Access Control Systems and Methodology CBK#1

Access Control:
(a) Access Rights and Permissions o Objects such as printers, files and other resources need a protection mechanisms, so that cannot be viewed or modified in an unauthorized manner. o Access Control(s): Is the heart of access rights and permissions Specifies what a user can and cannot do Are implemented to insure confidentiality, integrity and Availability. Are the countermeasure for ensuring that only those users with the proper need proper authority can accesses the resources. (b) Establishment or authorization o for Authorization to occur the following must be known File and data owners, custodians, and users- All information generated or used must have a designated owner. The owner determines the appropriate classification and access controls. The owner is also responsible for ensuring appropriate controls for the storage, handling , and distribution of the data. Custodians receive permission from the owners and manage the everyday care of the data such as backups. Users are the subject that requires data ( the object) to perform their jobs. Principle of least privilege A user be given no more privilege than necessary to perform a job. Ensuring the least privilege requires identifying what the users job is, determining the minimum set of privileges required to perform that job, and restricting the user to a domain with only necessary privileges. Segregation of duties and responsibilities- Requires that for particular sets of transactions , no single individual be allowed to execute transactions within the set. The transactions can either be static or dynamic. Establishment is also known as authorization Is dependent upon authentication Determine whether a principle is trusted for an operation (c) Maintenance access control is accomplished via three main categories of access control: o Administrative Policies and procedures, personal controls, supervisor structure , security and awareness training , Testing o Physical Network segregation, perimeter security, computer controls, work are separation, data backups, cabling.

Page 1 of 23

Access Control Systems and Methodology CBK#1

o Technical System access, Network architecture, Network access, Encryption and protocols, control zone, auditing. (d) Accountability Links individuals to their actions, supports identification and recovery from failure, Is performed via logging of events. Accountability is performed by logging of events on a system basis such as UNIXs syslog service, or on a network basis , such as traffic logging or SNMP traps.

Identification and Authentication:

(a) I &A techniques Identification The act of a user professing an identity to a system usually in the form of logon. Authentication- The verification that the users claimed-identity is valid. The authentication is usually through a password at logon time. Authentication is based on the following three factors types: o Something you know password, PIN, mothers maiden name, passcode etc. o Something you have- ATM card, smart card, token, key, ID badge, driver license, or passport. o Something you are Also known as biometrics: Fingerprint, voice scan, iris scan, retina scan, body odor , DNA. o Multi-factor authentication uses two or more authentication types to provide increased security. o Two-factor authentication systems require a user to provide two of the three types of authentication. ATM card + PIN Credit card + Signature PIN + fingerprint Username + Password (Netware , Unix, NT Default) o Three-factor authentication offers the highest security. Password + token + Fingerprint PIN + driver license + voice scan (b) Performance Measures o Identification is verified through the use of credentials o Biometrics verifies an individual by their own unique personal attributes. Main performance measures include False Rejection Rate( Type I errors)- % of valid subjects that are falsely rejected. False Acceptance Rate( Type II errors) - % invalid subjects that are falsely accepted

Page 2 of 23

Access Control Systems and Methodology CBK#1

Crossover Error Rate - % in which they False Rejection Rate equals the False Acceptance Rate. Other factors include Enrollment time- The time it takes to initially register with a system by providing samples of the biometric characteristics to be evaluated. Throughput rate The rate at which individuals can be processed and identified or authenticated by a system. Acceptability Consideration of privacy , invasiveness, and psychological and physical comfort when using the system. (b) Knowledge-Based Systems o Knowledge based systems rely on the user knowing or remembering something (usually a password of some type). (c) Passwords o Passwords are character strings used to authenticate an individual o Clipping levels are safeguard the number of failed attempts. o Cognitive passwords are fact or opinion based password that is used to verify an individuals identity. Many companys ask for your mothers maiden name or city you were born as a means to verify your identity. o One-time passwords ( also called dynamic password) are created when need and once used are no longer valid. One-time passwords can only be used one time. One time passwords are also called dynamic password. o Token devices are used to create one-time passwords. Administrators use a few methods in a token device scheme. Synchronous token device- synchronize with the authentication service by using time or an event as the core piece of the authentication process. Time based synchronous token device- The device and the authentication service must hold the exact same time within their internal clocks. Event-synchronization- The user may need to initiate the logon sequence on the computer and push button on the token device. Asynchronous token device use challenge-response scheme to communicate with the authentication device. Token devices are hardware or software devices. They are used to identify an identity. Token devices are also called password generators. Soft tokens duplicate the hardware in software on the users workstation. There are two types of synchronous token devices:-OTP authentication. Clock based tokens Counter-based tokens. Page 3 of 23

