550 likes | 922 Views
MODULE 2. Protection Of Information Assets. Samir Shah CA, CISA, DISA, CIA, CISSP, CFE Director – Eduassure Knowledge Solutions. 2 Logical Access Controls.
E N D
MODULE 2 Protection Of Information Assets Samir Shah CA, CISA, DISA, CIA, CISSP, CFE Director – Eduassure Knowledge Solutions
2 Logical Access Controls Information on a system that is accessed by many users has the associated risk of unauthorized access. Therefore, a significant concern is to ensure that users have access to information they need but do not have inappropriate access to data that may be sensitive and not required by them. It is also important to ensure that certain items, though readable by many users, are changed only by a few. Logical access controls are a means of addressing these concerns. These are protection mechanisms that limit users' access to data to what is appropriate for them. Such controls are often built into the operating system, or form part of the "logic" of applications programs or major utilities, such as Database Management Systems. They may also be implemented in add-on security packages that are installed into the operating system.
Objectives of Logical Access Controls Logical access controls are the means of information security. Their purpose is to restrict access to information assets / resources. They are expected to provide access to information resources on a need to know and need to have basis using the principle of least privileges. It means that access should not be so restrictive that it makes the performance of business functions difficult but, at the same time, it should not be so liberal that it is misused. The data, an information asset, can be Resident on a machine (for use by an application) Stored in some medium (Back up) Or it may be in transit. (being transferred from one location to another) Logical access controls is all about protection of these assets wherever they reside.
Paths of Logical Access Access to an information resource on a network is possible through one of following: • A machine connected to the network • A terminal • A client machine • An administrator console • A network device that is part of the network and with a free port to which a personal computer can be attached • Hub • Switch • Bridge • L3 Switch • Router • Dialup device connected to network • A computer with a modem (This is useful only if the network to which logical access is required also responds to modem calls) • A machine having access to the network through wireless mode • Each of these routes has to be subjected to appropriate means of security in order to secure it from possible logical access exposures.
Logical Access Exposures Masquerade
Logical Access Exposures Piggybacking
Logical Access Exposures Wire Tapping
Logical Access Exposures Denial of Service
Logical Access Exposures Malicious Code
Logical Access Controls Security policy is a framework within which an organization establishes needed levels of information security to achieve the desired confidentiality goals. Access control policy is a part of security policy and must address the following: User access management User registration Privilege management User password management Review of user access rights User responsibilities Password use Unattended user equipment Network access control Policy on use of network services Enforced path Segregation of networks Network connection and routing control Security of network services
Logical Access Controls Operating system access control • Automated terminal identification • Terminal log procedures • User identification and authentication • Password management system • Use of system utility • Duress alarm to safeguard users • Terminal time-out • Limitation of connection time Application and monitoring system access control • Information access restriction • Sensitive system isolation • Event logging • Monitor system use • Clock synchronization
Identification, Authentication and Authorization Identification Techniques Authentication is the process of verifying that the identity claimed by the user is valid. Users are authenticated by using any one of the three personal authentication techniques. Authentication Techniques Passwords Personal Identification Numbers (PINs) Identification card Weakness of Logon Mechanism Passwords are easily shared. Users often advertently or inadvertently reveal passwords If a password is too short or too easy, it can be guessed easily If a password is too long or too complex, the user may forget or may write it down. If many applications are to be accessed by one user, many passwords have to be remembered. Passwords can be shared, guessed, spoofed or captured.
