Professional Windows Server 1002003 Security A Technical Reference [Electronic resources] نسخه متنی

Classic Security Principles: Confidentiality, Integrity, and Accounting

The next step in learning about security is understanding and implementing the three classic security principles: confidentiality, integrity, and accounting (CIA). Confidentiality is the ability to keep things secret. Integrity is ensuring that things remain the same unless a change is authorized. Accounting, sometimes referred to as auditing, is the process of making sure that things are the way they are supposed to be.

WHAT ABOUT AVAILABILITY?

Some information security professionals use the A in CIA to stand for availability. In a security context, availability means that information should be available to those who are authorized to use it. This is an important concept. We all have had experience with a computer that is so secure that no one can use the information on it. We all can relate to unrealistic demands for security that make our job difficult, if not impossible, to do. Keep availability in mind whenever designing or implementing security.

Confidentiality

Four major technical controls are used to keep information on computer systems secret: encryption, permissions, user rights, and authentication. Encryption scrambles data so that it cannot be deciphered unless the key is known. Permissions determine who can do what with which information. Can an individual read a file? Change it? Delete it? This is determined by setting permissions. Files, however, are not the only objects controlled by permissions. Applications (who can run them), folders, and printers, and in Windows systems, registry keys and Active Directory objects, are protected by setting permissions. User rights grant users the ability to perform some function. If performing that function is a prerequisite for getting access to the data container, then the user right can be said to be aiding confidentiality. Authentication is the process of proving that we are who we say we are. (Actually, authentication only proves or disproves who we say we are. If, for example, you know my password and then use it to log on using my account, you are me on the computer system or network.) User rights and permissions are based on the identity of the user attempting to do or access something. Authentication proves that we have the right to act as that identity.Chapter 2, "Authentication: Proof of Identity," explores authentication in Windows Server 2003, including a discussion of Kerberos and NTLM. In it, you will learn how authentication works and how to make it operate better.

Chapter 3, "AuthorizationLimiting System Access and Controlling User Behavior," discusses user rights and permissions basics.

Software Restriction Policies and Authorization Manager, two new tools for software management, are detailed in Chapter 4, "Restricting Access to Software; Restricting Software's Access to Resources."

Chapter 5, "Controlling Access to Data," details access permissions in NTFS with special attention to permission inheritance. NTFS presents a granular access control system for files and folders, but it is complex. Its nuances can be difficult to understand, and then just when you think you grasp them, a new version of the operating system may change that meaning. This chapter also provides information about protecting shares and using WebDAV.Chapter 6, "EFS Basics." Encrypting data at rest is a good way to keep unauthorized people from viewing it, but EFS should not be used without a thorough understanding of how it works and where it is vulnerable.Chapter 7, "Active Directory's Role in Domain Security," explains how to implement and work with authentication, user rights, permissions, and encryption in a domain environment.

Chapter 8, "Trust," explains trusts in an Active Directory forest and explains trusts between domains in different forests. New to Windows Server 2003, the forest trust, selective authentication, and the new permission "allowed to authenticate" are also covered. Trusts make possible the assignment of user rights and permissions to objects across domain and forest boundaries. This is a critical issue. Although trusts can make it possible to work with large numbers of users and large numbers of objects and to correctly control access, trusts make the process complex. The more access paths there are to data, the harder it is to keep it secret.Chapter 12, "PKI Basics," explains how PKI can be implemented in Windows Server 2003 by building a certification authority (CA) hierarchy and issuing certificates for use in encryption and authentication. Chapter 13, "Implementing a Secure PKI," provides the explicit, step-by-step instructions for doing so.

In addition to chapters that deal directly with the confidentiality of data that is stored on Windows Server 2003, several chapters explain how to protect the security infrastructure itself by keeping security configuration information accessible to those with the right to know and manipulate it. Chapter 10, "Securing Active Directory," illustrates how. Chapter 13, "Implementing a Secure PKI," addresses securing PKI.

Chapter 14, "Securing Remote Access," explains how to use Routing and Remote Access Services (RRAS) and Internet Authentication Services (IAS) to lock down remote access. Authentication and authorization aspects of remote access policies are detailed. As part of this chapter, sound principles for secure wireless and Internet Information Server access are also discussed.

Chapter 15, "Protecting Data in Flight," provides information on the encryption technologies such as IPSec and PPTP that can be used to keep communications between computers secret.

Integrity

Integrity can be provided using special algorithms that include encryption, but not all encryption algorithms provide integrity. Specifically, those algorithms used to encrypt data to keep it private do not also guarantee integrity. One common way in which the integrity of data in flight is violated is by capturing the data, changing it, and then sending it on. It is a common misconception that if data is encrypted during transfer, the data received will be the same as the data sent. Unfortunately, that is not always true. For example, changing the bits in encrypted data changes its meaning. An attacker does not have to know exactly what the data is to change it. If the data stream is organized in a specific order, and it usually is, the attacker may be able to make some guesses and successfully modify the data, causing an unintended action when it is received. Even if the attacker is unsuccessful in creating meaningful data with this method, he or she has made the data unusable. Likewise, an attacker can monkey with encrypted data on disk. Integrity provides some kind of checka failsafe way to calculate or manipulate the received data and compare the results to some value provided by the use of the same calculation or manipulation wherever the data originated. Cryptographic hashes and digital signatures are typically used for this purpose. These constructs are used in the Windows Server 2003 implementation of IPSec, in SMB signing, and in various uses of certificates. Chapters 12, 13, 14, and 15 include information on these techniques.Chapter 7, which explains managing users and delegation of authority, describes these practices. Chapter 11, "Securing Infrastructure Roles," provides information on how to centralize strong technical controls that are designed for specialized functions such as DNS, domain controllers, desktop systems, and so forth. Earlier chapters on access controls and authentication can also help you promote data integrity. Protecting the integrity of the operating system is often at least partially accomplished by patching and maintenance practices, as discussed in Chapter 16, "Maintenance Strategies and Administrative Practices." The ability to restore damaged or lost data and various recovery procedures is detailed in Chapter 17, "Basics of Data Backup and Restore."

Accounting

Accounting (or "auditing") is turned on by default in Windows Server 2003, but there is more to auditing than collecting events in the event log. Chapter 18, "Auditing," describes what the Audit policy is about, how to configure auditing not just for the operating system but also for many server-based applications such as PKI and remote access, and how to interpret many of the events. Chapter 19, "Monitoring and Assessment," describes the functions that should be monitored to ensure proper operation of security technologies and to detect security incidents.