Access Control Systems and Methodology CBK#1

o Asynchronous one-time password authentication method. Asynchronous OTP are based on communication between the server and the token card. Token receives a challenge nonce from server. Token generates a password based on nonce received. Password is then combined with base secret key. Results is sent to server. Server performs same computation. If results match, user is authenticated. o Management Programs such as crack, smartpass, PWDUMP, NTCrack, and L0phtrcrack can easily decrypt UNIX, Netware, and NT passwords, Dictionary attacks succeed because users choose easily guessed passwords. o Password Control is accomplished through software. o Password attacks: Brute Force Attacks test all possible combinations; the difficulty of brute force attacks depends upon: How long the password is Possible values of each component Length of time a single attempt takes Will lockout mechanisms mitigate the attack. Can be conducted in-band , such as at a login prompt on a web page, or out-of-band on the attackers workstation when the password file has been stolen. Brute force programs include: L0phtcrack, Brutus,WebCracker Dictionary Attacks try a list of possible passwords and/or usernames; Uses dictionaries or wordlists for source More efficient than brute force. Countermeasure pass pharses Programs Crack, John the Ripper, Unsecure, Brutus. Spoofing at login- password spoofing attacks pretend to be a trusted process. A Spoofing attack on a password system is one in which one person or process pretends to be another person or process that has more privileges. An example would be a fake login screen also called a Trojan horse login. Sniffers is best described as a program or device that monitors data travelling over a network. Sniffing is hard to detect because as a passive attack, it only receives information and never sends out information. The goal of sniffing is to capture sensitive information such as password in order to perform a replay attack at a later time. Counter measure Switched infrastructure , Using one-time passwords, Encryption. Page 4 of 23

Access Control Systems and Methodology CBK#1

Denial-of-Service Attacks- against password system can bring the entire system down. Can be characterized as an attack on the Operating System that renders the target unable to reply reliably. Example - DoS attack against a password system is an exploit in a certain version of RADIUS running on Windows NT, Linux, and other UNIX based systems. In this attack , when an attacker appends a certain amount of spaces after then username, the RADIUS system crashes , keeping users from logging in. Countermeasure Input checking on the login subsystem can easily stop this type of attack.

(d) PINS o Personal identification numbers are nothing more than secret numeric passwords. o To login, a user enters their PIN into the token device. o The token device then generates a One-Time Password (OTP) (e) Pass Phrases o A pass phrase is a different form of password o Passwords use a single word o Pass phrases use multiple words o Pass phrases are usually significantly longer than passwords, but are easier to remember than complex passwords. (f) Characterstics-Based Access Control : o Characteristics-based access control identifies a person based on their physical, physiological or behavioral characteristics. (g) Biometrics o Order of effectiveness from most to least secure Iris scanning ,Retinal scanning, Hand Geometry, Fingerprint verification, Voice Recognition, Facial Recognition, Signature Verification, Keystroke Recognition. (h) Behavior based biometrics are less expensive o Voice recognition, Signature Verification, Keystroke recognition o Physiological biometrics offer greater accuracy Fingerprints, hand geometry, Retinal scanning, Iris scanning, Facial recognition. (i) Single Sign-On (SSO): o SSO systems Kerberos and Sesame o In single sign-on a user is identified only once to a central system. o Future access to other systems is forwarded by the central system. o Pros More efficient user log-on process The ability to use stronger passwords Page 5 of 23

