Beruflich Dokumente
Kultur Dokumente
Notes
Structure:
1.1 Goals of Computer Security
1.1.1 Vulnerabilities and Attacks
1.1.2 Capabilities and Access Control Lists
1.2 CIA Triangle
1.2.1 Confidentiality
1.2.2 Integrity
1.2.3 Availability
1.3 Identifying the Assets
1.3.1 Identification of Assets
1.3.2 Accountability of Assets
1.3.3 Preparing a Schema for Classification
1.3.4 Implementation of the Classification Schema
1.4 The Need for Security
1.5 Security Threats
1.5.1 Introduction
1.5.2 Security Threats, Attacks, and Vulnerabilities
1.5.3 Security Policies and Plans
1.6 User Authentication
1.6.1 User Authentication vs. Machine Authentication
1.6.2 The Importance of Strong Machine Authentication
1.7 System Access Control
1.7.1 Access Control Challenges
1.7.2 Access Control Principles
1.7.3 Access Control Criteria
1.7.4 Access Control Practices
1.8 Passwords
1.9 Privileged User Management
1.9.1 Enhanced Visibility over Privileged User Activity
1.10 User Account Management
1.10.1 Using the Local Users and Groups Snap-in
1.10.2 Adding USERS with the Local Users and Groups MMC
1.10.3 Adding GROUPS with the Local Users and Groups MMC
1.10.4 Using USER ACCOUNTS in the Control Panel
1.10.5 Using USER ACCOUNTS in the Control Panel to add users to EXISTING
groups
1.11 Data Resource Protection
1.11.1 Effective Data Protection and Recovery Strategy
1.11.2 Protecting Back-up Data
1.11.3 Develop a Data Protection and Recovery Program
Objectives
After studying this unit, you should be able to understand:
Ɣ Goals of Computer security
Ɣ Cryptography
Ɣ Password Management
Ɣ User Authentication
Ɣ Data Resource Protection
Ɣ Intrusion Detection
Ɣ Computer Security Classification
Ɣ Fraud Detection
Ɣ A case study based on this unit
Direct-access Attacks
Eavesdropping
Eavesdropping is the act of surreptitiously listening to a private conversation,
typically between hosts on a network. For instance, programs such as Carnivore and
NarusInsight have been used by the FBI and NSA to eavesdrop on the systems of
internet service providers. Even machines that operate as a closed system (i.e., with no
contact to the outside world) can be eavesdropped upon via monitoring the faint
electromagnetic transmissions generated by the hardware; TEMPEST is a specification
by the NSA referring to these attacks.
Spoofing
Spoofing of user identity describes a situation in which one person or program
successfully masquerades as another by falsifying data.
Tampering
Tampering describes a malicious modification of products. So-called “Evil Maid”
attacks and security services planting of surveillance capability into routers are examples.
Privilege Escalation
Privilege escalation describes a situation where an attacker with some level of
restricted access is able to, without authorization, elevate their privileges or access level.
So, for example, a standard computer user may be able to fool the system into giving
them access to restricted data; or even to “become root” and have full unrestricted
access to a system.
Systems at Risk
Computer security is critical in almost any industry which uses computers.
Financial Systems
Websites that accept or store credit card numbers and bank account information are
prominent hacking targets, because of the potential for immediate financial gain from
transferring money, making purchases, or selling the information on the black market.
In-store payment systems and ATMs have also been tampered with in order to gather
customer account data and PINs.
damage caused by malicious commands sent to industrial equipment (in that case
Notes
uranium enrichment centrifuges) which are infected via removable media. In 2014, the
Computer Emergency Readiness Team, a division of the Department of Homeland
Security, investigated 79 hacking incidents at energy companies.
Aviation
The aviation industry is very reliant on a series of complex system which could be
attacked. A simple power outage at one airport can cause repercussions worldwide,
much of the system relies on radio transmissions which could be disrupted, and
controlling aircraft over oceans is especially dangerous because radar surveillance only
extends 175 to 225 miles offshore. There is also potential for attack from within an
aircraft.
The consequences of a successful attack range from loss of confidentiality to loss of
system integrity, which may lead to more serious concerns such as exfiltration of data,
network and air traffic control outages, which in turn can lead to airport closures, loss of
aircraft, loss of passenger life, damages on the ground and to transportation
infrastructure. A successful attack on a military aviation system that controls munitions
could have even more serious consequences.
Consumer Devices
Desktop computers and laptops are commonly infected with malware either to
gather passwords or financial account information, or to construct a botnet to attack
another target. Smart phones, tablet computers, smart watches, and other mobile
devices such as Quantified Self Devices like activity trackers have also become targets
and many of these have sensors such as cameras, microphones, GPS receivers,
compasses, and accelerometers which could be exploited, and may collect personal
information, including sensitive health information. Wi-Fi, Bluetooth, and cell phone
network on any of these devices could be used as attack vectors, and sensors might be
remotely activated after a successful breach.
Home automation devices such as the Nest thermostat are also potential targets.
Large Corporations
Large corporations are common targets. In many cases, this is aimed at financial
gain through identity theft and involves data breaches such as the loss of millions of
clients’ credit card details by Home Depot, Staples, and Target Corporation.
Not all attacks are financially motivated however; for example, security firm HBGary
Federal suffered a serious series of attacks in 2011 from hacktivist group Anonymous in
retaliation for the firm’s CEO claiming to have infiltrated their group, and Sony Pictures
was attacked in 2014 where the motive appears to have been to embarrass with data
leaks, and cripple the company by wiping workstations and servers.
Government
Government and military computer systems are commonly attacked by activists and
foreign powers. Local and regional government infrastructure such as traffic light controls,
police and intelligence agency communications, personnel records and financial systems
are also potential targets as they are now all largely computerized.
Attacker Motivation
As with physical security, the motivations for breaches of computer security vary
between attackers. Some are thrill-seekers or vandals, others are activists; or criminals
looking for financial gain. State-sponsored attackers are now common and well
resourced, but started with amateurs such as Markus Hess who hacked for the KGB, as
recounted by Clifford Stoll, in The Cuckoo's Egg.
