information systems security access controlitgov.cs.ui.ac.id/security/cissp access control...
TRANSCRIPT
University of Indonesia
Magister of Information Technology
Information Systems Security
Access Control
Arrianto Mukti Wibowo, M.Sc.,
Faculty of Computer Science
University of Indonesia
University of Indonesia
Magister of Information Technology
Access Control Systems &
Methodology
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Tujuan domain
• Mempelajari mekanisme dan metode
yang dipergunakan para
administrator/manager untuk mengontrol
apa yang boleh diakses user, termasuk
apa yang boleh dilakukan setelah
otentikasi dan otorisasi, termasuk
pemantauannya.
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Topik bahasan
• Identification,
• authentication,
• authorization,
• access control
models,
• access control
techniques,
• access control
methods,
• access control
administration,
• threats to access
controls
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Who?
University of Indonesia – University of Budi Luhur
Magister of Information Technology
How?
University of Indonesia – University of Budi Luhur
Magister of Information Technology
7
What is access control?
• Access control is the heart of security
• Definitions:
– The ability to allow only authorized users, programs or
processes system or resource access
– The granting or denying, according to a particular security
model, of certain permissions to access a resource
– An entire set of procedures performed by hardware, software
and administrators, to monitor access, identify users requesting
access, record access attempts, and grant or deny access based
on preestablished rules.
University of Indonesia – University of Budi Luhur
Magister of Information Technology
8
How can AC be implemented?
• Administrative controls
– Policies
– Procedures
• Logical controls
– Passwords
• Physical controls
– Electric door
University of Indonesia – University of Budi Luhur
Magister of Information Technology
9
What does AC hope to protect?
• Data - Unauthorized viewing,
modification or copying
• System - Unauthorized use, modification
or denial of service
• It should be noted that nearly every
network operating system (NT, Unix,
Vines, NetWare) is based on a secure
physical infrastructure
University of Indonesia – University of Budi Luhur
Magister of Information Technology
10
Administrative access control
• Awareness training
• Background checks
• Separation of duties
• Split knowledge
• Policies
• Data classification
• Effective user registration
• Termination procedures
• Change control procedures
University of Indonesia – University of Budi Luhur
Magister of Information Technology
11
Physical access control
• Guards
• Locks
• Mantraps
• ID badges
• CCTV, sensors, alarms
• Biometrics
• Fences - the higher the voltage the better
• Card-key and tokens
• Guard dogs
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Man Trap
1. Memeasukkan kartu identifikasi (what you have)
2. Mengetikkan 12 digit angka rahasia (what you know)
3. Komputer secara acak akan memilihkan kata-kata yang harus diucapkan ulang (who you are)
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Typical Access Rights
Read, inquiry or copy only
Write, create, update or delete only
Execute only
A combination of the above
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Mandatory vs Discretionary
Access Control
• Mandatory
– “The system decided how the data will be shared”
– Enforces corporate security policy
– Compares sensitivity of information resources
• Discretionary
– “You decided how you want to protect and share
your data”
– Enforces data-owner-defined sharing of
information resources
University of Indonesia – University of Budi Luhur
Magister of Information Technology
15
Mandatory Access Control
• Assigns sensitivity levels, AKA labels
• Every object is given a sensitivity label & is accessible only
to users who are cleared up to that particular level.
• Only the administrators, not object owners, make change
the object level
• Generally more secure than DAC
• Orange book B-level
• Used in systems where security is critical, i.e., military
• Hard to program for and configure & implement
University of Indonesia – University of Budi Luhur
Magister of Information Technology
16
Mandatory Access Control (Continued)
• Downgrade in performance
• Relies on the system to control access
• Example: If a file is classified as confidential,
MAC will prevent anyone from writing secret
or top secret information into that file.
• All output, i.e., print jobs, floppies, other
magnetic media must have be labeled as to the
sensitivity level
University of Indonesia – University of Budi Luhur
Magister of Information Technology
17
Discretionary Access Control
• Access is restricted based on the authorization
granted to the user
• Orange book C-level
• Prime use to to separate and protect users
from unauthorized data
• Used by Unix, NT, NetWare, Linux, Vines, etc.
