Security and the System Administrator

1
Security and the System Administrator
William Hugh Murray 24 East Avenue Suite 1362 New
Canaan, CT 06840 (203)966-4769 WHMurray_at_sprynet.co
m
2
Bio
William Hugh
Murray Bill Murray is information system
security consultant to Deloitte Touche. He
has more than thirty-five years experience in
data processing and more than twenty
in security. During more than twenty-five
years with IBM his management responsibilities
included development of access
control programs, advising IBM customers on
security, and the articulation of the security
product plan. In 1987 he received the
Fitzgerald Memorial Award for leadership in
data security. In 1989 he received the Joseph J.
Wasserman Award for contributions to security,
audit and control. Mr. Murray holds the Bachelor
of Science degree in Business Administration
from Louisiana State University, and is
a graduate of the Jesuit Preparatory High
School of New Orleans.
3
Abstract
Everything that business or government does with
computers or communications becomes part of the
social and economic infra-structure of the
twenty-first century. Much of the configuration
and operation of this novel and critical
infrastructure will be in the hands of the system
and network administrators. They are often the
first to be called when the infrastructure is
stressed or breaks, but their training is often
on-the-job, remedial, and late. Although they
understand the weaknesses and limitations of
their materials all too well, they are rarely
taught how to compensate for those weaknesses.
Out of necessity, their security approach tends
to be reactive and remedial. This presentation
will provide system and network administrators
with a set of broadly applicable strategies and
proactive approaches they can use to protect
systems from outside interference and
contamination, provide appropriate application
con-trols, and protect their networks from
undesired traffic. Among other things, it will
address policy and service-level agreements when
to plan and for what effective use of access
controls strong network perimeters and how to
compensate for leaks and how to use weak
materials to build strong systems.
4
Security Objectives

• Protect Applications from Interference or
  Contamination
• Preserve Confidentiality, Integrity, and
  Availability of Data
• Protect employees from temptation and suspicion
• Preserve the continuity of the business
• Protect Management from Charges of Imprudence

5
Cost of Losses

Security
6
Cost of Losses

Cost of Security
Security
7
Cost of Losses

Cost of Security
Total Cost
Security
8
Character of Costs

• Cost of Losses
• infrequent
• irregular
• uncertain
• unexpected
• threatening

• Cost of Security
• frequent
• regular
• certain
• budgeted
• cost of doing business

9
Sources of loss
10
Other sources of loss

• All acts by outsiders
• malicious programs
• Trojan Horses
• Viruses
• Logic bombs
• Worms
• Other
• espionage

11
Jacobsons Window
12
Jacobsons Window
13
Jacobsons Window
14
Jacobsons Window
15
Jacobsons Window
16
Jacobsons Window
17
Jacobsons Window
18
Characterization of Threats and Vulnerabilities

• natural v.
• accidental v.
• insiders v.
• passive v.
• manual v.
• trial and error v.
• local v.

• man-made
• intentional
• outsiders
• active
• automatic
• systematic
• global

19
Attacks Attackers

• social engineering
• guessing
• short dictionary or sweet list
• long dictionary
• exhaustive
• browsing
• eavesdropping
• spoofing
• password grabbers
• Trojan Horses

20
Targets

• Targets of Opportunity
• highly visible
• low cost of attack
• unknown value of success

21
Cost of Attack

• Work
• Access
• Indifference to detection
• Special Knowledge
• Time to corrective action
• Any one can reduce the requirements for any of
  the others there is enough of these in the
  world to break any system.

22
Cost of Attack

• Work
• Access
• Indifference to detection
• Special Knowledge
• Time to corrective action
• Any one can reduce the requirements for any of
  the others there is enough of these in the
  world to break any system.

23
Cost of Attack

• Work
• Access
• Indifference to detection
• Special Knowledge
• Time to corrective action
• Any one can reduce the requirements for any of
  the others there is enough of these in the
  world to break any system.

24
Targets

• Targets of Opportunity
• highly visible
• low cost of attack
• unknown value of success
• Targets of Choice
• expected value of success
• greater than expected cost of attack

25
Value of Success

• Computer time
• Data, information, knowledge, application value
• Access to other networks
• Identity
• Anonymity
• Trust or confidence

26
Cost to Victim

• Loss of confidentiality
• Loss of integrity
• Loss of reliability and trust
• Loss of use
• Liability to third parties
• Loss of resources for restoration

27
Cost of System Security is measured in

• Generality
• Flexibility
• Performance
• And Functionality

Get used to it!
28
Courtneys Laws

• Nothing useful can be said about security except
  in the context of an application and an
  environment.
• Never spend more money eliminating a
  vulnerability than tolerating it will cost you.
• There are management solutions to technical
  problems but there are no technical solutions to
  management problems.

29
Efficient Security Measures

• safe environment
• management direction
• supervision
• accountability
• copies of the data
• access control
• secret codes (crypto)
• contingency planning

30
Policy

• A statement of managements intent
• Expressed as objectives or practices
• Translated to access control policy
• Mapped to a system policy

31
Why Systems Fail?

• Poor Design
• Inadequate Materials
• Poor Fabrication
• Poor Maintenance
• Improper Operation
• Abuse and Misuse

32
Sufficient Conditions for the Success of a Virus

• Large population of similar machines
• Sharing within the population
• A place for the virus to store the replica
• A way for it to get itself executed
• (Creates replicas faster than they are destroyed)

33
Enterprise Security in the 90s

• Inadequate expression of management intent
• Multiple signons, ids, and passwords
• Multiple points of control
• Unsafe defaults
• Complex administration
• Late recognition of problems

We are being overwhelmed once more!
34
New Defaults

• Application Secure End-to-End
• Integrity vs. confidentiality
• Access Control
• Strong Authentication
• Digital Envelopes
• Digital Signatures
• Object-oriented systems

• Modern Key Management
• Digital Time Stamps
• Single Sign On
• Structured nets (f/w)
• Composition v. Programming
• Documented architecture
• Monitoring
• Network Management

35
Recommendations

• Prefer single application or single user system
  to multi-application multi-user (think servers)
• Hide operating systems from the network
• Restrict write access.
• .to a single process per object
• Restrict read access to mutable objects..
• . to those who can change them
• Application end-to-end encryption (PPTP, L2TP,
  other)

• Scan for viruses in and out
• Scan for viruses on desktop and servers.
• Scan for viruses
• Layer your defenses.
• Prefer application-aware composed firewalls
  between layers.
• Man the walls!
• Economy of Logon
• Client-side strong authentication

36
Strong Authentication

• Two kinds of evidence from list of
• something one person knows (e.g., pass-phrase)
• has, (token)
• is, (biometric, e.g., visage)
• or can do (e.g., speech)
• At least one of which is resistant to replay

37
We are not building toy systems anymore.