A standard part of threat modeling for any particular system is to identify what might
motivate an attack on that system, and who might be motivated to breach it. The level
and detail of precautions will vary depending on the system to be secured. A home
personal computer, bank and classified military network all face very different threats,
even when the underlying technologies in use are similar.
Security Measures
A state of computer “security” is the conceptual idea, attained by the use of the three
processes: threat prevention, detection, and response. These processes are based on
various policies and system components, which include the following:
Ɣ User account access controls and cryptography can protect systems files and
data, respectively.
Ɣ Firewalls are by far the most common prevention systems from a network
security perspective as they can (if properly configured) shield access to
internal network services, and block certain kinds of attacks through packet
filtering. Firewalls can be both hardware- or software-based.
Ɣ Intrusion Detection System (IDS) products are designed to detect network
attacks in progress and assist in post-attack forensics, while audit trails and
logs serve a similar function for individual systems.
Ɣ “Response” is necessarily defined by the assessed security requirements of an
individual system and may cover the range from simple upgrade of protections
to notification of legal authorities, counter-attacks, and the like. In some special
cases, a complete destruction of the compromised system is favoured, as it
may happen that not all the compromised resources are detected.
Reducing Vulnerabilities
While formal verification of the correctness of computer systems is possible, it is not
yet common. Operating systems formally verified include seL4, and SYSGO’s PikeOS –
but these make up a very small percentage of the market.
Cryptography properly implemented is now virtually impossible to directly break.
Breaking them requires some non-cryptographic input, such as a stolen key, stolen
plaintext (at either end of the transmission), or some other extra cryptanalytic information.
Two factor authentications is a method for mitigating unauthorized access to a
system or sensitive information. It requires “something you know”; a password or PIN,
and “something you have”; a card, dongle, cell phone, or other piece of hardware. This
increases security as an unauthorized person needs both of these to gain access.
Social engineering and direct computer access (physical) attacks can only be
prevented by non-computer means, which can be difficult to enforce, relative to the
sensitivity of the information. Even in a highly disciplined environment, such as in military
organizations, social engineering attacks can still be difficult to foresee and prevent.
It is possible to reduce an attacker’s chances by keeping systems up-to-date with
security patches and updates, using a security scanner and/or hiring competent people
responsible for security. The effects of data loss/damage can be reduced by careful
backing up and insurance.
Security by Design
Security by design, or alternately secure by design, means that the software has
been designed from the ground up to be secure. In this case, security is considered as a
main feature.
Some of the techniques in this approach include:
Ɣ The principle of least privilege, where each part of the system has only the
privileges that are needed for its function. That way even if an attacker gains
access to that part, they have only limited access to the whole system.
Ɣ Automated theorem proving to prove the correctness of crucial software
subsystems.
Ɣ Code reviews and unit testing, approaches to make modules more secure
where formal correctness proofs are not possible.
Ɣ Automated theorem proving and other verification tools can enable critical
Notes
algorithms and code used in secure systems to be mathematically proven to
meet their specifications.
Ɣ Backups are a way of securing information; they are another copy of all the
important computer files kept in another location. These files are kept on hard
disks, CD-Rs, CD-RWs, tapes and more recently on the cloud. Suggested
locations for backups are a fireproof, waterproof, and heat proof safe, or in a
separate, offsite location than that in which the original files are contained.
Some individuals and companies also keep their backups in safe deposit boxes
inside bank vaults. There is also a fourth option, which involves using one of
the file hosting services that backs up files over the Internet for both business
and individuals, known as the cloud.
Backups are also important for reasons other than security. Natural disasters,
such as earthquakes, hurricanes, or tornadoes, may strike the building where
the computer is located. The building can be on fire, or an explosion may occur.
There needs to be a recent backup at an alternate secure location, in case of
such kind of disaster. Further, it is recommended that the alternate location be
placed where the same disaster would not affect both locations. Examples of
alternate disaster recovery sites being compromised by the same disaster that
affected the primary site include having had a primary site in World Trade
Center I and the recovery site in 7 World Trade Center, both of which were
destroyed in the 9/11 attack, and having one’s primary site and recovery site in
the same coastal region, which leads to both being vulnerable to hurricane
damage (for example, primary site in New Orleans and recovery site in
Jefferson Parish, both of which were hit by Hurricane Katrina in 2005). The
backup media should be moved between the geographic sites in a secure
manner, in order to prevent them from being stolen.
Ɣ Capability and access control list techniques can be used to ensure privilege
separation and mandatory access control. This section discusses their use.
Ɣ Chain of trust techniques can be used to attempt to ensure that all software
loaded has been certified as authentic by the system’s designers.
Ɣ Confidentiality is the non-disclosure of information except to another authorized
person.
Ɣ Cryptographic techniques can be used to defend data in transit between
systems, reducing the probability that data exchanged between systems can
be intercepted or modified.
Ɣ Cyber warfare is an Internet-based conflict that involves politically motivated
attacks on information and information systems. Such attacks can, for example,
disable official websites and networks, disrupt or disable essential services,
steal or alter classified data, and cripple financial systems.
Ɣ Data integrity is the accuracy and consistency of stored data, indicated by an
absence of any alteration in data between two updates of a data record.
Ɣ Cryptographic techniques involve transforming information, scrambling it so it
becomes unreadable during transmission. The intended recipient can
unscramble the message; ideally, eavesdroppers cannot.
Ɣ Encryption is used to protect the message from the eyes of others.
Cryptographically secure ciphers are designed to make any practical attempt of
breaking infeasible. Symmetric key ciphers are suitable for bulk encryption
using shared keys, and public key encryption using digital certificates can
1.2.1 Confidentiality
Confidentiality is roughly equivalent to privacy. Measures undertaken to ensure
confidentiality are designed to prevent sensitive information from reaching the wrong
people, while making sure that the right people can in fact get it. Access must be
restricted to those authorized to view the data in question. It is common, as well, for data
to be categorized according to the amount and type of damage that could be done should
it fall into unintended hands. More or less stringent measures can then be implemented
according to those categories.
