new signaturesWill not stop unknown attacks (0-day)Relatively high rate of assuranceCommonly used
124 Statistical Anomaly Based IDS / heuristic Based on what is “normal” behavior (builds a profile)Detects when thing are not normalVery subjective -Very high rate of false positives, may lead to info being ignored. –Require high degree of knowledge and maintenance to run -Can possibly detect zero days +
125 Protocol* based IDS What is a protocol? Anyone? Understand the protocols it’s watching (like HTTP, SMTP)Looks for deviations from the normal protocol trafficGood to combined with other IDS types (signature based, or statistical based)A lot of protocols are open to interpretation which can confuse protocol based IDS*
126 Rules Based 255 Uses expert system/knowledge based systems. These use a database of knowledge and an “inference engine”) to try to mimic human knowledge. It’s like of a person was watching data in real time and had knowledge of how attacks work.
127 IDS review Signature Based Anomaly Based Rule Based When studding review the table on page 257
128 IPSLike an IDS, but actively take steps to neutralize attacks in real time. (doest require IDS functionality)Might reset TCP connections, might updates firewall rules to block traffic.Cool right?May create problems in troubleshooting network behavior/issues.
129 Honey Pots/ Honey Nets (263) Computer or network setup to “distract” attackers to this machine/net rather than the real machines.Can be restricted and monitored so you can see who’s trying to do what, and stop them.Be weary of enticement vs. entrapment. Can anyone explain the difference?
130 Threats to Access Control We will talk about these later.. But let’s review these nowDictionary attacks – what is this?Sniffers – what is this?Brute force attacks – how is this different then a dictionary attack.Spoofing login/trusted pathPhishingIdentity theft
131 Wow that was a lot, lets review Read quick tips on pg 269Lets’ review the questions from the book.