• Relies on the object owner to control access
University of Indonesia – University of Budi Luhur
Magister of Information Technology
18
Access control lists (ACL)
• A file used by the access control system to
determine who may access what programs and
files, in what method and at what time
• Different operating systems have different ACL
terms
• Types of access:
– Read/Write/Create/Execute/Modify/Delete/Rename
University of Indonesia – University of Budi Luhur
Magister of Information Technology
19
Standard UNIX file permissions
Permission Allowed action, if
object is a file
Allow action if object is a
directory
R (read) Reads contents of a file List contents of the directory
X (execute) Execute file as a program Search the directory
W (write) Change file contents Add, rename, create files and
subdirectories
University of Indonesia – University of Budi Luhur
Magister of Information Technology
20
Standard NT file permissions
Permission Allowed action, if
object is a file
Allow action if object is a
directory
No access None None
List N/A RX
Read RX RX
Add N/A WX
Add & Read N/A RWX
Change RWXD RWXD
Full Control All All
R- Read X - Execute W - Write D - Delete
University of Indonesia – University of Budi Luhur
Magister of Information Technology
21
Authentication
3 types of authentication:
Something you know - Password, PIN,
mother‟s maiden name, passcode, fraternity
chant
Something you have - ATM card, smart card,
token, key, ID Badge, driver license, passport
Something you are - Fingerprint, voice scan,
iris scan, retina scan, body odor, DNA
University of Indonesia – University of Budi Luhur
Magister of Information Technology
22
Multi-factor authentication
2-factor authentication. To increase the level of
security, many systems will require a user to provide 2
of the 3 types of authentication.
ATM card + PIN
Credit card + signature
PIN + fingerprint
Username + Password (NetWare, Unix, NT default)
3-factor authentication -- For highest security
Username + Password + Fingerprint
Username + Passcode + SecurID token
University of Indonesia – University of Budi Luhur
Magister of Information Technology
23
Problems with passwords
Insecure - Given the choice, people will choose easily
remembered and hence easily guessed passwords such as names
of relatives, pets, phone numbers, birthdays, hobbies, etc.
Easily broken - Programs such as crack, SmartPass, PWDUMP,
NTCrack & l0phtcrack can easily decrypt Unix, NetWare & NT
passwords.
Dictionary attacks are only feasible because users choose easily
guessed passwords!
Inconvenient - In an attempt to improve security, organizations
often issue users with computer-generated passwords that are
difficult, if not impossible to remember
Repudiable - Unlike a written signature, when a transaction is
signed with only a password, there is no real proof as to the
identity of the individual that made the transaction
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Kerugian Password
• Eavesdropper mencuri password saat sedang
diucapkan
• Maling bisa mencuri daftar password di server
• Password mungkin mudah ditebak
• Guna meningkatkan keamanan penggunaan password,
mungkin komputer justru malah meningkatkan
ketidaknyamanan penggunaan komputer. Mis:
komputer yang memilihkan password, harus ganti
password setelah sekian lama
University of Indonesia – University of Budi Luhur
Magister of Information Technology
25
Classic password rules
• The best passwords are those that are both easy to
remember and hard to crack using a dictionary attack.
The best way to create passwords that fulfill both
criteria is to use two small unrelated words or
phonemes, ideally with a special character or number.
Good examples would be hex7goop or -typetin
• Don‟t use:
– common names, DOB, spouse, phone #, etc.
– word found in dictionaries
– password as a password
– systems defaults
University of Indonesia – University of Budi Luhur
Magister of Information Technology
On-Line password guessing &
prevensinya
• Dictionary attack
• Ada komputer yang memaksa pemasukkan password hanya oleh manusia
(bukan program). Manusia relatif tidak cepat.
• Ada maximum retries. Mis: kartu ATM bisa ditelan. Tapi bisa
menyebabkan vandalisme: jika dia punya seluruh username, dia bisa coba
bikin program yang mencoba login ke seluruh username. Setelah 5 kali,
system akan lock!
• Ada cara lain: setiap memasukkan password yang salah akan diproses
secara l a m b a t s e k a l I .. .. .. !
