page 1 © deloitte & touche 2000 security and the system administrator william hugh murray 24...
TRANSCRIPT
Page 1© Deloitte & Touche 2000
Security and the System Administrator
Security and the System Administrator
William Hugh Murray24 East Avenue
Suite 1362New Canaan, CT 06840
(203)[email protected]
Page 2© Deloitte & Touche 2000
Security and the System Administrator
Bio William Hugh Murray
Bill Murray is information system security consultant toDeloitte & Touche. He has more than thirty-five yearsexperience in data processing and more than twenty insecurity.
During more than twenty-five years with IBM his managementresponsibilities included development of access controlprograms, advising IBM customers on security, and thearticulation of the security product plan.
In 1987 he received the Fitzgerald Memorial Award forleadership in data security. In 1989 he received the JosephJ. Wasserman Award for contributions to security, audit andcontrol.
Mr. Murray holds the Bachelor of Science degree in BusinessAdministration from Louisiana State University, and is agraduate of the Jesuit Preparatory High School of NewOrleans.
Page 3© Deloitte & Touche 2000
Security and the System Administrator
Abstract
Everything that business or government does with computers or communications becomes part of the social and economic infra-structure of the twenty-first century. Much of the configuration and operation of this novel and critical infrastructure will be in the hands of the system and network administrators. They are often the first to be called when the infrastructure is stressed or breaks, but their training is often on-the-job, remedial, and late. Although they understand the weaknesses and limitations of their materials all too well, they are rarely taught how to compensate for those weaknesses. Out of necessity, their security approach tends to be reactive and remedial.
This presentation will provide system and network administrators with a set of broadly applicable strategies and proactive approaches they can use to protect systems from outside interference and contamination, provide appropriate application con-trols, and protect their networks from undesired traffic. Among other things, it will address policy and service-level agreements; when to plan and for what; effective use of access controls; strong network perimeters and how to compensate for leaks; and how to use weak materials to build strong systems.
Page 4© Deloitte & Touche 2000
Security and the System Administrator
Security Objectives
Protect Applications from Interference or Contamination
Preserve Confidentiality, Integrity, and Availability of Data
Protect employees from temptation and suspicion Preserve the continuity of the business Protect Management from Charges of Imprudence
Page 5© Deloitte & Touche 2000
Security and the System Administrator
$
Security
Cost of Losses
Page 6© Deloitte & Touche 2000
Security and the System Administrator
$
Security
Cost of Losses
Cost of Security
Page 7© Deloitte & Touche 2000
Security and the System Administrator
$
Security
Cost of Losses
Cost of SecurityTotal Cost
Page 8© Deloitte & Touche 2000
Security and the System Administrator
Character of Costs
Cost of Losses:
infrequent irregular uncertain unexpected threatening
Cost of Security:
frequent regular certain budgeted cost of doing business
Page 9© Deloitte & Touche 2000
Security and the System Administrator
Sources of loss
Page 10© Deloitte & Touche 2000
Security and the System Administrator
Other sources of loss
All acts by outsiders
malicious programs Trojan Horses Viruses Logic bombs Worms Other
espionage
Page 11© Deloitte & Touche 2000
Security and the System Administrator
Consequences
Frequency
Lo Hi
Lo
Hi
Jacobson’s Window
Page 12© Deloitte & Touche 2000
Security and the System Administrator
Consequences
Frequency
Lo Hi
Lo
Hi Empty
Jacobson’s Window
Page 13© Deloitte & Touche 2000
Security and the System Administrator
Consequences
Frequency
Lo Hi
Lo
Hi
Trivial
Jacobson’s Window
Page 14© Deloitte & Touche 2000
Security and the System Administrator
Consequences
Frequency
Lo Hi
Lo
HiFireFraudEarthquake
Jacobson’s Window
Page 15© Deloitte & Touche 2000
Security and the System Administrator
Consequences
Frequency
Lo Hi
Lo
HiInsurance & Planning
Jacobson’s Window
Page 16© Deloitte & Touche 2000
Security and the System Administrator
Consequences
Frequency
Lo Hi
Lo
Hi
Errors &Omissions
Jacobson’s Window
Page 17© Deloitte & Touche 2000
Security and the System Administrator
Consequences
Frequency
Lo Hi
Lo
Hi
Security &Management
Jacobson’s Window
Page 18© Deloitte & Touche 2000
Security and the System Administrator
Characterization of Threats and Vulnerabilities
natural v. accidental v. insiders v. passive v. manual v. trial and error v. local v.
