Bookmark and Share

Front Back
pillars of information assurance (p27)
1. confidentiality
2. integrity
3. availability
4. authentication
5. non-repudiation

CONFIDENTIALITY - info is not disclosed to unauthorized and is processes; protects against hackers, unprotected communications, unauthoried users

INTEGRITY: info retaining its original level of accuracy; protects against unathorized data and modifications, system or pgm changes.

3 goals
1. no changes by unauthorized subjects
2. no unauthorized changes by authorized subjects
3. maintenance of int and ext consistency

AVAILABILITY - reliable access to date; protects against denial of service, ping attacks, email flaming

AUTHENTICITY - geniuses or legitimacy of an object is subject

NON-REPUDIATION - cannot deny the legitimacy of a transaction, id, etc.
Three (3) access control categories ?
1 physical address control
2 administrative access control
3 logical / technical access control

physical access control embraces any sort of real world obstacle that prevents people from accessing the protected resource

administrative access control costs policies and steps enforced by the organization that is responsible for the resource

logical access control costs whole range of protections enforced by system itself. eg/the os. it not only governs who can access resource on the system but also allows for finner granularity in access modes of users who have legitimate access.
What are the 5 access control types? p36
1 preventive
2 detective
3 deterrent
4 corrective
5 recovery

preventive = systems that make it impossible to access resources users don't have right to access like locked door.

detective = systems that generate alerts when unauthorized access has occurred but doesn't stop the access from occurring
e.g. burglar Alarm

deterrent = control that doesn't restrict access but makes it clear permission to access resource is denied. e.g. a high fence or logon banner warning

corrective = control in order to correct or restore controls e.g. antivirus software

recovery = control to restore resources, capabilities or losses. e.g. backups
4 access control techniques? (39)
1 discretionary
2 mandatory
3 role-based
4 lattice-based

 DISCRENTIONARY - resource owner determines access and prvileges user should have

MANDATORY - owner and system grant access based on resource security labels

RULE BASED: security label; prvileges are inhereted; access is based on users responsibilitiy (what group you're a part of)

LATTICE BASED: access is based on a framework of security labels
- you're interested in "how" the subject moves => info flow in general
- deals with confidentiality and to limited extent, integrity

Access ctl list - users can access "whats on the list"
Access Control Types (examples)? p37

physical preventive?
administrative preventive?
technical preventive?

physical detective?
administrative detective?
technical detective?

PHYSICAL PREVENTIVE CONTROLS: backups, fences, security guards, locks and keys, badge systems, bio-metrics

ADMINISTRATIVE PREVENTIVE CONTROLS: security awareness training, separation of duties, hiring prcedures, security policies/procedures, backgroun checks, disaster recovery

TECHNICAL PREVENTIVE CONTROLS - access control software, antivirus software, library control systems, IDS, smart cards, and callback systems

PHYSICAL DETECTIVE CONTROLS - motion detectors, smoke alarms, closed circuit TV and alarms

ADMINISTRATIVE DETECTIVE CONTROLS: security reviews and audits, rotation of duties, required vacations and performance evals

TECHNICAL DETECTIVE CONTROLS: audit trails and intusion detection systems
Access Control Principles p.34
- require knowing what users job is
- main one and hardest to keep
- takes a lot of time to correct

- for the important critical business items such as create act, write checks

NEED TO KNOW: used in conjunction with mandatory access control to control access to info of the same classification
State machine model p. 47
- If the secure state fails, bad things happen

1. define the secure state
2. are you in a secure state
3. while making the change, are we secure
4. after we made the change, everything is still secure and we go from secure state to secure state...
Biba Model p.51
Biba - deals with INGEGRITY of data

simple inegrity axiom = no read down

* integrity axiom = no write up

test trick -
axiom = dealing with Biba and integrity
Clark & Wilson Model? p.53
- separation of duties is enforced