• Bisa mendeteksi: last successful & unsucessfull login dari mana dan
kapan
• Ada yang memaksa user menggunakan password yang dibuat oleh
komputer: user tak senang mengingatnya… sehingga user menulisnya di
kertas! Mis: geocities
• Suka pakai kombinasi @$*%$ angka huruf BESAR
• Ada juga yang memaksa ganti password setelah sekian lama
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Off-line Password Guessing
• Menebak password melalui hashnya,
karena hash dari password yang umum
pasti sama
• Backup dari disk yang ada di server juga
harus dienkripsi
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Password distribution
• User datang ke administrator. Kalo ada orang
menyamar?
• Pakai KTP/SIM/KTM yang ada fotonya
• User di depan terminal khusus memilih passwordnya.
• Atau user diberi password yang dipakai untuk login
pertama kali, habis itu dipaksa mengganti password.
Disebut pre-expired password
• Cara yang tidak tepat: passwordnya adalah NPM, dan
memberitahu dengan cara broadcast (misalnya posting
di papan pengumuman).
• Kalau di bank, kita akan dikirimi surat yang isinya PIN
kita. Pendapat anda?
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Authentication Token
• What you have!
• kunci rumah, kartu kredit
• bisa dicuri!
• Mungkin keuntungannya psikologis: orang
kurang rela meminjamkan kartu ketimbang
password!
• Biasanya butuh hardware tambahan: misalnya
smart card / magentic card reader
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Smart Card
Ukuran kartu kredit, tapi di dalamnya ada processor. Ada macam-
macam:
• PIN protected memory card: isi hanya bisa dibuka kalau PIN-nya
benar
• Cryptographic challenge & response cards
• Contactless smart card
Kegunaannya:
– Bank Cards: debit & credit
– ID-card, termasuk untuk login.
One card for all access
– Wallet for e-cash
– Payphone
– Loyality program
– Ticket parkir
– Health-card: bisa jaga rahasia
Bank Card
4532 1234 8321 3912
exp 04/03
Dr. John Tralala
University of Indonesia – University of Budi Luhur
Magister of Information Technology
31
Biometrics
• Authenticating a user via human characteristics
• Using measurable physical characteristics of a person
to prove their identification
– Fingerprint
– signature dynamics
– Iris
– retina
– voice
– face
– DNA, blood
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Identifikasi Fisik Manusia
Fingerprint scan
Hand Geometry
Hand Signature
University of Indonesia – University of Budi Luhur
Magister of Information Technology
33
Advantages of fingerprint-based
biometrics
Can‟t be lent like a physical key or token and can‟t be
forgotten like a password
Good compromise between ease of use, template size,
cost and accuracy
Fingerprint contains enough inherent variability to
enable unique identification even in very large (millions
of records) databases
Basically lasts forever -- or at least until amputation or
dismemberment
Makes network login & authentication effortless
University of Indonesia – University of Budi Luhur
Magister of Information Technology
34
Biometric Disadvantages
Still relatively expensive per user
Companies & products are often new &
immature
No common API or other standard
Some hesitancy for user acceptance
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Performance Issues
• False Rejection Rate (type 1 error): prosentase
subjek yang benar, tapi ditolak
• False Acceptance Rate (type 2 error):
prosentase subjek yang invalid, tapi diakui
sistem
• Cross Error Rate (CER): FRR sama dengan FAR
• Masalahnya kalau sensitifitas dinaikkan, FRR
naik, FAR turun. Perlu dicarititik optimum,
yakni CER
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Cross Error Rate
FRR
FAR
%
Sensitifitas
CER
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Random Number Generator
• Misalnya KeyBCA
• Challenge & respond
• Termasuk apa?
– What you know?
– What you have?
– Who you are?
University of Indonesia
Magister of Information Technology
Logical Access Control
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Logical Access Controls
• Akses kontrol infrastruktur TI dapat dilakukan pada
berbagai tingkat
– Front end & Back end
– How networks segregate & protect access to information
resources.
