Personnel Controls

Identity Theft

Supervisory Structure

Phishing

Administrative

Spoofing at logon
Wardialing

Threats

Security-Awareness Training
Testing

Network Segregation

Brute force attacks

Perimeter Security

Dictionary Attack

Computer Controls
Physical

Work Area Separation

Cabling
Control Zone

Pattern Matching
Requires continual update

System Access

Signature Based

Pattern & Stateful

Can detect new attacks

Technical or Logical
Anomaly Based

Statistical, Protocol and Traffic

Intrusion Detection Systems

Cannot detect new attacks

Network Access
Encryption and Protocols
Auditing

Uses an Expert System

NIC in promiscuous mode

Network Architecture

Controls

Deterrent - Intended to discourage

Rule Based

Preventative - prevent harmful occurrence

Network-Based - NIDS

Corrective - restore after harmful occurrence

Host-Based - HIDS

Recovery - Intended to bring controls back

Detective - detect after harmful occurrence
Compensating - Controls that provide for an alternative
Directive - Mandatory controls,
regulations or environment

False Rejection Rate - FRR = Type I error

False Acceptance Rate - FAR = Type II error
Crossover Error Rate - CER = % when FRR = FAR
Privacy, Physical, Psychological

Acceptance

Time to authenticate is the main factor

1 Something you know (password)

Fingerprints

2 Something you have (token)

Retina Scans
Iris Scans

Biometrics

3 Something you are (biometric)

Access Controls

Static

Mike Smith

Facial Scans

Passwords

26/04/10 - Rev.27

Palm Scans

Dynamic
Static Password

Three Factor Authentication

Hand Geometry

Owner authenticates to token

Token authenticates to system

Signature Dynamics
Tokens
Smartcards

Keyboard Dynamics
Hand Topology

Dynamic Password
Synchronous
Asynchronous
Side-channel attacks

System-level events
Application-level events

Accountability

DAC - Data owners decide who has

access to resources and ACLs are used
to enforce security policy

User-level events

Access Control Models

Symmetric Key Encryption

MAC - Operating systems enforce the

system's security policy through the use of
security or sensitivity labels
RBAC - Access decisions are based on role

KDC - Kerberos-trusted Key Distribution Center

Lattice based - provides least access

privileges of the access pair - Greatest
lower bound and Lowest upper bound

TGS - Ticket Granting Service

AS - Authentication Server
KDC knows secret keys of client and server
KDC exchanges info with the client and
server using symmetric keys
Using TGS grants temporary symmetric key

Kerberos

Client and server use temporary session key

RADIUS - incorporates an AS and

dynamic password

SSO

Replay is possible with time frame

TGS and Auth server are vulnerable as they know all
Initial exchange passed on password authentication

Centralized
Weaknesses

Access Control

Keys are vulnerable

TACACS+ - supports tokens

CHAP - supports encryption

Needham-Schroeder Protocol
Supports MD5 and CRC32 Hashing

TACACS - Terminal Access Controller

Access Control System - for network
applications - static password

Operate and maintain

SESAME

Monitor and evaluate