- auditing is required
Non-interference model p.54
Only secret stuff happens in this model
Tuple? p.47
A tuple is the relationshipo between a subject, object and access.

ie/I'm an admin and I can access "abc"
BLP (Bell LaPadula Model) p.48
* model that deinfes how e keep data simple and safe

- don't want someone down to read up and (simple security rule)

Don't want someone up to write down = * property rule

test trick
* = write
simple = read
IDSs p. 93-96
IDS = not bad, just not as good as everyone thinks

anomoly identification = you have to train it

* no ids, a panacea knowing your network is THE panacea

* most ids's use a "signature" base stating "this is bad"

NOTE - probably better to use a white list
Kerberos v. Sesame p.75-76
Kerberos - requires a TICKET generating server

SESAME - kerberos like security; instead of providing a ticket, it provides a CERTIFICATE

* they both basically give you global access
data custodian v. data user p.30
- most of us "security folks"
- possesses the information
- implements/adminsiters controls in accordance with owners instructions

User - accesses data
- complies with controls
Data Ownership p.29
Data Owner
- the ulitmate decision owner, the person no one can veto
- also person who will go to jail if there is on issue
- responsible for security
- determines sensitivity/crictically, and level of security required
- ensures security requirements meet goals
- authorizes access
- responsible for develping contingency plans
Access Matrix Model p.55
- used to describe which users have access to what objects

- implementation through access control lists and capablities
Clipping level? p.59
Clipping level - the # of failed logon attempts prior to locking
Password attacks p.50

brute force
- password is stored as a hash
- samfile - db file storing hash's

Brute force - trying EVERY possible character

Dictionary - misnover; list of passwords you have created
Sppofing - lying

Man-in-the-middle - think about 2 spys on a park bench talking about state secrets and you're standing nearby. or per Dennis Forquer, listen on traffic conversation on the network.
Controls? p.28
Controls - ensuring what will happen is only what we want to happen based on the decision of the data owner.

- collection of mechanisms that permits managers of a system to excercise a directing or restraining influcence over the behavior, use and content of a system.

Controls permit mgt to specify:
1. what users, pgms, processor or other systmes can do
2. which resources they can access
3. what operations they can perform on a system
Accountability p.92

- if we don't know what normal is, how can we tell what abnormal is. This is means knowing your own network WELL.
Biometrics - order of effectiveness p.69
Challenge - what more effective usually takes longer

plam scan
hand geometry
iris scan
retina pattern
voice verification
signature dynamics
keystroke dynamics

Note - blood vessals in the back of your eyes. BAD b/c if you're a woman, will engorge with blood when pregnant==privacy/legal issue...
Issues with characteristics - based authentication p.71
Type 1 error - do we reject the wrong folks

type 2 error - allow someone in who shouldn't be

differentiator - crossover rate
higher worse
lower better
Probmes with passwords (notes p.13 notebook)
- you can forget it
- lots of non-repudiation problems
- insecure
- easily broken
- inconvienent
Authentication Methods

Asynchronous v. Synchronous

Synchronous - time synced (eg token we use at work)

Asynchronous - eg/if the bank sees you coming in via a diff computer, it asks you security questions to confirm its you!
Access Administration

centralized v. decentralized

Centralized administration (slower; older technology)

- faster
- no one central repository
Access Control Types p.35
Physical Access Control

Administrative Access Control
- policies (its okay to surf the net or not; usually the CYA background checks...

Logical Access Control
- governs who can access resources and also allows for fine granularity in access modes
Identifcation is? p. 31
1. way to tell the system who you are (ie. user name)
2. must be unique = has accountability (can be traced to an ind)
define the following

type 1
type 2
ref monitor
Clark Wilson
blp - confidentially, no read up; no write down

type 1 - reject wrong folks
type 2 - allow wrong access

ref monitor - grants/denies based on rules

mac - mandatory access control; owner and system grant access based on resource security label

Clark Wilson - integrity - subjects can only access objects through authorized pgms
x of y cards