Concerning online applications, discuss the principles of CIA Triad (Confidentiality, Integrity, Availability) and propose an implementation process with the CIA’s adherence. (Hint: with on

30

Chap ter 1 Se cu rity Gov er nance Through Prin ci ples and Poli cies

THE CISSP EXAM TOP ICS COV ERED IN THIS CHAP TER IN CLUDE:

Do main 1: Se cu rity and Risk Man age ment 1.1 Un der stand and ap ply con cepts of con fi den tial ity, in tegrity and avail abil ity

1.2 Eval u ate and ap ply se cu rity gov er nance prin ci ples

1.2.1 Align ment of se cu rity func tion to busi ness strat egy, goals, mis sion, and ob jec tives

1.2.2 Or ga ni za tional pro cesses

1.2.3 Or ga ni za tional roles and re spon si bil i ties

1.2.4 Se cu rity con trol frame works

1.2.5 Due care/due dili gence

1.6 De velop, doc u ment, and im ple ment se cu rity pol icy, stan dards, pro ce dures, and guide lines

1.10 Un der stand and ap ply threat mod el ing con cepts and method olo gies

1.10.1 Threat mod el ing method olo gies

1.10.2 Threat mod el ing con cepts

1.11 Ap ply risk-based man age ment con cepts to the sup ply chain

1.11.1 Risks as so ci ated with hard ware, soft ware, and ser vices

1.11.2 Third-party as sess ment and mon i tor ing

1.11.3 Min i mum se cu rity re quire ments

1.11.4 Ser vice-level re quire ments

The Se cu rity and Risk Man age ment do main of the Com mon Body of Knowl edge (CBK) for the CISSP cer ti fi ca tion exam deals with many of the foun da tional el e ments of se cu rity so lu tions. These in clude el e ments es sen tial to the de sign, im ple men ta tion, and ad min is tra tion of se cu rity mech a nisms. Ad di tional el e ments of this do main are dis cussed in var i ous chap ters: Chap ter 2, “Per sonal Se cu rity and Risk Man age ment Con cepts”; Chap ter 3, “Busi ness Con ti nu ity Plan ning”; Chap ter 4, “Laws, Reg u la tions, and Com pli ance”; and Chap ter 19, “In ves ti ga tions and Ethics.” Please be sure to re view all of these chap ters to have a com plete per spec tive on the top ics of this do main.

Un der stand and Ap ply Con cepts of Con fi den tial ity, In tegrity, and Avail abil ity

Se cu rity man age ment con cepts and prin ci ples are in her ent el e ments in a se cu rity pol icy and so lu tion de ploy ment. They de fine the ba sic pa ram e ters needed for a se cure en vi ron ment. They also de fine the goals and ob jec tives that both pol icy de sign ers and sys tem im ple menters must achieve to cre ate a se cure so lu tion. It is im por tant for real-world se cu rity pro fes sion als, as well as CISSP exam stu dents, to un der stand these items thor oughly. This chap ter in cludes a range of top ics re lated to the gov er nance of se cu rity for global en ter prises as well as smaller busi nesses.

Se cu rity must start some where. Of ten that some where is the list of most im por tant se cu rity prin ci ples. In such a list, con fi den tial ity, in tegrity, and avail abil ity (CIA) are usu ally present be cause these are typ i cally viewed as the pri mary goals and ob jec tives of a se cu rity in fra struc ture. They are so com monly seen as se cu rity es sen tials that they are ref er enced by the term CIA Triad (see Fig ure 1.1).

31

FIG URE 1.1 The CIA Triad

Se cu rity con trols are typ i cally eval u ated on how well they ad dress these three core in for ma tion se cu rity tenets. Over all, a com plete se cu rity so lu tion should ad e quately ad dress each of these tenets. Vul ner a bil i ties and risks are also eval u ated based on the threat they pose against one or more of the CIA Triad prin ci ples. Thus, it is a good idea to be fa mil iar with these prin ci ples and use them as guide lines for judg ing all things re lated to se cu rity.

These three prin ci ples are con sid ered the most im por tant within the realm of se cu rity. How ever im por tant each spe cific prin ci ple is to a spe cific or ga ni za tion de pends on the or ga ni za tion’s se cu rity goals and re quire ments and on the ex tent to which the or ga ni za tion’s se cu rity might be threat ened.