Access Control Systems and Methodology CBK#1

User has a single password for entire enterprise resources. A single strong password can be remembered and used. A single user account is created and can be quickly created or removed. Cons Once user has logged on , they can freely roam the network Hard to implement and get working. Examples of SSO Kerberos (MIT project Athena) A trusted , third party authentication protocol that was developed at MIT. Using symmetric key cryptographic , it authenticates clients to other entities on a network of which a client requires services. Kerberos is a SSO authentication protocol Named after Cerberus, the mythological three headed dog. Kerberos requires software to be Kerberized Main component is the key distribution center ( KDC). Uses symmetric key cryptography to provide end-to-end security features. Its provides authentication services, as well as key distribution functionality. For Kerberos to work the following must be carried out: Each user must have an account on the KDC The KDC must be trusted server in secured location. The KDC must share a DES key with each user. When a user wants to access a host or application , they request a ticket from the KDC via login and generate an authenticator that validates the tickets. To gain access, the user provides their ticket and authenticator to the application, which processes them for validity and will then grant access. Drawbacks to running Kerberos Its a single point of failure Secret keys are temporarily stored on users workstation. Session keys are decrypted and reside on the users workstation Is vulnerable to password guessing. Network traffic is not protected. The AS must be able to handle a huge amount of request Requires all systems have synchronized time clocks. Relies on UDP which is often blocked by many firewalls. Applications that uses Kerberos Telnet, FTP, RSH, NFS SESAME(Secure European System for Application in a Multivendor Environment)- Addresses the weakness in Kerberos. Uses public key

Page 6 of 23

Access Control Systems and Methodology CBK#1

cryptography for the distribution of the secret keys and provides additional access control support. It uses the Needham-Schroeder protocol. SESAME is another single sign-on service Used in mainly in the European Union(EU) Uses public key cryptography for key distribution. Uses tickets called Privilege Attribute Certificate.

(j) Tickets o are the basis of the single sign-on system Service tickets, Renewable Tickets, Ticket granting tickets, Forwardable tickets. (k) Thin Clients o Advantages - centralized administration, lower technology cost, centralized access control, Reduction in viral infections. o Disadvantages:- Users accustomed to powerful desktop workstations, users limited to only production software. o Thin clients are simple inexpensive client devices Processing is accomplished on the centralized system- Mainframe. Thin client technology is referred to as Network computers. (l) Scripts o Scripts enable logging on to multiple software systems easier. o Scripts are stored in a central location and downloaded when a client logs in o All automation is on the client side ( no changes to software). (j) Memory Card o Memory cards have no microprocessor o They cannot manipulate data contained in them. o Store around 4MB to 320MB of data (nonvolatile) o Data stored in an encrypted fashion. o Less expensive than smart cards. (j) Smart Card o Pros Capability to store information with high degree of security and portability. Hacker resistant storage. Provide multi-factor authentication. Offer an enterprise wide authentication system because the user can use the card for all authentication mechanisims. o Cons Susceptible to invasive or non-invasive attacks. Invasive attacks on the card render it inoperative Page 7 of 23

Access Control Systems and Methodology CBK#1

Non-invasive attacks information on the card without damaging it. Lacks global standards for how data is embedded on the card. Susceptible to Optical Fault Induction Attacks a cameras electronic flash with a microscope can be used to reveal private data directly from a smart cards microprocessor. (k) File and Data Ownership Custodianship. o Owner is also responsible for ensuring appropriate controls for storage, handling , and distribution of the data. o Custodian- are charged by the owners for the everyday care of their data, which includes backups and general care. o Implementation of data classification requires support from higher management. Policy enforcement at the highest level is critical to the security success. o Policies that should be considered should include the following Define information as an assets of the business unit Business managers as owners of the information. Establish information systems staff as custodians of the information. Clearly define roles and responsibilities. Determine data classification & controls for each classification.

Techniques:
(a) DAC

Page 8 of 23

Access Control Systems and Methodology CBK#1

o o o o
(b) MAC

Restricted access based on the authorization granted to the user. Separation and protection of prime users from unauthorized data. Use by Unix, NT, Netware, Linux and Vines Reliance on the object owner to control access.

o Decisions are based on privilege(clearance) of subject (user) and sensitivity (classification) of an object(file) through the use of labeling. o Example Military classifies a document at secret. A user can be granted the secret privilege and have accesses to objects with this classification a document at secret. A user can be granted the secret privilege and have accesses to objects with this classification or lower as long as they have a need to know . o MAC is more secure than DAC o Military installation , define MAC use. (c) Lattice-Based Access Control o Lattice controls use an upper and lower boundary for access control. (d) Rule-Based Access Control o Rule-based access control is a type of MAC because the access to data is determined by rules or the use of classification label, and not by the identity of the subjects and objects alone. o Rule-based access controls are determined by rules(classification labels), not by the identity of the subjects or objects alone. o Usually based on a specific profile for each user. Page 9 of 23

Access Control Systems and Methodology CBK#1

o o Rules are created by administrator o Rules based access control is usually based on a specific profile for each user, allowing information to be easily changed for only one user. (e) Role-Based Access Control :

