Download Access Control

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
Document related concepts

Distributed firewall wikipedia , lookup

Computer security wikipedia , lookup

SIP extensions for the IP Multimedia Subsystem wikipedia , lookup

Lag wikipedia , lookup

TV Everywhere wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Wireless security wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Authentication wikipedia , lookup

Transcript 
Security fundamentals
Topic 3
Using access control and
authentication
Agenda
•
•
•
•
•
AAA
Basic access control methods
Access control models
Authentication methods and techniques
Authentication and access control guidelines
AAA - Authentication, Authorisation
(Access Control) and Accounting
• Authentication is the process of identifying a user or
process by examining credentials to verify identity
• Authorisation is the process of granting a user access
to a protected resource
• Accounting is the tracking of access and use of
network resources by users
• Access Control combines authentication with
authorisation
Access Control methods
• The point of using Access Control is to
differentiate and control the abilities of users
and processes
Password based Access Control
• A password on the resource – user does not establish identity
• Anyone who knows the password can access the resource
• PBAC is considered a weak security measure because:
– No accountability for access to resources as users cannot be
monitored
– High risk that the shared password will be compromised and given to
an unauthorised user
– Difficult to distribute a new shared password to legitimate users
securely
– Each resource may require a separate password which makes it
difficult for users to remember and encourages them to write down
passwords
User based Access Control
• Firstly: Authenticates the user
• Secondly: Authorises access to resources
based on the user’s identity
– Provides accountability as the actions of specific users can
be monitored
– A single password allows access to multiple resources
– Password reset and distribution is simpler to manage
Access Control models
• Discretionary Access Control (DAC)
– The owner of the object manages access control,
eg a user can choose to share a folder with others
• Mandatory Access Control (MAC)
– Access to the object is based on sensitivity label and
authorisation is granted based on security clearance
for the level of data as defined by label
• Role-Based Access Control (RBAC)
– Access is based on the role of the user in the
organisation, eg HR manager or Sales Dept staff
Discretionary Access Control
• The owner of the resource controls access to the resource
• An ACL lists the users that have been allowed or denied access to
the resource and lists the type of access they have been granted
• Risks of the DAC Model:
– Assumes that owners have the knowledge and skills to secure
resources: Owners might not enforce strong security
– A lack of centralised administration may lead to:
• Software executed or updated by unauthorised personnel
• Confidential information compromised
• Auditing file access may be difficult
• Windows NTFS file systems use DAC
Mandatory Access Control
• Classify all users and resources and assign a security label to each
classification
• Information is placed into categories depending on the sensitivity
• Access requests are denied if the requestor’s security label is not
higher or does not match the security label
• Major classification levels:
– Top secret
– Confidential
– Unclassified
• Implicit trust with higher classifications
– Top secret clearance allows access to lower levels such as confidential and
unclassified
• Used by military and government
• Feasible if security levels are clearly defined and are centrally
administered
MAC Example
Unclassified
Confidential
Top Secret
Data
Data
Data
Role-based Access Control
• Information is placed into categories depending on the content
• Users and processes are granted access based on their role in the
organisation
• Can specify and enforce enterprise specific security policies that
map to organisation structure
• Each user or group is assigned one or more roles
• Each role is assigned one or more privileges
• RBAC requires a list of roles with mappings from role to user or user
group
• Windows can use multiple models:
– RBAC element: add users to global groups, assign permission to resources to
domain local groups and place global groups into domain local groups
– DAC element: Owner can still grant access to resources
RBAC Example
Manager
Accounting
Budget Data
Sales
Authentication methods
Establishing identity
• Usernames and passwords
– Windows, Linux and most Operating Systems
– OS asks for username and password and validates it
against database
• Passwords are stored as a hash in database. When a user
presents their password it is hashed and the hashes are
compared. Hashes are irreversible
– Assumes only the user knows the password
Password weaknesses
There are many weaknesses when using passwords
for authentication:
• If authentication is performed locally a running process could
intercept username and password
• If authentication is performed remotely on a central server
the network traffic can be intercepted and the password
compromised
• A user could be observed typing a password or may write
down their password
• Password based authentication cannot determine whether
the user is legitimate or impostor – it only verifies that the
password is known
Password security guidelines
• Easy to remember and difficult to guess
• Long passwords: long enough to protect from brute force
attack
• Complex passwords: increase the potential character set from
26 to 72 by including uppercase, lowercase, symbols and
numbers
• Difficult to guess passwords: not names, pets, common
words or phone numbers to avoid dictionary attack
• Passwords are frequently changed: reduces the time in which
a password can be broken and reduces the time that a
compromised password can be used
• Passwords are not written down: best secured password is
very long and randomly generated
• Passphrase: long passwords with spaces – perhaps a sentence
or the line of a song or poem
Biometrics
• Identifying a person based on a physical characteristic
• Comparing a sample against a captured biometric sample
• Two processes involved:
– Enrolment: storing a user’s biometric identity to be used to verify the user at
authentication
– Verification: a sensor captures a biometric feature and transmits it to
authenticating server which compares it to the sample captured at enrolment
• Weaknesses:
– Performance and reliability: possibility of false rejection and false acceptance
– Difficulty: in collecting the samples
– User capability: user impairment may prevent from using the biometric