Con fi den tial ity

The first prin ci ple of the CIA Triad is con fi den tial ity. Con fi den tial ity is the con cept of the mea sures used to en sure the pro tec tion of the se crecy of data, ob jects, or re sources. The goal of con fi den tial ity pro tec tion is to pre vent or min i mize unau tho rized ac cess to data. Con fi den tial ity fo cuses se cu rity mea sures on en sur ing that no one other than the in tended re cip i ent of a mes sage re ceives it or is able to read it. Con fi den tial ity pro tec tion pro vides a means for au tho rized users to ac cess and in ter act with re sources, but it ac tively pre vents unau tho rized users from do ing so. A wide range of se cu rity con trols can pro vide pro tec tion for con fi den tial ity, in clud ing, but not lim ited to, en cryp tion, ac cess con trols, and steganog ra phy.

If a se cu rity mech a nism of fers con fi den tial ity, it of fers a high level of as sur ance that data, ob jects, or re sources are re stricted from unau tho rized sub jects. If a threat ex ists against con fi den tial ity, unau tho rized dis clo sure could take place. An ob ject is the pas sive el e ment in a se cu rity re la tion ship, such as files, com put ers, net work con nec tions, and ap pli ca tions. A sub ject is the ac tive el e ment in a se cu rity re la tion ship, such as users, pro grams, and com put ers. A sub ject acts upon or against an ob ject. The man age ment of the re la tion ship be tween sub jects and ob jects is known as ac cess con trol.

In gen eral, for con fi den tial ity to be main tained on a net work, data must be pro tected from unau tho rized ac cess, use, or dis clo sure while in stor age, in process, and in tran sit. Unique and spe cific se cu rity con trols are re quired for each of these states of data, re sources, and ob jects to main tain con fi den tial ity.

Nu mer ous at tacks fo cus on the vi o la tion of con fi den tial ity. These in clude cap tur ing net work traf fic and steal ing pass word files as well as so cial en gi neer ing, port scan ning, shoul der surf ing, eaves drop ping, sniff ing, es ca la tion of priv i leges, and so on.

Vi o la tions of con fi den tial ity are not lim ited to di rected in ten tional at tacks. Many in stances of unau tho rized dis clo sure of sen si tive or con fi den tial in for ma tion are the re sult of hu man er ror, over sight, or in ep ti tude. Events that lead to con fi den tial ity breaches in clude fail ing to prop erly en crypt a trans mis sion, fail ing to fully au then ti cate a re mote sys tem be fore trans fer ring data, leav ing open oth er wise se cured ac cess points, ac cess ing ma li cious code that opens a back door, mis routed faxes, doc u ments left on print ers, or even walk ing away from an ac cess ter mi nal while data is dis played on the mon i tor. Con fi den tial ity vi o la tions can re sult from the ac tions of an end user or a sys tem ad min is tra tor. They can also oc cur be cause of an over sight in a se cu rity pol icy or a mis con fig ured se cu rity con trol.

Nu mer ous coun ter mea sures can help en sure con fi den tial ity against pos si ble threats. These in clude en cryp tion, net work traf fic pad ding, strict ac cess con trol, rig or ous au then ti ca tion pro ce dures, data clas si fi ca tion, and ex ten sive per son nel train ing.

32

Con fi den tial ity and in tegrity de pend on each other. With out ob ject in tegrity (in other words, the in abil ity of an ob ject to be mod i fied with out per mis sion), con fi den tial ity can not be main tained. Other con cepts, con di tions, and as pects of con fi den tial ity in clude the fol low ing:

Sen si tiv ity Sen si tiv ity refers to the qual ity of in for ma tion, which could cause harm or dam age if dis closed. Main tain ing con fi den tial ity of sen si tive in for ma tion helps to pre vent harm or dam age.

Dis cre tion Dis cre tion is an act of de ci sion where an op er a tor can in flu ence or con trol dis clo sure in or der to min i mize harm or dam age.

Crit i cal ity The level to which in for ma tion is mis sion crit i cal is its mea sure of crit i cal ity. The higher the level of crit i cal ity, the more likely the need to main tain the con fi den tial ity of the in for ma tion. High lev els of crit i cal ity are es sen tial to the op er a tion or func tion of an or ga ni za tion.