Sometimes safeguarding data confidentiality may involve special training for those
privacy to such documents. Such training would typically include security risks that could
threaten this information. Training can help familiarize authorized people with risk factors
and how to guard against them. Further aspects of training can include strong passwords
and password-related best practices and information about social engineering methods,
to prevent them from bending data handling rules with good intentions and potentially
disastrous results.
A good example of methods used to ensure confidentiality is an account number or
routing number when banking online. Data encryption is a common method of ensuring
confidentiality. User IDs and passwords constitute a standard procedure; two-factor
authentication is becoming the norm. Other options include biometric verification and
security tokens, key fobs or soft tokens. In addition, users can take precautions to
minimize the number of places where the information appears and the number of times it
is actually transmitted to complete a required transaction. Extra measures might be taken
in the case of extremely sensitive documents, precautions such as storing only on air
gapped computers, disconnected storage devices or, for highly sensitive information, in
hard copy form only.
1.2.2 Integrity
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data
over its entire life cycle. Data must not be changed in transit, and steps must be taken to
ensure that data cannot be altered by unauthorized people (for example, in a breach of
confidentiality). These measures include file permissions and user access controls.
Version control may be used to prevent erroneous changes or accidental deletion by
authorized users becoming a problem. In addition, some means must be in place to
detect any changes in data that might occur as a result of non-human-caused events
such as an electromagnetic pulse (EMP) or server crash. Some data might include
checksums, even cryptographic checksums, for verification of integrity. Backups or
redundancies must be available to restore the affected data to its correct state.
1.2.3 Availability
Availability is best ensured by rigorously maintaining all hardware, performing
hardware repairs immediately when needed and maintaining a correctly functioning
operating system environment that is free of software conflicts. It’s also important to keep
current with all necessary system upgrades. Providing adequate communication
bandwidth and preventing the occurrence of bottlenecks are equally important.
Redundancy, failover, RAID even high-availability clusters can mitigate serious
consequences when hardware issues do occur. Fast and adaptive disaster recovery is
Ɣ Application Ɣ Infrastructure
Access Layer Access Layer
Confidentiality
Availability Integrity
Ɣ Physical Ɣ Data in
Access Layer Motion Layer
1. Information Assets
Every piece of information about your organization falls in this category. This
information has been collected, classified, organized and stored in various forms.
(a) Databases: Information about your customers, personnel, production, sales,
marketing and finances is critical for your business. Its confidentiality, integrity
and availability is of utmost importance.
(b) Data files: Transactional data giving up-to-date information about each event.
(c) Operational and support procedures: These have been developed over the
years and provide detailed instructions on how to perform various activities.
(d) Archived information: Old information that may be required to be maintained
by law.
(e) Continuity plans, fallback arrangements: These would be developed to
overcome any disaster and maintain the continuity of business. Absence of
these will lead to ad-hoc decisions in a crisis.
2. Software Assets
These can be divided into two categories:
(a) Application software: Application software implements business rules of the
organization. Creation of application software is a time-consuming task. Integrity
of application software is very important. Any flaw in the application software
could impact the business adversely.
(b) System software: An organization would invest in various packaged software
programs like operating systems, DBMS, development tools and utilities,
software packages, office productivity suites, etc.
Most of the software under this category would be available off-the-shelf, unless the
software is obsolete or non-standard.
3. Physical Assets
These are the visible and tangible equipment and could comprise of:
(a) Computer equipment: Mainframe computers, servers, desktops and notebook
computers.
(b) Communication equipment: Modems, routers, EPABXs and fax machines.
4. Services
(a) Computing services that the organization has outsourced.
(b) Communication services like voice communication, data communication, value
added services, wide area network, etc.
(c) Environmental conditioning services like heating, lighting, air conditioning and
power.
Assets Valuation
What is the value of an asset? Like beauty, which is in the eyes of the beholder, an
asset’s value is best known to the asset owner. It may not be merely the written down
value. A more realistic measure is the replacement value. How much is it going to cost if
the asset has to be acquired today? Accurate valuation of an information asset is a tricky
task. Due care must be taken. A seemingly small item may be immensely difficult to
replace today.
True value of the asset will lead us to identify realistic measures needed for
protection of the asset.
1.5.1 Introduction
The first part of this section outlines security threats and briefly describes the
methods, tools, and techniques that intruders use to exploit vulnerabilities in systems to
achieve their goals.
Security Threats
Threats can originate from two primary sources: humans and nature. Human
threats subsequently can be broken into two categories: malicious and non-malicious.
The non-malicious “attacks” usually come from users and employees who are not trained
on computers or are not aware of various computer security threats. Malicious attacks
usually come from non-employees or disgruntled employees who have a specific goal or
objective to achieve.
Figure 1 introduces a layout that can be used to break up security threats into
different areas.
Security Threats
Floods
Malicious Non-malicious Fires
Earthquakes
Hurricanes
Non-malicious threats usually come from employees who are untrained in computers
Notes
and are unaware of security threats and vulnerabilities.
Non-
malicious
Threats Good security controls Security
can stop certain attacks Controls and
Techniques Policies
and
Methods
Motives
Malicious Techniques
and
Threats and Assets
Goals
Methods
Vulnerabilities
Techniques
and
Methods
No security policies or
Poor security policies could controls could be
let an attack through disastrous
Natural
Disasters
Figure 2
The following table gives some examples of the various aspects discussed above.
Threats Motives/Goals Methods Security Policies
Ŷ Employees Ŷ Deny services Ŷ Social engineering Ŷ Vulnerabilities
Ŷ Malicious Ŷ Steal information Ŷ Viruses, Trojan Ŷ Assets
Ŷ Ignorant Ŷ Alter information horses, worms Ŷ Information and data
Ŷ Non-employees Ŷ Damage information Ŷ Packet replay Ŷ Productivity
Ŷ Outside attackers Ŷ Delete information Ŷ Packet modification Ŷ Hardware
Ŷ Natural disasters Ŷ Make a joke Ŷ IP spoofing Ŷ Personnel
Ŷ Floods Ŷ Show-off Ŷ Mail bombing
Ŷ Earthquakes Ŷ Various hacking tools
Ŷ Hurricanes Ŷ Password cracking
Ŷ Riots and wars
Note that ignorant employees usually have no motives and goals for causing
damage. The damage is accidental. Also, malicious attackers can deceive ignorant
employees by using “social engineering” to gain entry. The attacker could masquerade
as an administrator and ask for passwords and user names. Employees who are not well
trained and are not security aware can fall for this.