man-made
intentional
outsiders
active
automatic
systematic
global
Page 19© Deloitte & Touche 2000
Security and the System Administrator
Attacks & Attackers
“social engineering” guessing short dictionary or sweet list long dictionary exhaustive browsing eavesdropping spoofing
password grabbers Trojan Horses
Page 20© Deloitte & Touche 2000
Security and the System Administrator
Targets
Targets of Opportunity highly visible low cost of attack unknown value of success
Page 21© Deloitte & Touche 2000
Security and the System Administrator
Cost of Attack
WorkAccess Indifference to detectionSpecial KnowledgeTime to corrective actionAny one can reduce the requirements for any of the
others; there is enough of these in the world to break any system.
Page 22© Deloitte & Touche 2000
Security and the System Administrator
Cost of Attack
WorkAccess Indifference to detectionSpecial KnowledgeTime to corrective actionAny one can reduce the requirements for any of the
others; there is enough of these in the world to break any system.
Page 23© Deloitte & Touche 2000
Security and the System Administrator
Cost of Attack
WorkAccess Indifference to detectionSpecial KnowledgeTime to corrective actionAny one can reduce the requirements for any of the
others; there is enough of these in the world to break any system.
Page 24© Deloitte & Touche 2000
Security and the System Administrator
Targets
Targets of Opportunity highly visible low cost of attack unknown value of success
Targets of Choice expected value of success greater than expected cost of attack
Page 25© Deloitte & Touche 2000
Security and the System Administrator
Value of Success
Computer timeData, information, knowledge,
application valueAccess to other networks IdentityAnonymityTrust or confidence
Page 26© Deloitte & Touche 2000
Security and the System Administrator
Cost to Victim
Loss of confidentialityLoss of integrity Loss of reliability and trust Loss of use Liability to third partiesLoss of resources for restoration
Page 27© Deloitte & Touche 2000
Security and the System Administrator
Cost of System Security is measured in :
GeneralityFlexibilityPerformance And Functionality
Get used to it!
Page 28© Deloitte & Touche 2000
Security and the System Administrator
Courtney’s Laws
Nothing useful can be said about security except in the context of an application and an environment.
Never spend more money eliminating a vulnerability than tolerating it will cost you.
There are management solutions to technical problems but there are no technical solutions to management problems.
Page 29© Deloitte & Touche 2000
Security and the System Administrator
safe environment management direction supervision accountability copies of the data access control secret codes (crypto) contingency planning
Efficient Security Measures:
Page 30© Deloitte & Touche 2000
Security and the System Administrator
Policy
A statement of management’s intent Expressed as objectives or practices Translated to access control policy Mapped to a system policy
Page 31© Deloitte & Touche 2000
Security and the System Administrator
Why Systems Fail?
Poor Design Inadequate Materials Poor Fabrication Poor Maintenance Improper Operation Abuse and Misuse
Page 32© Deloitte & Touche 2000
Security and the System Administrator
Sufficient Conditions for the Success of a Virus
Large population of similar machines
Sharing within the populationA place for the virus to store the
replicaA way for it to get itself executed(Creates replicas faster than they
are destroyed)
Page 33© Deloitte & Touche 2000
Security and the System Administrator
Enterprise Security in the 90s
Inadequate expression of management intent
Multiple signons, ids, and passwords Multiple points of control Unsafe defaults Complex administration Late recognition of problems
We are being overwhelmed once more!
Page 35© Deloitte & Touche 2000
Security and the System Administrator
Recommendations
Prefer single application or single user system to multi-application multi-user (think servers)
Hide operating systems from the network
Restrict write access…. ….to a single process per
object Restrict read access to
mutable objects….. …. to those who can
change them Application end-to-end
encryption (PPTP, L2TP, other)
Scan for viruses in and out
Scan for viruses on desktop and servers.
Scan for viruses Layer your defenses. Prefer application-aware
composed firewalls between layers.
Man the walls! Economy of Logon Client-side strong
authentication
Page 36© Deloitte & Touche 2000
Security and the System Administrator
Strong Authentication
Two kinds of evidence from list of something one person knows (e.g., pass-phrase) has, (token) is, (biometric, e.g., visage) or can do (e.g., speech)
At least one of which is resistant to replay
Page 37© Deloitte & Touche 2000
Security and the System Administrator
“We are not building toy systems anymore.”