Con ceal ment Con ceal ment is the act of hid ing or pre vent ing dis clo sure. Of ten con ceal ment is viewed as a means of cover, ob fus ca tion, or dis trac tion. A re lated con cept to con ceal ment is se cu rity through ob scu rity, which is the con cept of at tempt ing to gain pro tec tion through hid ing, si lence, or se crecy. While se cu rity through ob scu rity is typ i cally not con sid ered a valid se cu rity mea sure, it may still have value in some cases.

Se crecy Se crecy is the act of keep ing some thing a se cret or pre vent ing the dis clo sure of in for ma tion.

Pri vacy Pri vacy refers to keep ing in for ma tion con fi den tial that is per son ally iden ti fi able or that might cause harm, em bar rass ment, or dis grace to some one if re vealed.

Seclu sion Seclu sion in volves stor ing some thing in an out-of-the-way lo ca tion. This lo ca tion can also pro vide strict ac cess con trols. Seclu sion can help en force ment of con fi den tial ity pro tec tions.

Iso la tion Iso la tion is the act of keep ing some thing sep a rated from oth ers. Iso la tion can be used to pre vent com min gling of in for ma tion or dis clo sure of in for ma tion.

Each or ga ni za tion needs to eval u ate the nu ances of con fi den tial ity they wish to en force. Tools and tech nol ogy that im ple ments one form of con fi den tial ity might not sup port or al low other forms.

In tegrity The sec ond prin ci ple of the CIA Triad is in tegrity. In tegrity is the con cept of pro tect ing the re li a bil ity and

cor rect ness of data. In tegrity pro tec tion pre vents unau tho rized al ter ations of data. It en sures that data re mains cor rect, un al tered, and pre served. Prop erly im ple mented in tegrity pro tec tion pro vides a means for au tho rized changes while pro tect ing against in tended and ma li cious unau tho rized ac tiv i ties (such as viruses and in tru sions) as well as mis takes made by au tho rized users (such as mis takes or over sights).

For in tegrity to be main tained, ob jects must re tain their ve rac ity and be in ten tion ally mod i fied by only au tho rized sub jects. If a se cu rity mech a nism of fers in tegrity, it of fers a high level of as sur ance that the data, ob jects, and re sources are un al tered from their orig i nal pro tected state. Al ter ations should not oc cur while the ob ject is in stor age, in tran sit, or in process. Thus, main tain ing in tegrity means the ob ject it self is not al tered and the op er at ing sys tem and pro gram ming en ti ties that man age and ma nip u late the ob ject are not com pro mised.

In tegrity can be ex am ined from three per spec tives:

Pre vent ing unau tho rized sub jects from mak ing mod i fi ca tions

Pre vent ing au tho rized sub jects from mak ing unau tho rized mod i fi ca tions, such as mis takes

Main tain ing the in ter nal and ex ter nal con sis tency of ob jects so that their data is a cor rect and true re flec tion of the real world and any re la tion ship with any child, peer, or par ent ob ject is valid, con sis tent, and ver i fi able

For in tegrity to be main tained on a sys tem, con trols must be in place to re strict ac cess to data, ob jects, and re sources. Ad di tion ally, ac tiv ity log ging should be em ployed to en sure that only au tho rized users are able to ac cess their re spec tive re sources. Main tain ing and val i dat ing ob ject in tegrity across stor age, trans port, and pro cess ing re quires nu mer ous vari a tions of con trols and over sight.

Nu mer ous at tacks fo cus on the vi o la tion of in tegrity. These in clude viruses, logic bombs, unau tho rized ac cess, er rors in cod ing and ap pli ca tions, ma li cious mod i fi ca tion, in ten tional re place ment, and sys tem back doors.

As with con fi den tial ity, in tegrity vi o la tions are not lim ited to in ten tional at tacks. Hu man er ror, over sight, or in ep ti tude ac counts for many in stances of unau tho rized al ter ation of sen si tive in for ma tion. Events that lead to in tegrity breaches in clude mod i fy ing or delet ing files; en ter ing in valid data; al ter ing con fig u ra tions, in clud ing er rors in com mands, codes, and scripts; in tro duc ing a virus; and ex e cut ing ma li cious code such as a Tro jan horse. In tegrity vi o la tions can oc cur be cause of the ac tions of any user, in clud ing ad min is tra tors. They can also oc cur be cause of an over sight in a se cu rity pol icy or a mis con fig ured se cu rity con trol.