Common examples of computer-related employee sabotage include:
Ɣ Changing data
Ɣ Deleting data
Ɣ Destroying data or programs with logic bombs
Ɣ Crashing systems
Ɣ Holding data hostage
Ɣ Worms. These are programs that run independently and travel from computer
Notes
to computer across network connections. Worms may have portions of
themselves running on many different computers. Worms do not change other
programs, although they may carry other code that does.
Ɣ Password cracking. This is a technique attackers use to surreptitiously gain
system access through another user’s account. This is possible because users
often select weak passwords. The two major problems with passwords are
when they are easy to guess based on knowledge of the user (for example,
wife’s maiden name) and when they are susceptible to dictionary attacks (that
is, using a dictionary as the source of guesses).
Ɣ Denial-of-service attacks. This attack exploits the need to have a service
available. It is a growing trend on the Internet because websites in general are
open doors ready for abuse. People can easily flood the Web server with
communication in order to keep it busy. Therefore, companies connected to the
Internet should prepare for (DoS) attacks. They also are difficult to trace and
allow other types of attacks to be subdued.
Ɣ E-mail hacking. Electronic mail is one of the most popular features of the
Internet. With access to Internet e-mail, someone can potentially correspond
with any one of millions of people worldwide. Some of the threats associated
with e-mail are:
Ŷ Impersonation. The sender address on Internet e-mail cannot be trusted
because the sender can create a false return address. Someone could
have modified the header in transit, or the sender could have connected
directly to the Simple Mail Transfer Protocol (SMTP – the protocol used
for sending e-mail) port on the target computer to enter the e-mail.
Ŷ Eavesdropping. E-mail headers and contents are transmitted in the clear
text if no encryption is used. As a result, the contents of a message can
be read or altered in transit. The header can be modified to hide or
change the sender, or to redirect the message.
Ɣ Eavesdropping. This allows a cracker (hacker) to make a complete copy of
network activity. As a result, a cracker can obtain sensitive information such as
passwords, data, and procedures for performing functions. It is possible for a
cracker to eavesdrop by wiretapping, using radio, or using auxiliary ports on
terminals. It is also possible to eavesdrop using software that monitors packets
sent over the network. In most cases, it is difficult to detect eavesdropping.
Ɣ Social engineering. This is a common form of cracking. It can be used by
outsiders and by people within an organization. Social engineering is a hacker
term for tricking people into revealing their password or some form of security
information.
Ɣ Intrusion attacks. In these attacks, a hacker uses various hacking tools to
gain access to systems. These can range from password cracking tools to
protocol hacking and manipulation tools. Intrusion detection tools often can
help to detect changes and variants that take place within systems and
networks.
Note: Additional handout on viruses.
Security Vulnerabilities
As explained previously, a malicious attacker uses a method to exploit vulnerabilities in
order to achieve a goal. Vulnerabilities are weak points or loopholes in security that an
attacker exploits in order to gain access to the network or to resources on the network (see
Security
Controls and
Policies
Non-malicious Assets:
Threats: Loss of
productivity
John Doe
and data
Vulnerability: No virus
detection products installed
Vulnerability: No control
on the use of diskettes
Figure 3
company’s Web server to stop servicing requests. Sally uses a denial-of-service attack
Notes
tool called Trin00 to start an attack on the company’s Web server.
Most of the company’s business is conducted via e-commerce and clients are
complaining that they cannot connect to the Web server. The following diagram outlines
the various tools and vulnerabilities Sally used to achieve her goal.
Security
Controls and
Policies
Malicious
Threats: Goat Tools: Asset:
Disgruntled To Stop Denial-of- Loss of
Employee Productivity Service Productivity
Sally Attack Tools
Figure 4
Security
Controls and
Policies
Assets:
Natural Hardware
Disaster: and Loss of
Lightning Productivity
Vulnerability: No
Lightning/Surge Protection
Figure 5
User Keys
Admin Key
G150 Configures
Controllers
User Keys
Export Key
G2 Programmer
G250 Transfers
Controller
Events
Group
G450
Ɣ Limit and monitor the usage of administrator and other powerful accounts.
Notes
Ɣ Suspend or delay access capability after a specific number of unsuccessful
logon attempts.
Ɣ Remove obsolete user accounts as soon as the user leaves the company.
Ɣ Suspend inactive accounts after 30 to 60 days.
Ɣ Enforce strict access criteria.
Ɣ Enforce the need-to-know and least-privilege practices.
Ɣ Disable unneeded system features, services and ports.
Ɣ Replace default password settings on accounts.
Ɣ Limit and monitor global access rules.
Ɣ Ensure those logon IDs are non-descriptive of job function.
Ɣ Remove redundant resource rules from accounts and group memberships.
Ɣ Remove redundant user IDs, accounts, and role-based accounts from resource
access lists.
Ɣ Enforce password rotation.
Ɣ Enforce password requirements (length, contents, lifetime, distribution, storage,
and transmission).
Ɣ Audit system and user events and actions and review reports periodically.
Ɣ Protect audit logs.
1.8 Passwords
Ɣ It is the most common form of system identification and authentication
mechanism.
Ɣ A password is a protected string of characters that is used to authenticate an
individual.
Ɣ Password Management
Ŷ Password should be properly guaranteed, updated, and kept secret to
provide and effective security.
Ŷ Passwords generators can be used to generate passwords that are
uncomplicated, pronounceable and non-dictionary words.
Ŷ If the user chooses his passwords, the system should enforce certain
password requirement like insisting to use special char, no of char, case
sensitivity, etc.
Ɣ Techniques for Passwords Attack
Ŷ Electronic monitoring: Listening to network traffic to capture information,
especially when a user is sending her password to an authentication
server. The password can be copied and reused by the attacker at
another time, which is called a replay attack.
