1Access Control and Site Security (Part 1)January 27, 2014)© Abdou Illia – Spring 20142Learning Objectives Understand Main Security Goals Discuss Resources’ Access Control Discuss Password-Based Access ControlBasic systems’ attacks324Dialog attack: EavesdroppingClient PCBobServerAliceDialogAttacker (Eve) interceptsand reads messagesHelloHello Intercepting confidential message being transmitted over the network5Dialog attack: message AlterationClient PCBobServerAliceDialogAttacker (Eve) interceptsand alters messagesBalance =$1Balance =$1Balance =$1,000,000Balance =$1,000,000 Intercepting confidential messages and modifying their content6Flooding Denial-of-Service (DoS) attackMessage FloodServerOverloaded ByMessage FloodAttacker3Security Goals8Dialog attacks: Security Goal If eavesdropping and message alteration attacks succeed, in which of the following ways the target can be affected?a) Data files stored on hard drives might be deletedb) Data files stored on hard drives might be alteredc) Corporate trade secret could be stolend) Competitors might get the victim company’s licensed infoe) Users might not be able to get network services for a certain period of timef) The network might slow downConfidentiality = Main goal in implementing defense systems against eavesdropping and message alteration.9Malware attacks: Security Goal If malware attacks succeeded, in which of the following ways the victims could be affected?a) Data files stored on hard drives might be deletedb) Data files stored on hard drives might be alteredc) Corporate trade secret could be stolend) Competitors might get the victim company’s licensed infoe) Users might not be able to get network services for a certain period of timef) The network might slow downIntegrity = Main goal of implementing defense systems against malware attacks.410DoS attack: Security Goal If a DoS attack succeeded, in which of the following ways the victims could be affected?a) Data files stored on hard drives might be deletedb) Data files stored on hard drives might be alteredc) Corporate trade secret could be stolend) Competitors might get the victim company’s licensed infoe) Users might not be able to get network services for a certain period of timef) The network might slow downAvailability = Main goal of implementing defense systems against DoS attacks.11Security Goals Three main security goals:Confidentiality of communications and proprietary informationIntegrity of corporate dataAvailability of network services and resourcesCIA Authenticity: ensuring that the data, transactions, communications or documents are genuine. Also validating that both parties involved are who they claim to be. Non-repudiation: Ensuring that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.Resources Access Control513Opening Question Which of the following actions may be taken in order to strengthen the confidentiality of companies’ proprietary information?a) Prevent employees from accessing files not needed for their jobb) Limit the number of computers each employee can use for logging in to the networkc) Encrypt any communications involving passwordsd) All of the above14What is Access Control? Access control is the policy-driven limitation of access to systems, data, and dialogs Access control prevents attackers from gaining access to systems’ resources, and helps stop them if they do15Three functions of Access Control AAA process Authentication: assessing the identity of individual claiming to have permission for using resources Supplicant sends credentials to verifier for authentication Authorization: what permissions the authenticated user has What resources he/she can get access to What he/she can do with these resources Auditing: recording what people do in log files Log files can be analyzed in real-time or later for detecting violations to authentication/authorization. Can help detect attacks Credentials for authentication What you know (password, key, etc.) What you have (smart card, physical key, etc.) Who you are (fingerprint, etc.) What you do (pronunciation, writing, etc.)616Managing Access Control: Steps1) Enumeration of (sensitive) resources E.g. HR databases, servers with trade secrets2) Determination of sensitivity level for each resource E.g. mission-critical vs. non mission-critical3) Determination of Who should have access? Role-Based Access Control (RBAC): Determine the roles (or categories) of users. Example: IT employees, HR employees, Salesmen, etc. List-Based Access Control (LBAC): System administrator could in some case create lists of employees (not based on roles) for general-purpose resources17Managing Access Control: Steps (cont.)4) Determination of What access rights should users have? For each Role-Resource and/or List-Resource:SeeBrowse/ReadRead/ModifyDelete……Full ControlAllow Deny5) Develop Access Control policies Printers availability: M-F, 6:00 AM-8:00 PM Server computers: only administrators and server operators can use them for logging in Remote Access servers: Callback feature must be enabled Password policy: minimum 8-character long, level of complexity, expiration, …. Fair-use policy18Managing Access Control: Steps (cont.)6) Implementing Policies/Access Control Use OS and other tools to configure access control Mandatory Access Control: Administrator’s settings apply Discretionary Access Control: owner of resource could share & set access rightsPerform penetration tests to test access control effectiveness Perform security audits to test policies effectiveness Audit by internal employees Audit by security firm7Password-Based Access Control2021Types of account/password Super account User can take any action on any resource Called Administrator (Windows), Supervisor (Netware), root (UNIX) Hacking the super account = ultimate prize for attackers Regular account Limited access based on setting by the admin Could gain super account status by elevating the privileges.822Reusable Password Used to repeatedly to get access to a resource on multiple occasions Bad because attacker can have time to crack it Difficult to crack by remote guessing Usually cut off after a few attempts However, if intruder steals the password file, he/she can crack