33

Nu mer ous coun ter mea sures can en sure in tegrity against pos si ble threats. These in clude strict ac cess con trol, rig or ous au then ti ca tion pro ce dures, in tru sion de tec tion sys tems, ob ject/data en cryp tion, hash to tal ver i fi ca tions (see Chap ter 6, “Cryp tog ra phy and Sym met ric Key Al go rithms”), in ter face re stric tions, in put/func tion checks, and ex ten sive per son nel train ing.

In tegrity is de pen dent on con fi den tial ity. Other con cepts, con di tions, and as pects of in tegrity in clude the fol low ing:

Ac cu racy: Be ing cor rect and pre cise

Truth ful ness: Be ing a true re flec tion of re al ity

Au then tic ity: Be ing au then tic or gen uine

Va lid ity: Be ing fac tu ally or log i cally sound

Non re pu di a tion: Not be ing able to deny hav ing per formed an ac tion or ac tiv ity or be ing able to ver ify the ori gin of a com mu ni ca tion or event

Ac count abil ity: Be ing re spon si ble or ob li gated for ac tions and re sults

Re spon si bil ity: Be ing in charge or hav ing con trol over some thing or some one

Com plete ness: Hav ing all needed and nec es sary com po nents or parts

Com pre hen sive ness: Be ing com plete in scope; the full in clu sion of all needed el e ments

Non re pu di a tion

Non re pu di a tion en sures that the sub ject of an ac tiv ity or who caused an event can not deny that the event oc curred. Non re pu di a tion pre vents a sub ject from claim ing not to have sent a mes sage, not to have per formed an ac tion, or not to have been the cause of an event. It is made pos si ble through iden ti fi ca tion, au then ti ca tion, au tho riza tion, ac count abil ity, and au dit ing. Non re pu di a tion can be es tab lished us ing dig i tal cer tifi cates, ses sion iden ti fiers, trans ac tion logs, and nu mer ous other trans ac tional and ac cess con trol mech a nisms. A sys tem built with out proper en force ment of non re pu di a tion does not pro vide ver i fi ca tion that a spe cific en tity per formed a cer tain ac tion. Non re pu di a tion is an es sen tial part of ac count abil ity. A sus pect can not be held ac count able if they can re pu di ate the claim against them.

Avail abil ity The third prin ci ple of the CIA Triad is avail abil ity, which means au tho rized sub jects are granted timely

and un in ter rupted ac cess to ob jects. Of ten, avail abil ity pro tec tion con trols sup port suf fi cient band width and time li ness of pro cess ing as deemed nec es sary by the or ga ni za tion or sit u a tion. If a se cu rity mech a nism of fers avail abil ity, it of fers a high level of as sur ance that the data, ob jects, and re sources are ac ces si ble to au tho rized sub jects. Avail abil ity in cludes ef fi cient un in ter rupted ac cess to ob jects and pre ven tion of de nial-of-ser vice (DoS) at tacks. Avail abil ity also im plies that the sup port ing in fra struc ture—in clud ing net work ser vices, com mu ni ca tions, and ac cess con trol mech a nisms—is func tional and al lows au tho rized users to gain au tho rized ac cess.

For avail abil ity to be main tained on a sys tem, con trols must be in place to en sure au tho rized ac cess and an ac cept able level of per for mance, to quickly han dle in ter rup tions, to pro vide for re dun dancy, to main tain re li able back ups, and to pre vent data loss or de struc tion.

There are nu mer ous threats to avail abil ity. These in clude de vice fail ure, soft ware er rors, and en vi ron men tal is sues (heat, static, flood ing, power loss, and so on). There are also some forms of at tacks that fo cus on the vi o la tion of avail abil ity, in clud ing DoS at tacks, ob ject de struc tion, and com mu ni ca tion in ter rup tions.

As with con fi den tial ity and in tegrity, vi o la tions of avail abil ity are not lim ited to in ten tional at tacks. Many in stances of unau tho rized al ter ation of sen si tive in for ma tion are caused by hu man er ror, over sight, or in ep ti tude. Some events that lead to avail abil ity breaches in clude ac ci den tally delet ing files, overuti liz ing a hard ware or soft ware com po nent, un der-al lo cat ing re sources, and mis la bel ing or in cor rectly clas si fy ing ob jects. Avail abil ity vi o la tions can oc cur be cause of the ac tions of any user, in clud ing ad min is tra tors. They can also oc cur be cause of an over sight in a se cu rity pol icy or a mis con fig ured se cu rity con trol.