Ŷ Access the password file: Usually done on the authentication server.
The password file contains many users’ passwords and, if compromised,
can be the source of a lot of damage. This file should be protected with
access control mechanisms and encryption.
Ŷ Brute force attacks: Performed with tools that cycle through many
possible character, number, and symbol combinations to uncover a
password.
Ŷ Dictionary attacks: Files of thousands of words are used to compare to
the user’s password until a match is found.
In Microsoft Windows XP Professional, you will find one of three different accounts
Notes
in use on any given system.
Ɣ Local user accounts allow you to log on to the local system and access
resources there. If you needed to access any type of resource beyond the local
system, you would need to provide additional credentials in most cases. Local
accounts authenticate to the local security database.
Ɣ Domain user accounts allow you to log on to the domain the user account
belongs to in order to access network resources. You may be able to access
resources in other domains depending on how the trust relationships are
defined or if any modifications have been made to them. Domain accounts
authenticate to a domain controller and to the domain security database.
Ɣ Built-in user accounts allow you to perform administrative tasks on the local
system and sometimes they can access local or network resources, depending
on their configuration on the network. This too, is dependent on how trust
relationships are defined or if any modifications have been made to them. The
only two accounts created by default on a stand-alone Windows XP
Professional clean installation are Administrator and Guest.
The Built-in Administrator account is enabled by default and cannot be deleted from
the system. The name of the account as well as the password can be changed, however,
and this is a recommended best practice. It is also recommended that the default
Administrator account never be used or used as infrequently as possible and only when
tasks need to be performed at an Administrative level. If there is ever more than one
Administrator on a workstation, each one should have an account created for their use. In
the event that you need to log administrative events, this would be easier if there were a
number of different administrator accounts created rather than a single one.
The Guest account also cannot be deleted from the system; however, it is disabled
by default and unless there is some required operational need, it should stay disabled.
The only “need” for the Guest account would be a kiosk type terminal in a lobby of an
office building or hotel and in that event it could be used. If there is ever a short time need
to grant access to a temporary user to a system, it is always worth the “aggravation” to
create an account.
Notes
You can also type compmgmt.msc in the RUN box or from a command line to
launch the Computer Management MMC.
What your Start Menu options look like, all depend on how you have the menu set. If
you are using the Classic Start Menu, you would not see My Computer as a selection to
right click on. Your options would be to click Start, select Administrative Tools and then
select Computer Management. Not a whole lot different, but perhaps just enough to
confuse you.
I seem to continually repeat this from article to article, but it is important to stress,
the Windows XP Professional exam rarely tests you on Classic anything. You need to
know how to get from Windows XP Professional settings to Classic and back, but in 90%
of the cases you’re going to find instructions laid out in the Windows XP Professional vein.
I will do my best to point out alternatives in the section as I have done here.
If you want to directly open the Local Users and Groups MMC, you can type
Notes
lusrmgr.msc from the RUN box or from a command line. This will run the tool
independently from the Computer Management MMC.
You can also launch the Control Panel and select the User Accounts icon as well.
User Accounts and the Local Users and Groups MMC both function differently while
performing the same task. I will cover the User Accounts functionality separately.
1.10.2 Adding USERS with the Local Users and Groups MMC
Adding a user is as simple as selecting Users from the left pane, right clicking it and
choosing New User. You can also highlight Users by left clicking it and going up to
ACTION on the menu bar and selecting New User.
Depending on your current settings, all you may need to supply in order to create a
user account is a user account name. The full user name, description, and passwords
are not required by default.
To set a password where one isn’t used or to change one that is currently set, you
would right click on the given account and choose SET PASSWORD.
You can also right click on the given account and choose ALL TASKS which leads
you to the single SET PASSWORD option as well.
You can also select the user with a single left click and go to ACTION in the menu to
bring up the same ALL TASKS/SET PASSWORD options as well.
Passwords are not required by default but are always a recommended best practice.
1.10.3 Adding GROUPS with the Local Users and Groups MMC
Adding groups is performed in much the same manner. You can select Groups from
the left pane, right click it and choose New Group. You can also highlight Groups by left
clicking it and going up to ACTION on the menu and selecting New Group.
All that is required for creating a Group is the name. Descriptions do not need to be
entered for the group nor do you need to add any members.
When you are in a domain and you open the USER ACCOUNTS icon in the Control
Panel, you are presented with the User Accounts view as shown below on the USER tab.
Notes
The “domain” BUCKAROO in this example is the local system and not a domain.
NORTHAMERICA is a domain. The icons for a local account have a computer/user icon.
In the above image in the Password for backup section, you can see this. A DOMAIN
icon in the Users for this computer section would have a planet/user icon combination as
shown below.
In order to see the properties of an account, you would select it and click on the
Notes
properties button to see the following window.
On the Group Membership tab of the USER property sheet, you would see three
selections to choose from regarding group memberships.
The OTHER drop down window lists only the local groups, regardless of whether
you have chosen a user account in the local accounts database or a domain account that
is in the domain.
You can change the password for a given account from the USER tab by selecting
the account and clicking the RESET PASSWORD button, which will bring up the RESET
PASSWORD window as shown below.
From the ADVANCED tab, you can manage passwords that are in the local database.
Notes
By selecting the MANAGE PASSWORDS button, you will open the Stored User
Names and Passwords where you can add, remove or view the properties of an account.
When you select the .NET PASSPORT WIZARD, the wizard will start and allow you
to add a .NET passport to one or more Windows XP Professional user accounts.
Notes
To change any of the listed accounts, you would select CHANGE AN ACCOUNT
Notes
and select the account you wish to change. It’s here that you can change the password,
change the icon (picture) that is associated with the account or to set up the account to
use a .NET passport.
The CREATE A NEW ACCOUNT option allows you to do just that.
The CHANGE THE WAY USERS LOG ON OR OFF option allows you to select
either FAST USER SWITCHING (which is not allowed when the workstation is a member
of a domain) or using the standard USE THE WELCOME SCREEN option.
