Lecture 8 - Protection Mechanisms
Lecture 8 - Protection Mechanisms
Lecture 8 - Protection Mechanisms
Protection Mechanisms
Security Technology
Security Controls
Objectives
• Explain Defense-in-Depth and understand its purpose
• Describe NSA’s Information Assurance model
• Understand the types and categories of different security controls
• Describe Identity Access Managements systems (IAMs) and their
purpose
• Know the difference between discretionary and nondiscretionary
access controls
• Explain the difference between identification, authentication,
authorization and accountability
• List and describe a subset of technical and physical controls that can
be used for the protection of information assets
• Know the difference between symmetric and asymmetric encryption
Introduction
Access control:
method by which systems specify who may use a resource and how
they use it.
• When combined create a unique identity that distinguish the object from others,
often referred to as subject attributes.
• Becoming more popular than role based access control
Access Control
1 Identification
2 Authentication
3 Authorisation
AA Accountability
Access Control - Identification
Identification: mechanism whereby an unverified entity that seeks
access to a resource proposes a label by which they are known to the
system
Authentication factors
Something a supplicant knows
Password: a private word or combination of characters that
only the user should know
Passphrase: a series of characters, typically longer than a
password, from which a virtual password is derived
• Becoming more popular
Access Control - Authentication (1)
Authentication factors (cont’d.)
• Something a supplicant has
Smart card: contains a computer chip that can verify and
validate information
Synchronous tokens
Asynchronous tokens
• Something a supplicant is
Relies upon individual characteristics
Strong authentication
Access Control – Multi-factor Authentication (2)
Permanenc
Biometrics Universality Uniqueness Collectability Performance Acceptability Circumvention
e
Face H L M H L H L
Facial
H H L H M H H
Thermogram
Fingerprint M H H M H M H
Hand
M M M H M M M
Geometry
Hand Vein M M M M M M H
Eye: Iris H H H M H H H
Low L
Medium M
High H
Biometric effectiveness and acceptance
Universalit
Biometrics Uniqueness Permanence Collectability Performance Acceptability Circumvention
y
Eye: Retina H H M L H L H
DNA H H H L H L L
Voice M L L M L H L
Signature L L L H L H L
Keystroke L L L M L M M
Gait M L L H L H M
Low L
Medium M
High H
Technical Controls
Firewalls
Firewalls
May be:
Separate computer system
Software service running on existing router or server
Separate network containing supporting devices
Firewalls
packet filtering
application layer proxy
MAC layer firewalls (stateful)
hybrids
Firewalls Processing Modes (2)
• Packet filtering firewalls - examine header information of data
packets
• Application gateway firewalls - frequently installed on a
dedicated computer, separate from the filtering router; also
known as a proxy server. Commonly used in combination with
packet filtering
• MAC layer firewalls - designed to operate at the media access
control layer of OSI network model
• Hybrid firewalls - combine elements of other types of
firewalls, that is, elements of packet filtering and proxy
services, or of packet filtering firewalls
Sample Firewall Rule and Format
Algorithm Encipher
Bit stream cipher Encrypt
Block cipher Key/Cryptovariable
Cipher or cryptosystem Keyspace
Ciphertext/Cryptogram Link encryption
Code Plaintext/Cleartext
Decipher Steganography
Decrypt Work factor
Encryption
Highest value when one key serves as private key and the other
serves as public key
Encryption Key Power
Strength of many
encryption
applications and
cryptosystems are
measured by key
size
Hash Functions
Advantages Disadvantages
• Attackers can be diverted to targets • Legal implications of using such
devices are not well understood
they cannot damage
• Honeypots and padded cells have
• Administrators have time to decide not yet been shown to be
how to respond to an attacker generally useful security
• Attackers’ actions can be easily and technologies
more extensively monitored, and • An expert attacker, once diverted
into a decoy system, may become
records can be used to refine threat angry and launch a more
models and improve system aggressive attack against an
protections organization’s systems
• Honeypots may be effective at • Administrators and security
catching insiders who are snooping managers need a high level of
expertise to use these systems
around a network
Honeypots
Technical Controls
Intrusion Detection and
Prevention
Objectives
Source: https://countuponsecurity.com/tag/kill-chain/.
Intrusion detection and prevention systems
• Wireless NIDPS
– Monitors and analyzes wireless network traffic
– Issues associated with it include physical security,
sensor range, access point and wireless switch
locations, wired network connections, cost and
wireless switch locations
• Network behavior analysis systems
– Identify problems related to the flow of traffic
Functions of NIDPS
– Can detect local events on host systems and detect attacks that
may elude a network-based IDPS
– Functions on host system, where encrypted traffic will have been
decrypted and is available for processing
– Not affected by use of switched network protocols
– Can detect inconsistencies in how applications and systems
programs were used by examining records stored in audit logs
Disadvantages of HIDPS
• IDPS deployment
– Great care must be taken when deciding where to locate
components.
– Planners must select a deployment strategy that is based
on a careful analysis of the organization’s information
security requirements and causes minimal impact.
– NIDPS and HIDPS can be used in tandem to cover the
individual systems that connect to an organization’s
network and the networks themselves.
Deployment and Implementation IDPS
IDPS
• Describe what intrusion detection systems are and
why we need them
• Know the difference between network-based and host-
based IDPS systems
• Know the difference between a signature based and
anomaly based IDPS
• Explain how IDPS can be implemented via one of three
basic control strategies