Nu mer ous coun ter mea sures can en sure avail abil ity against pos si ble threats. These in clude de sign ing in ter me di ary de liv ery sys tems prop erly, us ing ac cess con trols ef fec tively, mon i tor ing per for mance and net work traf fic, us ing fire walls and routers to pre vent DoS at tacks, im ple ment ing re dun dancy for crit i cal sys tems, and main tain ing and test ing backup sys tems. Most se cu rity poli cies, as well as busi ness con ti nu ity

34

plan ning (BCP), fo cus on the use of fault tol er ance fea tures at the var i ous lev els of ac cess/stor age/se cu rity (that is, disk, server, or site) with the goal of elim i nat ing sin gle points of fail ure to main tain avail abil ity of crit i cal sys tems.

Avail abil ity de pends on both in tegrity and con fi den tial ity. With out in tegrity and con fi den tial ity, avail abil ity can not be main tained. Other con cepts, con di tions, and as pects of avail abil ity in clude the fol low ing:

Us abil ity: The state of be ing easy to use or learn or be ing able to be un der stood and con trolled by a sub ject

Ac ces si bil ity: The as sur ance that the widest range of sub jects can in ter act with a re source re gard less of their ca pa bil i ties or lim i ta tions

Time li ness: Be ing prompt, on time, within a rea son able time frame, or pro vid ing low-la tency re sponse

 CIA Pri or ity

Ev ery or ga ni za tion has unique se cu rity re quire ments. On the CISSP exam, most se cu rity con cepts are dis cussed in gen eral terms, but in the real world, gen eral con cepts and best prac tices don’t get the job done. The man age ment team and se cu rity team must work to gether to pri or i tize an or ga ni za tion’s se cu rity needs. This in cludes es tab lish ing a bud get and spend ing plan, al lo cat ing ex per tise and hours, and fo cus ing the in for ma tion tech nol ogy (IT) and se cu rity staff ef forts. One key as pect of this ef fort is to pri or i tize the se cu rity re quire ments of the or ga ni za tion. Know ing which tenet or as set is more im por tant than an other guides the cre ation of a se cu rity stance and ul ti mately the de ploy ment of a se cu rity so lu tion. Of ten, get ting started in es tab lish ing pri or i ties is a chal lenge. A pos si ble so lu tion to this chal lenge is to start with pri or i tiz ing the three pri mary se cu rity tenets of con fi den tial ity, in tegrity, and avail abil ity. Defin ing which of these el e ments is most im por tant to the or ga ni za tion is es sen tial in craft ing a suf fi cient se cu rity so lu tion. This es tab lishes a pat tern that can be repli cated from con cept through de sign, ar chi tec ture, de ploy ment, and fi nally, main te nance.

Do you know the pri or ity your or ga ni za tion places on each of the com po nents of the CIA Triad? If not, find out.

An in ter est ing gen er al iza tion of this con cept of CIA pri or i ti za tion is that in many cases mil i tary and gov ern ment or ga ni za tions tend to pri or i tize con fi den tial ity above in tegrity and avail abil ity, whereas pri vate com pa nies tend to pri or i tize avail abil ity above con fi den tial ity and in tegrity. Al though such pri or i ti za tion fo cuses ef forts on one as pect of se cu rity over an other, it does not im ply that the sec ond or third pri or i tized items are ig nored or im prop erly ad dressed. An other per spec tive on this is dis cov ered when com par ing stan dard IT sys tems with Op er a tional Tech nol ogy (OT) sys tems such as pro gram mable logic con trollers (PLCs), su per vi sory con trol and data ac qui si tion (SCADA), and MES (Man u fac tur ing Ex e cu tion Sys tems) de vices and sys tems used on man u fac tur ing plant floors. IT sys tems, even in pri vate com pa nies, tend to fol low the CIA Triad; how ever, OT sys tems tend to fol low the AIC Triad, where avail abil ity is pri or i tized over all and in tegrity is val ued over con fi den tial ity. Again, this is just a gen er al iza tion but one that may serve you well in de ci pher ing ques tions on the CISSP exam. Each in di vid ual or ga ni za tion de cides its own se cu rity pri or i ties.