Fast User Switching cannot be used if the Offline Files option is enabled. Also, once
your system is added to a domain, you can no longer use Fast User Switching, even if
you log on to the workstation by using the local user account database.
That’s a wrap for this week. Be sure to check back in next week for the next article in
this series.
In the meantime, best of luck for your studies and please feel free to contact me with
any questions on my column and remember,
“F.Y.I. can mean more than one thing.”
In Microsoft Windows XP Professional, you will find a number of default local groups
on your system, which can perform the following default functions as outlined:
Administrators Members of the Administrators group have complete and
unrestricted access to the computer and can perform all
administrative tasks. The built-in Administrator account is a
member of this group by default and should the Windows XP
Professional system be joined to a domain, (or domains) the
Domain Admins group of the domain(s) joined will be added to the
local Administrators group as well.
Notes Backup Operators Members of the Backup Operators group can use Windows
Backup (NTBACKUP) to back up and restore data to the local
computer. Being in this group allows them to override security
restrictions for the sole purpose of backing up or restoring files.
Guests Members of the built-in Guests group are limited to only having
access to specific resources for which they have been assigned
explicit permissions for and can only perform specific tasks for
which they have been assigned explicit rights.
This is nearly the same access level as members of the Users
group except for some additional restrictions.
By default, the built-in Guest account is a member of the Guests
group. When the Windows XP Professional system is joined to a
domain (or domains), the Domain Guests group of the domain(s)
joined will be added to the local Guests group as well.
Power Users Members of the Power Users group can create and modify local
user accounts on the computer and share resources. Effectively,
they are one group lower in authority on a local system from the
Administrators group in that they possess most administrative
powers with certain restrictions.
Users Members of the Users Group are prevented from making
accidental or intentional system-wide changes and they are only
slightly higher in the permission scheme than the Guests Group.
Members of the Users group are limited to only having access to
specific resources for which they have been assigned explicit
permissions for and can only perform specific tasks for which they
have been assigned explicit rights.
When a new user is created on a Windows XP Professional
system, it is added to the Users group by default.
When the Windows XP Professional system is joined to a domain
(or domains), the Domain Users group of the domain(s) joined will
be added to the local Users group as well.
Notes
You can also type compmgmt.msc in the RUN box or from a command line to
launch the Computer Management MMC.
If you want to directly open the Local Users and Groups MMC, you can type
lusrmgr.msc from the RUN box or from a command line. This will run the tool
independently from the Computer Management MMC.
Depending on your current settings, all you need to supply in order to create a new
group is the name. In most cases, the description and adding users at the time is not
required by default.
1.10.5 Using USER ACCOUNTS in the Control Panel to Add Users to EXISTING Groups
How USER ACCOUNTS in the Control Panel functions all depends on whether your
Windows XP Professional system is in a domain or not. Also, how it looks depends on
whether you are using the default Windows XP view or the Classic interface. This is the
default Windows XP view.
Below is the Classic view.
When you are in a domain and you open the USER ACCOUNTS icon in the Control
Notes
Panel, you are presented with the User Accounts view as shown below on the USER tab.
The OTHER drop down window lists all of the LOCAL groups that the user could
belong to.
The OTHER drop down window lists only the local groups, regardless of whether
you have chosen a user account in the local accounts database or a domain account that
is in the domain.
From the ADVANCED tab, you can perform functions such as managing passwords
that are in the local database or using the .NET PASSPORT WIZARD to add a .NET
passport to one or more Windows XP Professional user accounts.
Notes
To change any of the listed accounts, you would select CHANGE AN ACCOUNT
Notes
and select the account you wish to change. It’s here that you can change the password,
change the icon (picture) that is associated with the account or to set up the account to
use a .NET passport.
The CREATE A NEW ACCOUNT option allows you to do just that.
The CHANGE THE WAY USERS LOG ON OR OFF option allows you to select
either FAST USER SWITCHING (which is not allowed when the workstation is a member
of a domain) or using the standard USE THE WELCOME SCREEN option.
nature for them. And the best-practice approach maintains that the company budgets for
Notes
program maintenance, testing and continual enhancement.
1.13 Cryptography
Encryption is the science of changing data so that it is unrecognizable and useless
to an unauthorized person. Decryption is changing it back to its original form.
The most secure techniques use a mathematical algorithm and a variable value
known as a ‘key’.
The selected key (often any random character string) is input on encryption and is
integral to the changing of the data. The EXACT same key MUST be input to enable
decryption of the data.
This is the basis of the protection.... if the key (sometimes called a password) is only
known by authorized individual(s), the data cannot be exposed to other parties. Only
those who know the key can decrypt it. This is known as ‘private key’ cryptography, which
is the most well-known form.
Key
Where a single individual is involved, often direct input of a value or string will suffice.
Notes
The ‘memorized’ value will then be re-input to retrieve the data, similar to password
usage.
Sometimes, many individuals are involved, with a requirement for unique keys to be
sent to each for retrieval/decryption of transmitted data. In this case, the keys themselves
may be encrypted. A number of comprehensive and proven key management systems
are available for these situations.
Key Component
Keys should whenever possible be distributed by electronic means, enciphered
under previously established higher-level keys. There comes a point, of course when no
higher-level key exists and it is necessary to establish the key manually.
A common way of doing this is to split the key into several parts (components) and
entrust the parts to a number of key management personnel. The idea is that none of the
key parts should contain enough information to reveal anything about the key itself.
Usually, the key is combined by means of the exclusive OR operation within a
secure environment.
In the case of DES keys, there should be an odd number of components, each
component having odd parity. Odd parity is preserved when all the components are
combined. Further, each component should be accompanied by a key check value to
guard against keying errors when the component is entered into the system.
A key check value for the combined components should also be available as a final
check when the last component is entered.
A problem that occurs with depressing regularity in the real world is when it is
necessary to re-enter a key from its components. This is always an emergency situation,
and it is usually found that one or more of the key component holders cannot be found.
For this reason, it is prudent to arrange matters so that the components are distributed
among the key holders in such a way that not all of them need to be present.
For example, if there are three components (C1, C2, C3) and three key holders
(H1, H2, H3), then H1 could have (C2, C3), H2 could have (C1, C3) and H3 could have
(C1, C2). In this arrangement, any two out of the three key holders would be sufficient.