• Paths of Logical Access
– General points of entry
• Network connectivity
• Remote access
• Operator console
• Online workstations or terminals
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Logical Access Controls:
Protection
• Logical Access Control Software
– Prevents unauthorized access and modification to an
organization‟s sensitive data and use of system critical
functions
– Semua layer: networks, operating systems, databases &
application systems
– Fungsi software:
• Identifikasi dan otentikasi
• Otorisasi akses
• Monitor: Logging aktifitas user, reporting
– Implementasi paling efektif: tingkat networks dan operating
system (membatasi privileges pada low level)
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Logical Access Controls
Operating systems access control
• User identification and authentication mechanisms
• Restricted logon IDs
• Rules for access to specific information resources
• Create individual accountability and auditability
• Create or change user profiles
• Log events
• Log user activities
• Report capabilities
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Database and/or application-level
access control
• Create or change data files and database profiles
• Verify user authorization at the application and
transaction levels
• Verify user authorization within the application
• Verify user authorization at the field level for changes
within a database
• Verify subsystem authorization for the user at the file
level
• Log database/data communications access activities for
monitoring access violations
University of Indonesia – University of Budi Luhur
Magister of Information Technology
SSO is the process for the consolidating all
organization platform-based administration,
authentication and authorization functions into a
single centralized administrative function. A single
sign-on product that interfaces with:
client-server and distributed systems
mainframe systems
network security including remote access mechanisms
Single sign-on (SSO)
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Single Sign On
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Multiple passwords are no longer required,
therefore, whereby a user may be more inclined
and motivated to select a stronger password
It improves an administrator‟s ability to manage
users‟ accounts and authorizations to all associates
systems
It reduces administrative overhead in resetting
forgotten passwords over multiple platforms and
applications
It reduces the time taken by users to log into
multiple applications and platforms
Single sign-on (SSO) advantages
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Support for all major operating system
environments is difficult
The costs associated with SSO development
can be significant when considering the nature
and extent of interface development and
maintenance that may be necessary
The centralized nature of SSO presents the
possibility of a single point of failure and total
compromise of an organization‟s information
assets
Single sign-on (SSO) disadvantages
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Key Distribution Centre
(gambaran umum)
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Untung rugi KDC
• Keuntungan:
– kalau ada user baru, tinggal menambahkan di KDC
– kalau seorang user ter-compromised, tidak semua
node akan tercompromised
• Kerugiannya:
– KDC bisa memalsukan jati diri orang lain
– KDC adalah titik lemah dari sistem
– Performa KDC bisa berkurang kalau banyak sekali
orang berhubungan ke KDC pada waktu yang
bersamaan.
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Contoh KDC: Kerberos 5
• Dimuat dalam RFC 1510 oleh Kohl dan
Neuman pada tahun 1993, dan source
code-nya bisa diambil dari
http://web.mit.edu.
• Produk yang menggunakan antara lain
OSF Distributed Computing Environment
(DCE) dan Windows 2000.
University of Indonesia – University of Budi Luhur
Magister of Information Technology
Objek Kerberos
• Authentication: Token yang dibuat oleh client dan
dikirim ke server untuk membuktikan jati diri user
• Ticket: diterbitkan oleh TGS (ticket granting service),
yang dapat “ditunjukkan” oleh klien kepada suatu
server layanan tertentu (misalnya database server).
• Session key: kunci random yang dibuat oleh
Kerberos dan diberikan kepada klien saat ingin
berkomunikasi dengan server tertentu.
Catatan:
• Klien membutuhkan „ticket‟ dan session key untuk
berhubungan dg server tertentu, dimana ticket
tersebut memiliki periode pemakaian beberapa jam.
University of Indonesia – University of Budi Luhur
Magister of Information Technology
University of Indonesia – University of Budi Luhur
Magister of Information Technology
52
Rule of least privilege
• One of the most fundamental principles of infosec
• States that: Any object (user, administrator, program,
system) should have only the least privileges the object
needs to perform its assigned task, and no more.
• An AC system that grants users only those rights
necessary for them to perform their work
• Limits exposure to attacks and the damage an attack can
cause
• Ensure that only a minimal set of users have root access
University of Indonesia – University of Budi Luhur
Magister of Information Technology