Other Se cu rity Con cepts In ad di tion to the CIA Triad, you need to con sider a plethora of other se cu rity-re lated con cepts and

prin ci ples when de sign ing a se cu rity pol icy and de ploy ing a se cu rity so lu tion.

You may have heard of the con cept of AAA ser vices. The three A’s in this ab bre vi a tion re fer to au then ti ca tion, au tho riza tion, and ac count ing (or some times au dit ing). How ever, what is not as clear is that al though there are three let ters in the acro nym, it ac tu ally refers to five el e ments: iden ti fi ca tion, au then ti ca tion, au tho riza tion, au dit ing, and ac count ing. These five el e ments rep re sent the fol low ing pro cesses of se cu rity:

Iden ti fi ca tion: Claim ing to be an iden tity when at tempt ing to ac cess a se cured area or sys tem

Au then ti ca tion: Prov ing that you are that iden tity

Au tho riza tion: Defin ing the per mis sions (i.e., al low/grant and/or deny) of a re source and ob ject ac cess for a spe cific iden tity

Au dit ing: Record ing a log of the events and ac tiv i ties re lated to the sys tem and sub jects

35

Ac count ing (aka ac count abil ity): Re view ing log files to check for com pli ance and vi o la tions in or der to hold sub jects ac count able for their ac tions

Al though AAA is typ i cally ref er enced in re la tion to au then ti ca tion sys tems, it is ac tu ally a foun da tional con cept for se cu rity. Miss ing any of these five el e ments can re sult in an in com plete se cu rity mech a nism. The fol low ing sec tions dis cuss iden ti fi ca tion, au then ti ca tion, au tho riza tion, au dit ing, and ac count abil ity (see Fig ure 1.2).

FIG URE 1.2 The five el e ments of AAA ser vices

Iden ti fi ca tion

Iden ti fi ca tion is the process by which a sub ject pro fesses an iden tity and ac count abil ity is ini ti ated. A sub ject must pro vide an iden tity to a sys tem to start the process of au then ti ca tion, au tho riza tion, and ac count abil ity (AAA). Pro vid ing an iden tity can in volve typ ing in a user name; swip ing a smart card; wav ing a prox im ity de vice; speak ing a phrase; or po si tion ing your face, hand, or fin ger for a cam era or scan ning de vice. Pro vid ing a process ID num ber also rep re sents the iden ti fi ca tion process. With out an iden tity, a sys tem has no way to cor re late an au then ti ca tion fac tor with the sub ject.

Once a sub ject has been iden ti fied (that is, once the sub ject’s iden tity has been rec og nized and ver i fied), the iden tity is ac count able for any fur ther ac tions by that sub ject. IT sys tems track ac tiv ity by iden ti ties, not by the sub jects them selves. A com puter doesn’t know one hu man from an other, but it does know that your user ac count is dif fer ent from all other user ac counts. A sub ject’s iden tity is typ i cally la beled as, or con sid ered to be, pub lic in for ma tion. How ever, sim ply claim ing an iden tity does not im ply ac cess or au thor ity. The iden tity must be proven (au then ti ca tion) or ver i fied (en sur ing non re pu di a tion) be fore ac cess to con trolled re sources is al lowed (ver i fy ing au tho riza tion). That process is au then ti ca tion.

Au then ti ca tion

The process of ver i fy ing or test ing that the claimed iden tity is valid is au then ti ca tion. Au then ti ca tion re quires the sub ject to pro vide ad di tional in for ma tion that cor re sponds to the iden tity they are claim ing. The most com mon form of au then ti ca tion is us ing a pass word (this in cludes the pass word vari a tions of per sonal iden ti fi ca tion num bers (PINs) and passphrases). Au then ti ca tion ver i fies the iden tity of the sub ject by com par ing one or more fac tors against the data base of valid iden ti ties (that is, user ac counts). The au then ti ca tion fac tor used to ver ify iden tity is typ i cally la beled as, or con sid ered to be, pri vate in for ma tion. The ca pa bil ity of the sub ject and sys tem to main tain the se crecy of the au then ti ca tion fac tors for iden ti ties di rectly re flects the level of se cu rity of that sys tem. If the process of il le git i mately ob tain ing and us ing the au then ti ca tion fac tor of a tar get user is rel a tively easy, then the au then ti ca tion sys tem is in se cure. If that process is rel a tively dif fi cult, then the au then ti ca tion sys tem is rea son ably se cure.

