Chapter 2

 CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2

 Computer security means the methods used to ensure that a system is secure.  In the modern organization, multiple computers are interconnected forming a complex network of computers. This is referred to as network security. Prepared by Mohammed Saher3

 Information Assurance means that all the Information Systems and Information is available when needed.  Information Security encompasses broad range of concepts, principles and methodologies to make sure that the organizational Information systems operate in a safe environment. Prepared by Mohammed Saher4

 Information Security is based on three basic principles: ◦ C onfidentiality ◦ I ntegrity ◦ A vailability Prepared by Mohammed Saher5

 Confidentiality means to ensure that only those individuals who have the authority to view a piece of information may do so.  Integrity means only authorized users can create and change the information.  Availability is to ensure that the data, the system is available for the use when an authorized user wants it Prepared by Mohammed Saher6

 Authentication means the ability to ensure an individual is who they claim to be.  Non-repudiation means the ability to verify that a message has been sent and received and that the sender can identified and verified. Prepared by Mohammed Saher7

 Traditional Approach ◦ Protection = Prevention  New Approach ◦ Protection = Prevention + (Detection + Response) Prepared by Mohammed Saher8

 Three ways or levels an organization protect its Information Assets: ◦ Ignore security issues (minimum security) ◦ Provide host security ◦ Provide network security Prepared by Mohammed Saher9

 Host security takes a granular view of security by focusing on protecting each computer and devise individually instead of addressing protection of the network as a whole.  Basically, each computer is responsible for its own security. Prepared by Mohammed Saher10

 Less secure as some threats and vulnerabilities can be overlooked.  Difficult to implement if the Information System is heterogeneous; as each system, software, operating system and application has different security configuration. Prepared by Mohammed Saher11

Server(s) Computer 1 Computer 4 Computer 3 Computer 2 Each computer and the server(s) are responsible for their own security. Prepared by Mohammed Saher12

 In Network Security, emphasis is placed on controlling access to internal computers from external entities.  Network Security can be implemented via: ◦ Routers ◦ Firewalls ◦ Intrusion Detection Systems (IDS’s) ◦ Authentication hardware and software Prepared by Mohammed Saher13

Computer Network Firewall Routers IDS’s Authentication systems Access to the computer network is controlled via firewalls, routers, IDS’s and other authentication systems. Prepared by Mohammed Saher14

 Least Privilege means that a subject (user, application, process) should have only the necessary rights and privileges to perform its tasks with no additional permissions.  Limiting the access to sensitive information can limit the consequences of the damage. Prepared by Mohammed Saher15

Accounting Department Employee Payroll Profit Margin Spreadsheets Marketing Department Marketing Plans, Documents Market Research Results Prepared by Mohammed Saher16

 Can the two departments be trusted and share information with each other?  On what basis the trust relationship is established?  Can all the users from these departments be trusted? Prepared by Mohammed Saher17

Accounting Department Employee Payroll Profit Margin Spreadsheets Marketing Department Marketing Plans, Documents Market Research Results TRUST? Prepared by Mohammed Saher18

 The basis of Layered security: Instead of relying on one single protection mechanism we must design a complex multiple protection mechanism.  Layered security provided a better solution as the intruder has to bypass all the layers of security.  Layered security approach eliminated the “single point of failure”. Prepared by Mohammed Saher19

 All the layers in an architecture should work together in a coordinated manner to achieve the best results.  The complexity should increases from one layer to another, thus providing a very complex security mechanism. Prepared by Mohammed Saher20

Access Controls Firewalls & Routers Security Guard Authentication Systems IDS’s Prepared by Mohammed Saher21

 Diversity of Defense is an extension of the layered security.  The idea is to provide multiple layers of security, thus diversify the defense mechanism.  Having computers, servers, applications, operating systems, routers, firewalls and IDS’s from multiple vendors will provide a better solution as different vendors have different security mechanisms. Prepared by Mohammed Saher22

 Difficult to implement – implementing an IT infrastructure with multi-vendor systems can be operationally complex.  Requires multiple skills set – IT professionals must have experience on working with systems from multiple systems.  Not cost effective – Requires multiple skill set IT professional and procuring systems from multiple vendors. Prepared by Mohammed Saher23

 Security through obscurity uses the approach of protecting something by hiding it.  Security through obscurity may make someone work little harder to accomplish the task, but does not prevent anymore from eventually succeeding.  Security through obscurity is a very poor security mechanism and should not be the only security mechanism in place. Prepared by Mohammed Saher24

 Security systems should be simple enough for the IT professionals to understand them.  The more complex the security systems are, the harder it is to troubleshoot the system.  There must be a balance between security and complexity. Prepared by Mohammed Saher25

 Access is the ability of a subject to interact with an object.  So, controlling who all can access a specific object is called as Access Controls.  Access Controls are widely used in network and computer security. Prepared by Mohammed Saher26

 Access Control Matrix is the simplest way of implementing an access control.  Not used anymore, as it is difficult to store a big matrix. R – Read W – Write E- Execute File 1File 2PrinterScanner Process 1R, W, EWW Process 2ER, W, EWW Prepared by Mohammed Saher27

 Access Control List is a list that contains the subjects that have access rights to a particular object.  Three common types of access control lists are ◦ Discretionary Access Control ◦ Mandatory Access Control ◦ Role-Based Control Prepared by Mohammed Saher28

 Discretionary Access Controls are a means of restricting access to objects based on the identity of the subject and /or groups to which they belong.  The controls are discretionary is the sense that a subject with a certain access permission is capable of passing that permission on to any other subject. Prepared by Mohammed Saher29

 In systems that employ discretionary access controls, the owner of an object can decide which other subjects may have access to the object and what specific access they may have. Prepared by Mohammed Saher30