(f) Restricted Interfaces : Three types of restricted interfaces o Menus and Shells Users are only given the option of the commands they can execute. o Database views- Users access to data is restricted by mechanisms. o Physically constrained interfaces User access is limited by providing certain keys on a keypad or touch buttons on a screen. (g) Non-Discretionary Access Control : o Non-discretionary access control (DAC) uses a central authority to determine what subjects can access which subjects. o Useful when personal changes are frequent. o

Page 10 of 23

Access Control Systems and Methodology CBK#1

o (h)Access Control Lists (ACLs) : o ACLs permit or deny access based on permission on a list. ACLs are basically a table of permission dictating which subjects can access which objects, such as file or directory. Basic types of access read/write/create/execute/modify, delete and rename. (i) Security Models :Bell-La Padula: o Simple Security Property (SS)- States that reading of information by a subject at a lower level from an object at a higher level is not permitted(no read up). o * property (star property):- States that writing of information by a subject at a higher level to an object at a lower level is not permitted.( no write down). o Discretionary Security property(DS): Uses an access matrix to specify discretionary access controls. o This model prevents users and processes from reading above their security level. In addition it prevents processes within any given classification from writing data associated with a lower classification. The no write down prevents placing data that is not sensitive , but that is contained in a sensitive document into a less sensitive file. o The BLP model addresses concerns about system security and leakage of classified information.

Page 11 of 23

Access Control Systems and Methodology CBK#1

(j) Security Models: Biba

o Simple integrity Axiom- states that a subject at one level of integrity is not permitted to observe(read) an object of a lower integrity(no read down). o *(star) Integrity Axiom- states that an object at one level of integrity is not permitted to modify (write to ) an object of a higher level of integrity(no write up). o For example - if a process can write above its security level , trustworthy data could contaminated by the addition of less trustworthy data. o A subject of one level of integrity cannot invoke a subject at a higher level of integrity. o Biba model uses a lattice of integrity levels . (i) Security Models :Clark-Wilson model emphasizes integrity, both internal and external consistency. o Clark-Wilson uses well-formed transactions, separation of duties, and the labeling of subjects and objects with programs to maintain integrity. o Clark-Wilson identifies three rules of integrity. Unauthorized users should make no changes. The system should maintain internal and external consistency. Authorized users should make no unauthorized changes. o There are two mechanisms used to enforce integrity in the Clark-Wilson model: Well-formed transactions- Data and data processes can only be changed by a specific set of trusted programs. Users then have accesses to the programs and not the data directly. Page 12 of 23

Access Control Systems and Methodology CBK#1

Separation of duties- without separation of duties , users would need to collaborate to manipulate data or penetrate the system.

(i) Non-Interference -

(j) State Machine -

Page 13 of 23

Access Control Systems and Methodology CBK#1

(k) Access Matrix Model: The access matrix model is based on the concept of subjects and objects.

The subject is any entity , either a user or application , capable of accessing an object. An object is anything that is controlled, such as files, databases , and programs. The access matrix is used to define access rights and capabilities that subjects have over objects, such as read, write, execute, or delete.

Page 14 of 23

Access Control Systems and Methodology CBK#1

(L) Information Flow Model:

(M) Rule of Least Privilege:

Examples of least privilege o Ensure that only a minimal set of users have root or administrator access. Page 15 of 23

Access Control Systems and Methodology CBK#1

o Make file group-writable to some group and make the program run setgid to that group , rather than setuid to root. (N) Separation of Duties: Separation of duties ensures a single person cannot compromise a companys risk. (O) Rotation of Duties : Enabling job rotation allows the company to have more than one person who understands the tasks and responsibilities of a specific job title, which provides personnel redundancy if a person leaves the company or is absent. Job rotation also helps when attempting to identify internal fraudulent activity. (P) Network Segregation: Network segregation removes physical access to resources, but still allows logical access. Logical access can now be controlled through access controls.

(Q) Control Zone : - A control zone is used to defeat capture of emanating electrical signals. A control zone defeats this type of attack as the control zone creates a security perimeter that is constructed to protect against unauthorized access to data or the compromise of sensitive information.