Iden ti fi ca tion and au then ti ca tion are of ten used to gether as a sin gle two-step process. Pro vid ing an iden tity is the first step, and pro vid ing the au then ti ca tion fac tors is the sec ond step. With out both, a sub ject can not gain ac cess to a sys tem—nei ther el e ment alone is use ful in terms of se cu rity. In some sys tems, it may seem as if you are pro vid ing only one el e ment but gain ing ac cess, such as when key ing in an ID code or a PIN. How ever, in these cases ei ther the iden ti fi ca tion is han dled by an other means, such as phys i cal lo ca tion, or au then ti ca tion is as sumed by your abil ity to ac cess the sys tem phys i cally. Both iden ti fi ca tion and au then ti ca tion take place, but you might not be as aware of them as when you man u ally type in both a name and a pass word.

A sub ject can pro vide sev eral types of au then ti ca tion—for ex am ple, some thing you know (e.g., pass words, PINs), some thing you have (e.g., keys, to kens, smart cards), some thing you are (e.g., bio met rics, such as fin ger prints, iris, or voice recog ni tion), and so on. Each au then ti ca tion tech nique or fac tor has its unique ben e fits and draw backs. Thus, it is im por tant to eval u ate each mech a nism in light of the en vi ron ment in

36

which it will be de ployed to de ter mine vi a bil ity. (We dis cuss au then ti ca tion at length in Chap ter 13, “Man ag ing Iden tity and Au then ti ca tion.”)

Au tho riza tion

Once a sub ject is au then ti cated, ac cess must be au tho rized. The process of au tho riza tion en sures that the re quested ac tiv ity or ac cess to an ob ject is pos si ble given the rights and priv i leges as signed to the au then ti cated iden tity. In most cases, the sys tem eval u ates an ac cess con trol ma trix that com pares the sub ject, the ob ject, and the in tended ac tiv ity. If the spe cific ac tion is al lowed, the sub ject is au tho rized. If the spe cific ac tion is not al lowed, the sub ject is not au tho rized.

Keep in mind that just be cause a sub ject has been iden ti fied and au then ti cated does not mean they have been au tho rized to per form any func tion or ac cess all re sources within the con trolled en vi ron ment. It is pos si ble for a sub ject to be logged onto a net work (that is, iden ti fied and au then ti cated) but to be blocked from ac cess ing a file or print ing to a printer (that is, by not be ing au tho rized to per form that ac tiv ity). Most net work users are au tho rized to per form only a lim ited num ber of ac tiv i ties on a spe cific col lec tion of re sources. Iden ti fi ca tion and au then ti ca tion are all-or-noth ing as pects of ac cess con trol. Au tho riza tion has a wide range of vari a tions be tween all or noth ing for each ob ject within the en vi ron ment. A user may be able to read a file but not delete it, print a doc u ment but not al ter the print queue, or log on to a sys tem but not ac cess any re sources. Au tho riza tion is usu ally de fined us ing one of the mod els of ac cess con trol, such as Dis cre tionary Ac cess Con trol (DAC), Manda tory Ac cess Con trol (MAC), or Role Based Ac cess Con trol (RBAC or role-BAC); see Chap ter 14, “Con trol ling and Mon i tor ing Ac cess.”

Au dit ing

Au dit ing, or mon i tor ing, is the pro gram matic means by which a sub ject’s ac tions are tracked and recorded for the pur pose of hold ing the sub ject ac count able for their ac tions while au then ti cated on a sys tem. It is also the process by which unau tho rized or ab nor mal ac tiv i ties are de tected on a sys tem. Au dit ing is record ing ac tiv i ties of a sub ject and its ob jects as well as record ing the ac tiv i ties of core sys tem func tions that main tain the op er at ing en vi ron ment and the se cu rity mech a nisms. The au dit trails cre ated by record ing sys tem events to logs can be used to eval u ate the health and per for mance of a sys tem. Sys tem crashes may in di cate faulty pro grams, cor rupt dr

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.