Payroll File Employee 1 Employee 3 Employee 4 Employee 2 Owner of the Payroll file is Employee 5 Employee 5 has given R, W, E access to the payroll file for Employee 1 Employee 5 has given R, W access to the payroll file for Employee 2 Employee 5 has given R access to the payroll file for Employee 3 Employee 5 has given W access to the payroll file for Employee 4 Prepared by Mohammed Saher31

Prepared by Mohammed Saher32

 Mandatory Access Control is a means of restricting access to objects based on the sensitivity of the information contained in the object and the formal authorization of subjects to access information of such sensitivity.  The crux of mandatory access control is the label attached with an object and the subject.  These labels and classifications cannot be changed by the subject. Prepared by Mohammed Saher33

 A file that has been labeled as “Top Secret” can only be accessed by an employee with a “Top Secret” clearance.  An employee with a “Top Secret” clearance will not be allowed to pass on this file to an employee with “Secret” level employee. Prepared by Mohammed Saher34

 In role-based access control, instead of each user being assigned specific access permissions for an object, that user is assigned a set of roles that the user may perform.  The roles are in turn assigned the access permissions necessary to perform the tasks associated with the role. Prepared by Mohammed Saher35

Market Research Role Employee1 Employee 2 Employee 3 Prepared by Mohammed Saher36

 Authentication is the process of verifying that the individual is who he claims to be. Prepared by Mohammed Saher37

 The most common form of authentication is the use of user name/ password (Something you know)  Another form of authentication is the use of personal identification number (PIN) (Something you have)  Last form of authentication is use of DNA & biometrics (Something about you) Prepared by Mohammed Saher38

 Kerberos is a network authentication protocol designed for a client/ server architecture.  Kerberos uses a strong encryption so that a client can prove its identity to server and the server can in turn authenticate the client.  Kerberos uses tickets to provide this authentication. Prepared by Mohammed Saher39

 Tickets are issued by an authentication server.  Authentication server is trusted by both the server and the client.  The whole session can be encrypted, thus eliminating the inherent threats of networking environment.  Tickets are time stamped, they cannot be reused. Prepared by Mohammed Saher40

 CHAP – Challenge Handshake Authentication Protocol.  CHAP is used to provide point-to-point authentication.  CHAP uses three way handshake to provide authentication. Prepared by Mohammed Saher41

 Initially, a challenge is sent to the client.  The client uses a one way hashing function to calculate the response, and sends that response back to the server.  The server compares the response form the client with what it calculated the response should be. If the two responses are same, the communication continues. Prepared by Mohammed Saher42

 Three way handshake model. Client Server 1. Calculate the response, and send it back to the server 1. Send the challenge Communication continues if the responses match Prepared by Mohammed Saher43

 Certificates are a method to establish authenticity of a specific object such as an individual’s public key or downloaded software.  A digital certificate is generally seen as an attachment to a message and is used to verify that the message came from a genuine source. Prepared by Mohammed Saher44

 Multifactor is a term used to describe the use of more than one authentication mechanism.  Common example: ATM cards. In order to use ATM services, the use must have an unique ATM card and the corresponding PIN. Prepared by Mohammed Saher45

 Mutual authentication is a term used to describe a process in which each side of an electronic communication verifies the authenticity of the other. Prepared by Mohammed Saher46

 The security with your organization depends on the security model that is being used.  Security models are classified in two types ◦ Confidentiality Models ◦ Integrity Models Prepared by Mohammed Saher47

 Example of confidentiality model is Bell-LaPadula Security model.  Used in US military, or in any organization where security models are hierarchical and uses levels of classifications. Prepared by Mohammed Saher48

 This model uses both mandatory and discretionary access control mechanisms.  This model uses two important security rules ◦ Simple Security Rule ◦ Property Prepared by Mohammed Saher49

 Simple Security Rule states that no subject could read information from an object with a security classification higher than that possessed by the subject itself.  User with only “Secret” level of clearance cannot read a file labeled as “Top Secret”. Prepared by Mohammed Saher50

 Property, this principle states that a subject could write to an object only if its security classification was less than or equal to the security level of an object.  User with “Secret” level of clearance could write to a file labeled as “Secret” or “Top Secret”. Prepared by Mohammed Saher51

 Currently, there are two integrity models in use ◦ The Biba Security Model ◦ The Clark-Wilson Security Model. Prepared by Mohammed Saher52

 This model uses integrity levels.  Integrity levels means that the data with a higher integrity is believed to be more accurate or reliable than data of a lower integrity level.  By using integrity levels, modification of data is limited/ prohibited. Prepared by Mohammed Saher53

 Low-Water-Mark policy prevents subjects from writing to object of a higher integrity level.  Integrity level of a subject will be reduced if it reads an object of a lower integrity level.  Subject can only execute a program if the program’s integrity level is equal to or less than the integrity level of the subject. Prepared by Mohammed Saher54

 This model will eventually reduce the integrity levels of all the subject to the lowest level of the system.  Ring Policy allows any subject to read any object without regards to the integrity levels and without lowering the integrity levels. Prepared by Mohammed Saher55

 This model uses two levels of integrity: ◦ Constrained Data Items (CDI) ◦ Unconstrained Data Items (UDI)CDI data is subjected to integrity controls while UDI is not.  CDI data is subjected to integrity controls while UDI is not. Prepared by Mohammed Saher56

 This model uses two types of processes:  Integrity verification process (IVP) that ensures that CDI data meets integrity constraints. This ensures that the data is in a valid state.  Transformation Process will change the state of the data from one valid state to another. Prepared by Mohammed Saher57

 In this model, data can not be modified by the user directly. Instead, it is modified via the transformation process.  Access to transformation process in limited. Prepared by Mohammed Saher58