Access Control Administration:

Centralized: A centralized access control model uses a single entity that grants
access to resources. Example RADIUS, TACACS+ Benefits A consistent and uniform method of controlling users access rights. A scalable solution where access control is centralized. RADIUS (Remote Authentication Dial-in User Service) A client/server protocol and software that enables RAS to communicate with a central server to authenticate dial-in users and authorize their access to requested systems. It can be used with TACACS+ and Kerberos and provides PAP or CHAP remote node authentication. Ports UDP 1812 (authentication) and 1813 accounting. Encrypts only the password TACACS+ (Terminal Access Control Access Control System Plus) An authentication protocol that allows a RAS to forward a users logon credentials to an authentication server. TACACS is an unencrypted protocol, and therefore , less secure than the later TACACS+ and RADIUS protocols. o TACACS+ Cisco proprietary handling authentication, authorization and accounting messages. o It uses a two-factor password authentication mechanisms o The user has ability to change password. o It uses TCP port 49 o It encrypts entire payload Page 16 of 23

Access Control Systems and Methodology CBK#1

Three generations of TACACS: o TACACS- Combines authentication and authorization . o XTACACS- Separates authentication, authorization and accounting processes. o TACACS+- Separates authentication, authorization and accounting process, with extended two-factor user authentication.

Decentralized:

A decentralized access control model gives access to people closer

to resources. o A decentralized model include o Domains- A set of objects and subjects that have access rights for defined operations. o Trust- A trusted-computer system: all objects/subjects/operations OK.

Monitoring and Intrusion Detection:

Intrusions Types: o Network-Based Intrusion Detection System(NIDS) o Host-based Intrusion Detection System(HIDS)

o Both should be used to provide in-depth protection against attacks. Page 17 of 23

Access Control Systems and Methodology CBK#1

o NIDS Protect an entire network segment. Is usually a passive device on the network and users are unaware of its existence. Cant detect malicious code in encrypted packets. Is cost effective for mass protection. Requires its own sensor for each network segment. o HIDS Protects a single system Uses system resources such as the CPU and memory from system. Provides application level security. Provides day-one security as shunt between high and low level processes. Intrusion detection is performed after decryption. Used on servers and sensitive workstation, but is costly for mass protection. o IDS 3 basic components a sensor(agent) a sensor collects information and forwards it to the analyzer. An analyzer- receives data and attempts to ascertain if the data constitutes and attack or intrusion. Security interface(also called the director)- a separate device , displays the output to the security administrator configures the sensors in the network.

o IDS identify any of the following types of intrusions. Input validation errors Buffer overflow Boundary conditions Accesses validation errors Exceptional condition handling errors. Environmental errors. Configuration errors. Race conditions. Attacks against IP, passwords, DOS or DDOS, man-in-themiddle, port redirection, viruses and Trojan horses can be also detected. TEMPEST: stands for Telecommunications Electronics Material protected from
Emanating Spurious Transmissions.

Intrusion Prevention- places emphasis on automation.

Page 18 of 23

Access Control Systems and Methodology CBK#1

o The emphasis of intrusion prevention is on automation. Automatically detecting with vulnerability assessment function that a network or particular system is vulnerable, the intrusion prevention system automatically blocks or shuns the packet, thwarting the attack. Detection has several steps: The IDS determines a packet (or packets) is malicious and sends the information to the intrusion prevention system. The IPS analyzes the packet and determines many things, such as what type of attack it is, what process is it attacking, and who is the intended target. The IPS connects to the target and attempts to ascertain if it is vulnerable to the attack. IPS can identify and automatically install the updates or patches required to protect the target from further attack. Identification To identify any attack against a system is critical to any intrusion detection system.
o True Alarms True Positive Malicious traffic correctly identified as an attack. True negative- Normal or benign traffic is accurately identified as ok. o False Alarms False Positive- Normal or benign traffic that is inaccurately identified as an attack. False negative Malicious traffic that should be identified as an attack and is not . o Any intrusion detection system should have very high marks for detecting true alarms and very low marks on the false side.

Page 19 of 23

Access Control Systems and Methodology CBK#1

Intrusion Detection: monitoring the network or system for attacks.

o IDS implementation Technologies

Profile-based intrusion detection(anomaly detection)- also known as an anomaly detection. In profile-based detection, an alarm is generated when activity on the network goes outside of the profile. A profile is a base line of what should be considered normal traffic for each system running on the network. A problem exists because most systems do not follow a consistent profile. Signature based intrusion detection- In signature-based detection , a signature or set of rules is used to determine intrusion actively. An alarm is generated when a specific pattern of traffic is matched or a signature is triggered. Responses to an attack Terminating the session (TCP resets) Block offending traffic (usually implemented with ACLs) Creating session log files. Dropping the packet.