Recommended practices for strong passwords The user should not share his password. The password should be easy for the user to remember but hard for the perpetrator to guess. On the creation of a new user, the first password is allotted by the security administrator and a change of password is forced on the first login. Users should be encouraged or forced to change passwords periodically. Concurrent logins by the same user should not be permitted. Passwords should not be too short and should not be the name user pet name of a user, or common words found in a dictionary. Password combination should be random and use alphabetic, numeric and special characters (such as “!”, “#” , “^”, etc.). The number of wrong login tries should be restricted to three, after which the system should lockout the user. Further access can be granted only through the intervention of the security administrator. The logon ids active in the system should not exceed the number of users actually authorized to access systems resources. Passwords should be stored in an encrypted form using one-way encryption. In case the user remains inactive at a terminal, for a length of time (say 20 minutes), the terminal should lock out the user and require the user to login again
Attacks on logon/password systems Brute force Dictionary attack Trojan Spoofing attacks Piggybacking
Token Based Authentication Plastic Cards Memory Token (ID & static data) Smart Token (Small processor chip) ii. Proximity Readers iii. Single Sign-on
Biometric Security • Compared to log on and token based authentication, Biometrics offers a very high level of authentication based on “what the user is”. • Some biometric characteristics are: • Fingerprints • Facial Scans • Hand Geometry • Signatures • Voice • Keystroke Dynamics • Iris Scanners • Retina Scanners • Due to the complexity of data, biometrics can cause two kinds of errors: • False Rejection Rate (FRR) which is wrongfully rejecting a rightful user • False Acceptance Rate (FAR) which involves an unauthorized user being wrongfully authenticated as a right user • An overall metric used is the Crossover Error Rate (CER), which is the point at which FRR equals FAR.
Authorization Techniques –Operating Systems General operating systems access control functions include: • Authentication of the user • User Management • Restrict Logon IDs to specific workstations and / or specific times • Manage account policies o Password Policy o Account Lockout Policy • Manage audit policy • Log events • Report capabilities Pluggable Authentication Modules This flexibility allows administrators to do the following: Select any authentication service on the system for an application Use multiple authentication mechanisms for a given service Add new authentication service modules without modifying existing applications Use a previously entered password for authentication with multiple modules Use a general authentication scheme independent of the authentication mechanism
Access Control Lists (ACL) An access control list is a table that tells the computer operating system which access rights each user has to a particular system object, such as a directory/folder or an individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with his access privileges
Few examples of Logical Access Control Activity User accounts are appropriately controlled Process & Services are Adequately controlled Access to sensitive system resources is restricted & monitored Appropriate & adequate media controls are to be implemented Effective use of Cryptographic controls
Database Controls The current trends in application software design include the frequent use of a Database Management System (DBMS) to actually handle data manipulation inside its tables, rather than let it be done by the Operating System (OS) software itself in flat files. The DBMS acts as a layer between the application software and the OS. database Example
Threats & Objectives of Database Controls Threats to Databases are: • Loss of confidentiality • Loss of integrity • Loss of availability Objectives of Database Controls • Different degrees of granularity of access • Different access modes • Different types of access controls: iv. Dynamic authorization v. Multilevel protection vi. Covert channels vii. Inference controls viii. Polyinstantiation ix. Auditing x. Flow controls xi. No back doors xii. Reasonable performance
Database Roles and Permissions A user or program may have the right to read, change, delete, or append to a value, add or delete entire fields or records, or reorganize the entire database. Privileges Roles Protection is done at the level of tables. There are five access modes: Read: to read tables from a table. A user with read access may also define views on the table. Insert: to add tables to a table. Delete: to delete tables from a table. Update: to modify existing tables in a table. This privilege may be restricted to certain columns of a table. Drop: to delete an entire table. Administration of authority: the creator of a table has all privileges on the table and can grant rights to others and revoke rights
Views and Stored Procedures Views While privileges allow control of the operations that a user can perform on database objects (such as tables), views enable further data access limitations. A view is a content or context-dependent subset of one or more tables (or views). A view might be created to allow a sales manager to view only the information in a customer table that is relevant to customers in their own territory Stored Procedures A stored procedure is a function / subroutine (group of SQL statements) that form a logical unit and performs a particular task. It is available to applications accessing a database system and is actually stored in the database. Database Server compiles each stored procedure once and then reutilizes the execution plan which results in tremendous performance boosts. Stored procedures reduce the long SQL queries to a single line that is transmitted over the wire and, therefore, reduce the network traffic tremendously
Triggers • Triggers are designed to be automatically “fired” when a specific actions/event takes place within a database. • For example, a trigger is fired when an order entry in the “Sales Order” table will automatically create a corresponding row in the Invoice table. Triggers can also be used to perform complex data validation. From the security standpoint, triggers can be used in the following ways: - • To perform detailed Auditing (Audit Trail) - When a change is made in the “Employee Salary” table, a trigger may notify a high-level manager, or it may write a row logging this action to another table.