scanner – they will require alternative authentication method
– Acceptance: users may consider the method too invasive
– Cost: can be costly to implement
– Availability: may not be available from all locations (eg remotely)
– There are known attack methods against biometric authentication
Tokens
• A token is a device issued to a user for authentication (eg A smart card)
• Challenge Response:
– Send username to authentication server
– Server sends back a challenge: randomly created data used only once
– Challenge is encrypted with a secret known to user or derived from token and
sent to server
– Server performs the same encryption with the secret and compares the
results
– If match, then secrets are the same and authenticated
• Secrets (passwords) do not travel over the network
• Tokens offer reliable security, are difficult to duplicate and tamper
resistant
• Costly and difficult to deploy in an enterprise (may require token readers)
• Tokens can be used to provide a one time password
• Smart cards can store certificates and passwords
Multifactor authentication
•
•
•
•
Multiple authentication methods
Something you know, eg a password
Something you have, eg a token or smart card
Something you are, eg biometrics
• Multifactor authentication can significantly
increase security
• Can be difficult and expensive to implement
Kerberos authentication
• Network authentication protocol that provides
strong authentication for client/server
applications
• Single sign-on to heterogeneous environments
• Scalable to large environments
• Mutual authentication
• Encrypted communications
Kerberos process
• User logs on to computer
• Logon process sends authentication request to
Kerberos server
• Server sends encrypted credentials for the user to
the local computer
• Local computer tries to decrypt credentials using
user supplied password
• If correct user is validated and given a ticket to
verify identity, access to specific resources and
cipher keys to encrypt data sessions
Kerberos definitions
• Realm: Organisational authentication boundary – domain.
Each realm has at least one KDC Key Distribution Center
(domain controller) which consists of at least 1
Authentication Server (AS) and 1 Ticket Granting Server
(TGS)
• Principal: Any unique identity which can have a ticket
issued such as users and computer accounts
• Authenticators: A series of bits inserted into a message and
used for validation – can only be used once
• Ticket: A block of data that proves the identity of a
principal. Each ticket is stored in a ticket cache locally and
time stamped. Tickets expire, are refreshed or reissued
after a given time (10 hours)
Kerberos definitions
• Ticket cache: Stores all of the users tickets and can be used
by applications to prove authentication allowing a user to
authenticate only once
• Ticket Granting Ticket (TGT): A ticket granted at
authentication and used to obtain other tickets specific to a
particular service. Each service requires it’s own ticket
• Authentication Server (AS): Clients register with the AS.
The AS gives each client a TGT that verifies identity
• Ticket Granting Server (TGS): Clients contact the TGS and
use a TGT to request a session ticket for access to a
particular service
Kerberos definitions
• Cross realm authentication: The capability of
users in 1 realm to be authenticated and
access services in another realm. User’s realm
registers with Remote TGS on the realm of the
service
• Remote TGS: Grants session tickets to users
for a remote realm. The TGS of the users
realm registers with the TGS of the remote
realm (where the service is)
Kerberos authentication processes
• Basic Kerberos authentication process analogy
• Kerberos authentication in the same realm
• Kerberos authentication in a different realm
Kerberos caveats
• Centralised Kerberos KDC creates a single point of
failure
• Compromise of KDC results in compromise all
user’s secret keys
• Compromise of client will compromise user’s
password
• Kerberos requires the time settings on all
computers in the realm to be synchronised as
tickets expire after a certain amount of time
• Tickets usually out by more than 10 minutes (by
default) will not be authorised
Mutual authentication
• Both the client and the server authenticate to
each other
• Assures the server that the client is who they
claim to be
• Assures the client that the server is legitimate
and not a spoofed rogue server
Certificates
• Kerberos uses certificates to identify users and
computers
• A certificate is a block of data containing
information for identification
• Trust in a 3rd party to issue certificates to verified
users
• A Certification Authority (CA) issues a certificate
to verify identity
• Encryption and signing ensure that certificates
cannot be altered after they are issued
Microsoft® Challenge Handshake
Authentication Protocol (CHAP)
• Used to authenticate a remote client to a network server (PPP
connection on routers)
• 3-way handshake that does not send the password
– Network access server sends a challenge (session ID and random string) to
remote client
– Remote client uses a MD5 hash function to create a fixed length string based
on username, password, session ID and the challenge random string and
sends to server
– Server performs same MD5 hash function and compares the result to the hash
sent by the remote client – if match then client is authenticated
• The use of a random string protects from replay attack
• Challenges are repeated at unpredictable intervals which
protects from impersonation
• Windows uses MS-CHAPv2 (Microsoft Vista® does not support
for MS-CHAPv1)
Principle of least privilege
• A user should only have the minimum
privileges required to perform assigned job
functions
• Administrators should use standard privileges
if they are performing tasks which do not
require admin permissions
– Prevent accidental damage
– Prevent exposure to malware
Using alternative credentials
• Good practise to log on to systems with a
standard user account
• Use the Run as command or su to promote to
admin privileges for a specific task
• This avoids the insecure practise of using a
privileged account for running all programs
Lesson summary
• AAA
• Access Control
– PBAC and UBAC
– DAC, MAC, RBAC
• Authentication
– Passwords, Biometrics, Tokens, Multifactor
– Kerberos, CHAP
• Guidelines and practises
Related documents
(journal3.pdf)
(journal3.pdf)
Security
Security
Computer Security
Computer Security
security leaflet
security leaflet
Accounts and Authentication
Accounts and Authentication
Delivery Partner Guide - Homes and Communities Agency
Delivery Partner Guide - Homes and Communities Agency
Network Device Security Options
Network Device Security Options
PPT - CS
PPT - CS
Factors Driving the Need for Network Identity
Factors Driving the Need for Network Identity
Document
Document