Setting K3 equal to K1 in these processes gives us a double length key K1, K2.
Notes
Setting K1, K2 and K3 all equal to K has the same effect as using a single-length
56-bit key. Thus, it is possible for a system using triple DES to be compatible with a
system using single DES.
RSA: RSA is a public key algorithm invented by Rivest, Shamir and Adleman. The
key used for encryption is different from (but related to) the key used for decryption.
The algorithm is based on modular exponentiation. Numbers e, d and N are chosen
with the property that if A is a number less than N, then (Ae mod N)d mod N = A.
This means that you can encrypt A with e and decrypt using d. Conversely, you can
encrypt using d and decrypt using e (though doing it this way round is usually referred to
as signing and verification).
Ɣ The pair of numbers (e, N) is known as the public key and can be published.
Ɣ The pair of numbers (d, N) is known as the private key and must be kept
secret.
The number e is known as the public exponent, the number d is known as the
private exponent, and N is known as the modulus. When talking of key lengths in
connection with RSA, what is meant is the modulus length.
An algorithm that uses different keys for encryption and decryption is said to be
asymmetric.
Anybody knowing the public key can use it to create encrypted messages, but only
the owner of the secret key can decrypt them.
Conversely, the owner of the secret key can encrypt messages that can be
decrypted by anybody with the public key. Anybody successfully decrypting such
messages can be sure that only the owner of the secret key could have encrypted them.
This fact is the basis of the digital signature technique.
Without going into detail about how e, d and N are related, d can be deduced from
e and N if the factors of N can be determined. Therefore, the security of RSA depends on
the difficulty of factorizing N. Because factorization is believed to be a hard problem, the
longer N is, the more secure the cryptosystem. Given the power of modern computers, a
length of 768 bits is considered reasonably safe, but for serious commercial use 1024 bits
is recommended.
The problem with choosing long keys is that RSA is very slow compared with a
symmetric block cipher such as DES, and the longer the key the slower it is. The best
solution is to use RSA for digital signatures and for protecting DES keys. Bulk data
encryption should be done using DES.
1.14.1 Terminology
Burglar Alert/Alarm: A signal suggesting that a system has been or is being
attacked.
Detection Rate: The detection rate is defined as the number of intrusion instances
detected by the system (True Positive) divided by the total number of intrusion instances
present in the test set.
False Alarm Rate: It is defined as the number of ‘normal’ patterns classified as
attacks (False Positive) divided by the total number of ‘normal’ patterns.
Ɣ Misfeasor: They are commonly internal users and can be of two types:
Notes
1. An authorized user with limited permissions.
2. A user with full permissions and who misuses their powers.
Ɣ Clandestine User: A person who acts as a supervisor and tries to use his
privileges so as to avoid being captured.
1.14.3 HIDS and NIDS
Intrusion detection systems are of two main types, network based (NIDS) and host
based (HIDS) intrusion detection systems.
Network Intrusion Detection Systems
Network Intrusion Detection Systems (NIDS) are placed at a strategic point or points
within the network to monitor traffic to and from all devices on the network. It performs an
analysis of passing traffic on the entire subnet, and matches the traffic that is passed on
the subnets to the library of known attacks. Once an attack is identified, or abnormal
behaviour is sensed, the alert can be sent to the administrator. An example of an NIDS
would be installing it on the subnet where firewalls are located in order to see if someone
is trying to break into the firewall. Ideally, one would scan all inbound and outbound traffic;
however, doing so might create a bottleneck that would impair the overall speed of the
network. OPNET and NetSim are commonly used tools for simulation network intrusion
detection systems. NID Systems are also capable of comparing signatures for similar
packets to link and drop harmful detected packets which have a signature matching the
records in the NIDS.
Host Intrusion Detection Systems
Host Intrusion Detection Systems (HIDS) run on individual hosts or devices on the
network. A HIDS monitors the inbound and outbound packets from the device only and
will alert the user or administrator if suspicious activity is detected. It takes a snapshot of
existing system files and matches it to the previous snapshot. If the critical system files
were modified or deleted, an alert is sent to the administrator to investigate. An example
of HIDS usage can be seen on mission critical machines, which are not expected to
change their configurations.
The Washington Post reports in an investigation entitled Top Secret America, that
Notes
per 2010 “An estimated 854,000 people ... hold top-secret security clearances” in the
United States.
Secret: “It is desired that no document be released which refers to experiments with
humans and might have adverse effect on public opinion or result in legal suits.
Documents covering such work field should be classified ‘secret’.”
On April 17, 1947, Atomic Energy Commission memo from Colonel O.G. Haywood,
Jr. to Dr. Fidler at the Oak Ridge Laboratory in Tennessee. As of 2010, Executive Order
13526 bans classification of documents simply to “conceal violations of law, inefficiency,
or administrative error” or “prevent embarrassment to a person, organization, or agency”.
Secret material would cause “serious damage” to national security if it were publicly
available.
In the United States, operational “Secret” information can be marked with an
additional “LIMDIS”, to limit readership.
Confidential: Confidential material would cause damage or be prejudicial to
national security if publicly available.
Restricted: Restricted material would cause “undesirable effects” if publicly
available. Some countries do not have such a classification; in public sectors, such as
commercial industries, such level are also called and known as “Private Information”.
Official: Official material forms the generality of government business, public
service delivery and commercial activity. This includes a diverse range of information, of
varying sensitivities, and with differing consequences resulting from compromise or loss.
OFFICIAL information must be secured against a threat model that is broadly similar to
that faced by a large private company.
The OFFICIAL classification replaces the Confidential and Restricted classifications
after April 2014 in the UK.
1.15.3 NATO Classifications
For example, sensitive information shared amongst NATO allies has four levels of
security classification; from most to least classified:
1. Cosmic Top Secret (CTS)
2. Nato Secret (NS)
3. Nato Confidential (NC)
4. Nato Restricted (NR)
Conclusion: Malicious attackers will use various methods, tools, and techniques to
exploit vulnerabilities in security policies and controls to achieve a goal or objective.