Application Software Controls in a Database The integrity of a DBMS system depends in part on the controls implemented in the application programs that provide the interface to the user to perform a job process activity with a sequence of commands and update parameters that are passed with respect to certain considerations or actions. Hence to deal with the controls that affect the data integrity are: i. Update Protocols: Sequence check order of transaction and master files. Ensure that all records on files are processed. Process multiple transactions for a single record in the correct order. Maintain a suspense account. ii. Report Protocols Print control data for internal table (standing data..) Print run-to-run control totals. Print suspense account entries
File Handling Controls To prevent accidental destruction of data contained on a storage medium controls are implemented by using hardware, software, and also manual methods. These are: • Internal Label: To identify a table, file or a database by the application program access. • Generation Number: Version of the backup. • Retention Date: Prevent overwriting of a table, file or a database. • Control Totals: Check sum to ensure correct file or record being accessed. • Read only switches: These are plastic tabs on devices which slide to open or close a reading hole. • External labels: Labels on the storage devices that assist users by providing information about database name, creation, transaction file, back up info, etc.
Audit Trail An Audit Trail enables the reconstruction and examination of the sequence of events leading to a transaction, from its inception to its final results or from output to the initial trigger to the events resulting in the transactions. Audit trails maintain a record of- Computer systems and users. Security violations and segregation of duties. Events at various levels, operating systems, network component, application and database. Events logged at the OS and Network component level. Events logged at application level-Application level log.
Audit Trail Cont.. Accounting Audit Trail: chronology of events that occur in the database Implosion operation: data can be traced from its source to the items it affects. Explosion operation: the sequence of events that have occurred in a data item can be reconstructed. Operational audit trail: Maintains the chronology of resource consumption events Administrators use the operation audit trail to determine when the database needs to be reorganized to improve their efficiency.
Existence Controls (Recovery) The cause of destruction or damage to a database can be one of the following: • Application program error • System software error • Hardware failure • Procedural error • Environmental failure In the event of loss by backup and recovery strategies. i. Backup strategies: Options for how a database is backed up and restored are: • A transaction log backup copies only the transaction log. • Differential backup copies only the database pages modified after the last full database backup. • (A file or file-group restore) allows the recovery of just the portion of a database that was on the failed disk. • A full database backup is a full copy of the database.
Recovery Strategies ii. Recovery Strategies • Roll-forward operation: in which the current state of the database is recovered from a previous version. • Roll-back operation: in which a previous state of the database is recovered from the current one.
Existence Control Strategies (Backup and Recovery) Grandfather, Father, Son Strategy (GFS) The GFS tape rotation strategy is based on a 7-day schedule (Sunday through Saturday), in which you create at least one full backup each week. The rest of that week's backups can be full or differential. Regardless of the number of full backups you create during the week, the LAST full backup of the week is considered the WEEKLY backup. the DAILY backup is the son and the FULL WEEKLY backup is the father. The last full backup of each month is considered the MONTHLY backup. In GFS terminology, it is the grandfather. The MONTHLY backup is always permanent--it cannot be reused.
Existence Control Strategies (Backup and Recovery) ii. Dual recording/mirroring strategy
Existence Control Strategies (Backup and Recovery) iii. Separate logging of successful and unsuccessful input transactions
Existence Control Strategies (Backup and Recovery) iv. Differential file strategy for backup and recovery
Audit of Logical Access mechanisms The auditor should conduct tests for: User account management and password management: Logon and passwords are the most commonly used mechanisms to secure logical access to information resources Privileged logons and special user accounts: provide higher level of access to systems resources. Hence, they require a higher level of access security and management Access to file directories (OS) and application logic (Code) and system instruction sets (stored procedures) Bypass Security Procedures: There may be various situations in the routine course of operations where security features are bypassed for operational and functional convenience during certain controlled operations, For instance, privileged logons may be provided to systems engineers to meet emergency situations