Security Mechanisms

1
Security Mechanisms

• University of Sunderland
• CSEM02
• Harry R. Erwin, PhD

2
Resources

• The Common Criteria
• The Orange Book
• CCTool
• See the Multics paper.

3
Basic Rules of Security

• Concentrate valuable assets
• Defense in depth
• Coordinate all aspects of security
• Software
• Hardware
• Physical
• Procedural
• We will examine software security mechanisms
  first and then survey the other areas.

4
Definition

• A security mechanism is a hardware or software
  component, system, or product that supports one
  or more security objectives.
• Another term that might be applied is a security
  service.
• The function of a security mechanism is to
  detect, prevent, or recover from a security
  attack (William Stallings).

5
Typical Security Mechanisms

• Identification and Authentication
• Access Control
• Audit
• Firewalls
• Intrusion Detection
• Cryptography and Public Key Infrastructure (PKI)
• Virus Protection
• Object Reuse/Media Sanitizing
• Electronic Signatures

6
Identification and Authentication

• Identifies someone to the system.
• At least one of the following must be supplied
• Something known (user name and password)
• Something owned (password token)
• Some physical characteristic (fingerprint,
  retinal scan, voice scan)
• Authentication is weak if only one is supplied.
• Two required for strong authentication.

7
Access Control

• Based on what the user is authorized to do.
• Discretionary access control (DAC) is where the
  document owner controls who has access to it.
  This is designed for benign environments.
• Mandatory access control (MAC) defines a
  security level for documents and resources. A
  potential user or process has to have that level.
• Commercial organizations may go furthertime of
  day, location, task being performed.
• Should be enforced by operating system kernel.

8
Audit

• Tracks who did what and when.
• Done right, can stand up in court as evidence.
• Usually must be turned on (selectively).
• May result in large audit files.
• Audit trails are extremely interesting to
  hackersshow what can and cannot be seen.

9
Firewalls

• Control access to protected assets.
• Workstation firewalls are the minimum.
• Bridge/router/switch firewalls should
• Control access to TCP/IP ports selectively.
• Track outgoing as well as incoming packets.
• Monitor packet contents if possible.
• SOAP bypasses corporate firewalls. (M)

10
Intrusion Detection

• Must be based on documented policies for use of
  the system. Uses expertise.
• Can detect evidence of
• Break-ins
• Remote exploitation
• Application-level exploitation
• Generates log files of great interest to hackers.
• Does not detect one-time events

11
Cryptography and Public Key Infrastructure (PKI)

• May support virtual private networks (VPNs) and
  closed user groups (CUGs) where information is
  sent using encrypted tunneling. Usually
  peer-to-peer.
• May support strong authentication.
• ssh, sftp, ssl, Kerberos, PGP, etc.
• Functional infrastructure required is extensive.
  Distribution of keys is extremely
  manpower-intensive and expensive.
• PKI allows the distribution of keys in-band
  (over the network).

12
Virus Protection

• Viruses (and other malware) are the most serious
  vulnerability of modern computer systems. They
  are usually malicious.
• Many websites upload malware when you visit
  them. Consider using adaware to detect these
  programs.
• Virus protection depends on
• Careful procedures for dealing with untrusted
  programs and data.
• Programs to detect the signatures of viruses
  that manage to penetrate the installation
  procedures.

13
Object Reuse/Media Sanitizing

• The random bits in memory or on the disk contain
  information. Most operating systems do not zero
  these bits when they reallocate resources.
• A secure operating system zeros memory and other
  resources before allocating them (and often when
  the resources are released).

14
Electronic Signatures

• Provide
• Authentication
• Data integrity
• Non-repudiation
• The same legal status as a hand-written signature
  (Electronic Communications Act 2000)

15
Rules for Writing Secure Software

• Least privilegelimit access rights to those
  necessary for the function
• Economykeep the design simple
• Complete mediationcheck all accesses for
  authorization
• Open designdont hide your code!
• Separation of privilegeno single key for access
• Least common mechanismisolate users
• Psychological acceptabilitymake security easy to
  use

16
Non-Software Security Mechanisms

• Physical Security
• Environmental Security
• Personnel Security
• Training and Security Awareness
• Guidance and Policy Documentation
• Configuration Management
• (based on Qinetiq recommendations, Spafford et
  al., 2003, are similar)

17
Physical Security

• To deny unauthorized access
• Perimeter defense
• Building security
• Inner protection of the office and server rooms
• Workstation protection

18
Perimeter defense

• Defined security perimeter
• Controlled access points
• Pass system and visitor control
• Guards during quiet hours

19
Office Security

• Office layout and design
• Anonymity
• Location of support services
• Inventory sensitive assets

20
Workstation Security

• Control unauthorized access
• Removable media
• Peripherals protected
• Regular inspections to verify user configuration
  modification has not subverted security.

21
Environmental Security

• Natural disasters
• Fire
• Flood
• Storm
• Earthquake
• Utilities
• Communications
• Hardware failure

22
Personnel Security

• To ensure you can trust people with access to
  sensitive information and other assets. Tasks
  include
• Establishing identity
• Verification of details
• Credit checks
• Maintenance of records

23
Training and Security Awareness

• Important vulnerabilities are to
• Social engineering and
• Non-malicious actions by insiders
• To mitigate these vulnerabilities, the most
  effective approach is a training program.
• Trust your people, but
• Make sure they understand these vulnerabilities
  and what they should do to mitigate them.

24
Guidance and Policy Documentation

• Provide
• Administrator guidance documentation
• User guidance documentation
• Defined security policies
• Defined security procedures

25
Configuration Management

• It is difficult to secure a system whose
  configuration is not defined and managed.
• User software and hardware modifications to
  workstations may occur. (e.g., personal modems)
• Security may not be enabled.
• Security may not be managed and configured.
• Threats may not be addressed in a timely fashion.
• Keep track of your configuration!

26
Conclusions

• General Principles of Security
• Concentrate valuable assets
• Defense in depth
• Coordinate all aspects of security
• Software
• Hardware
• Physical
• Procedural