Non-malicious attacks occur due to poor security policies and controls that allow
vulnerabilities and errors to take place. Natural disasters can occur at any time. So,
organizations should implement measures to try to prevent the damage they can cause.
Prevention: Take measures that prevent your information from being damaged,
altered, or stolen. Preventive measures can range from locking the server room door to
setting up high-level security policies.
Detection: Take measures that allow you to detect when information has been
damaged, altered, or stolen, how it has been damaged, altered, or stolen, and who has
caused the damage. Various tools are available to help detect intrusions, damage or
alterations, and viruses.
Reaction: Take measures that allow recovery of information, even if information is
lost or damaged.
1.16 Summary
Information security plays an important role in protecting the assets of an
organization. As no single formula can guarantee 100% security, there is a need for a set
of benchmarks or standards to help ensure an adequate level of security is attained,
resources are used efficiently, and the best security practices are adopted.
While information security plays an important role in protecting the data and assets
of an organization, we often hear news about security incidents, such as defacement of
websites, server hacking and data leakage. Organizations need to be fully aware of the
need to devote more resources to the protection of information assets, and information
security must become a top concern in both government and business.
The 17 security-related areas include: (a) access control; (b) awareness and training;
(c) audit and accountability; (d) certification, accreditation, and security assessments;
(e) configuration management; (f) contingency planning; (g) identification and authentication;
(h) incident response; (i) maintenance; (j) media protection; (k) physical and environmental
protection; (l) planning; (m) personnel security; (n) risk assessment; (o) systems and
services acquisition; (p) system and communications protection; and (q) system and
information integrity.
Although there are a number of information security standards available, an
organization can only benefit if those standards are implemented properly. Security is
something that all parties should be involved in. Senior management, information
security practitioners, IT professionals and users all have a role to play in securing the
assets of an organization. The success of information security can only be achieved by
full cooperation at all levels of an organization, both inside and outside.
At OIL
Organon (a part of the Akzo Nobel) — headquartered in Roseland, NJ,
USA—creates and markets prescription medicines that improve health and quality of
human life. OIL’s Indian operations began more than 35 years back, in Mumbai. Its two
factories located in and around Calcutta are involved in making bulk drugs. The
company's sales and distribution team is spread across the country with regional offices
in Calcutta, Delhi, and Chennai.
The organization relies first and foremost on its expertise in research and
development to produce medicines.
Assessment
Notes
In this phase, a detailed IT infrastructure review was performed. This involved:
Ɣ Vulnerability assessment and analysis of the OIL infrastructure.
Ɣ Detailed study of OIL’s internal policies, processes, and procedures pertaining
mostly towards IT.
Ɣ GAP Analysis for OIL to uncover the inadequacies of the current processes,
procedures, and practices in accordance with the BS7799 standard for
information security.
Many documents that formed the network study, security policies, technical
procedures and process related documents were included in the scope of this study. All
the IT processes, both at the practical day-to-day implementation and policy/guideline
levels of OIL were studied and analyzed.
The study included OIL’s security policies, change control processes, configuration
management, third party and internal supply, service level agreements and other relevant
areas.
Ɣ Information Resource Risk Assessment: The respective threats and
vulnerabilities were identified for the resources. The assessment was done
using best-of-breed commercial as well as Open Source tools while the
processes were assessed with BS7799 as a reference.
Ɣ Security Architecture Design: To mitigate these risks, detailed and in-depth
security architecture design was recommended.
Ɣ Recommendation: The final recommendations, based on the above, were
submitted to the management for approval.
Review
In this phase, the review of the security policies and processes of the organization
would be performed by the global IT teams and would be both scheduled as well as
unscheduled. Sify, as a security service provider, would also be responsible for ensuring
that the company comes out with little or no severe concerns during the course of the
audit.
Going Ahead
In the next few months, OIL will regularize its audit practice. This will enable
improvements in processes and overall business strategy. And it will help the company
continue to use IT as an important business driver.
IT Infrastructure at OIL
Organon India Ltd. (OIL) has offices in Mumbai, Calcutta, Delhi, Chennai and Hyderabad. Its
data center is independently situated in Mumbai.
All business critical resources have been located in the data center.
These include:
Ɣ ERP application, which runs on IBM AS/400 mainframe platform. All users located
around the country log-on to the AS/400 and update data, orders, and other
ERP-related operations using Citrix
Ɣ Mailing solution
Ɣ Internal workflow applications
Ɣ DNS servers
The OIL WAN rides on the Sify Network to connect its nationwide offices across the country and
the data center. The WAN is an IP-based VPN with a mix of leased lines and broadband as the
last mile to each of OIL’s offices.
The company has Internet connectivity in Calcutta and Mumbai. It is planning a link between the
Mumbai data center and the research center in the Netherlands via Osaka (Japan). This link is
being sourced from Equant. The link is to provide access to specific applications and for users to
interact with the Netherlands’ office.
<In a nutshell>
The Company
Organon India Ltd. (OIL) is a pharmaceutical company that manufactures bulk drugs and carries
out a lot of R&D activities.
The Need
OIL wanted to provide higher levels of access to business critical resources and the Internet to its
employees. At the same time, it wanted to maintain an acceptable standard of information
assurance.
The Solution
It used the services of a third party to conduct an IT security audit.
Miscellaneous Resources:
1. IEEE Security and Privacy Magazine Tables of Contents (since Jan. 2003).
2. Review of 10 Cryptography Books (Plus Background Introduction), Susan
Landau, Bull. Amer. Math. Soc., 41 (2004), pp. 357-367. Copyright 2004, AMS.
3. (Classic Security Paper) J.H. Saltzer, M.D. Schroeder, The Protection of
Information in Computer Systems, Web version. Proc. IEEE, 63(9): 1278-1308
(Sept.1975), DOI: 10.1109/PROC.1975.9939.
4. DoD Orange Book (1985) and Other Seminal Papers in Computer Security
(thanks to: UC Davis/Matt Bishop).
5. Educational Comic Strips Teaching about Password Guessing Attacks (thanks
to Leah Zhang at Carleton).