Data Extraction : Extracting data from the network can be accomplished in two ways
with network-based intrusion detection passive extraction and active or inline extraction. o Perform Firewall functions. o Perform IDS functions. Recognition Signatures are the primary method used to recognize intrusions on the network. o Signature types : String signatures Triggers on a particular string in a packet. Atomic signatures Triggers on a single packet condition. Flood signatures Triggers on detected DOS traffic. Page 20 of 23

Access Control Systems and Methodology CBK#1

Sweep signatures Triggers on network reconnaissance attacks Service signatures Triggers on layers 5,6, and 7 attacks. State signatures Triggers on state-based attacks. Traffic Sensor or Sensors that can analyze traffic at the same speed the network injects traffic. Honeypots is an information system resource that is given up as the sacrificial lamb to attackers. Goals - An attacker will choose the easy target, not production servers. The security team can analyze the attack methods used by the attacker an better secure the production systems. Since no one is using this system, any attempt to gain access must be coming from an attacker. The security team can identify the attacker. o The Honeypots cannot be used in a court of law to bring charges against the attacker. o Honeypots also have legal issues, which include issues of entrapment , privacy , and liability. Since you will not be using the honeypot to capture a criminal, and you are not a law-enforcement official entrapment does not apply. Privacy laws in the US may limit your right to capture data about an attacker, even when the attacker is breaking into your honeypot. o Countermeasure Disallow any session initiated from the honeypot at the router or firewall. Honeynet: A honeynet is a network segment placed behind a firewall that captures all inbound and outbound data. The firewall limits the amount of malicious traffic than can leave the honeynet. The data is now contained , captured, and controlled. Standard production systems are used on honeynet, in order to give the attacker the look and feel of a real system. Since the honeynet has no production value, it should never be generating or receiving traffic. Thus, all ingress and egress traffic must be considered suspicious. Attack Signature Identification: o Dot Dot attacko Impossible IP packet also called LAND attack after the name of the program that generates this attack. A LAND attack consists of a stream of TCP SYN packets that have the source IP address and TCP port number set to the same value as the destination address and port number of the attacked host. Intrusion Reactive Response, Alarms, Signals o possible responses that the sensor can take to protect the network. Stop the attack Block any further attacks Page 21 of 23

Access Control Systems and Methodology CBK#1

Notify the administrator that an attack occurred. Audit Trails: Audit Trails are records of events that occurred on a computer system from the operating systems, applications, or user activities. o User accountability A users actions can be tracked in the audit trail, which mandates that users become accountable for their actions while on the system. This approach is a great deterrent to users who would attempt to circumvent existing security policies. o Event reconstruction- Audit trails can reconstruct events a security events occurred. Reviewing the audit trails can provide the security administrator with information on the event, such as what , when , how and why the event occurred , and off course who was the using the system when the event occurred. This information is vital in attempting to ascertain the extent of damage that occurred on the system in question. o Active monitoring - Audit trails are great help when attempting to determine what caused a problem to occur. This real-time monitoring can help in the detection of problems such as disk failures, memory and CPU over utilization, or network outages. o Intrusion detection- Audit trails can assist in the operation of intrusion detection if they record appropriate events. Violation Reports : are used to identify activities that portend breaches or attempted breaches in security access controls. For example, the violation report will show when someone makes numerous login attempts and failed using different passwords on a secure system. All security administrator and IT staff should constantly review the violation reports to identify unauthorized access attempts. Penetration Testing : used to test the security. Penetration testing identify weakness in the information system and apply the proper countermeasures, updates or patches to protect the system. o Penetration Testing Discovery and footprint analysis , Exploitation, Physical security and assessment, social engineering. o Zero-knowledge Test- which is a penetration test where the penetration test team has no prior knowledge about the target network. This test usually begins with reconnaissance in which the penetration team attempts to gather a significant amount of information on the target network. o A full-knowledge - attack is one where the penetration team has full knowledge of the information system. o Discovery gather and documents information about the target system. o Enumeration- uses more intrusive methods to gain even more information about the target. o Vulnerability maps the profile of the environment to known vulnerabilities. o Exploitation- attempts to gain privileges using vulnerabilities identified. Page 22 of 23

Access Control Systems and Methodology CBK#1

o

Page 23 of 23