Which kind of access control technology allows more than just the identity of an individual to be transmitted wirelessly?

Physical Controls

A range of physical controls can be implemented to help increase security. These controls are put in place to ensure that only authorized individuals can access certain areas or perform specific actions. Network cabling security should be considered when initially setting up wiring closets and whenever upgrades are performed. Cabling should be routed through the facility so that it cannot be tampered with. Unused network drops should be disabled and all cable access points should be secured, so that individuals cannot install sniffers or eavesdrop on network communications.

Another important concern is controlling individuals as they move throughout a facility. Most organizations use card keys, badges, smart cards, or other IDs to control the flow of traffic. This category can be divided into two broad groups.

The first category is ID cards, which do not contain electronics and are very low tech. ID cards typically contain a photograph of an individual to verify their identity, and are used in many organizations.

The second category is intelligent access control devices that make access decisions electronically. There are two subcategories of these devices: contact and contactless. Contact access cards require users to slide their card through a reader. These cards come in several different configurations, including:

Active Electronic Can transmit electronic data

Electronic Circuit Has an electronic circuit embedded

Magnetic Stripe Has a magnetic stripe

Magnetic Strip Contains rows of copper strips

Optical–coded Contains laser–burned pattern of encoded dots

Contactless cards function by proximity (e.g., radio frequency ID [RFID]). An RFID is a small electronic device comprised of a microchip and an antenna. An RFID tag can be designed as an active device (i.e., a battery or power source is used to power the microchip) or as a passive device. Passive devices have no battery; they are powered by a RFID reader. The reader generates an electromagnetic wave that induces a current in the RFID tag. There are also semi-passive devices that use batteries to power the microchip, but transmit using the energy from the card reader. When users are allowed into specific areas of a facility, it does not mean that they should have access to all of the systems located there. That’s why strong system access controls are so important. Complex passwords or biometric systems can help, as well as multi–factor authentication (e.g., ATM bank cards). Banks require you to have an ATM card and a pin number in order to access funds or account information.

Even with these physical controls in place, misuse and intrusions can still occur; therefore, it is important to use IDSes. Physical intrusion detection includes the components and systems installed to detect misuse or unauthorized intrusion. Physical IDSes are designed around one or more sensor types. Motion detectors can be triggered from audio, infrared wave pattern, or capacitance. These detectors use passive infrared and are usually mounted in the corners of rooms or used as security lights. Motion detectors send out a series of infrared beams that cover an area with protection.

Other types of sensors used with IDSes include photoelectric sensors and pressure-sensitive devices. Pressure sensitive devices are sensitive to weight. They measure changes in resistance to trigger alerts, and are good for protecting small areas. Glass breakage sensors are another component of IDSes. If someone breaks a window or attempts to pry it open, the sensor triggers an alarm.

IDSes are another piece of total security control. The idea is to place them in key areas that contain critical assets or in areas most likely to be violated by intruders. IDSes are not perfect and produce their own share of false positives. Every time an alarm goes off, someone must respond and verify the event. If an IDS is tied to a police department or fire department, false alarms can result in some hefty fines.

Tip

Always be involved in deciding where IDS sensors are placed, and have someone on site when the installers arrive. Sometimes, installers try to place sensors in easily attainable areas instead of the most secure area.

24.5 Conclusion

Managing the configuration of network access control devices such as routers, firewalls, and IPSec gateways is extremely complex and error-prone. Incorrect policy configurations of such devices may introduce internal and external access threats over critical resources in an enterprise networks. This chapter mainly covers how global security policy of an enterprise network can be configured in different security devices (routers, firewalls, IPSec etc.) in a distributed manner and then how to formally verify the correctness of security policy configuration. The chapter extensively describes the existing works in network configuration analysis techniques especially the formal approaches. The major contributions of the chapter are stated as follows:

The chapter presents an extensive literature survey on policy-based security configuration analysis tools and methods and accordingly describes different misconfiguration problems. It also describes the major research challenges in network policy configuration analysis.

A formal verification framework has been presented for analyzing distributed access control list (ACL) implementations, configured in the routers and firewalls in an enterprise LAN, given the underlying network topology and an enterprise-wide security policy. The analysis covers various levels of policy conflict detection, hidden access path detection, and verification of complete network configuration with the global security policy. In this context, a Boolean satisfiability (SAT)-based approach has been presented with evaluation through examples and experimental results.

A Binary Decision Diagram (BDD)-based approach/model has been presented for analyzing IPSec security policy configurations.

This chapter will primarily help the network security researchers and graduate students to understand various network misconfiguration problems and the use of formal methods to model and diagnose these misconfiguration problems. The chapter also describes different existing tools and algorithms including our proposed approach for policy-based network security analysis. These approaches can be used by the network administrators for systematically diagnosing their network configurations. On the other hand, it provides various research directions and exposures in the area of network configuration and security control analysis using formal methods.

Smart Cards and Magnetic Stripe Cards

A smart card is a physical access control device that is often used for electronic locks, credit card purchases, or dual-factor authentication systems. “Smart” means the card contains a computer circuit; another term for a smart card is integrated circuit card (ICC).

Smart cards may be “contact” or “contactless.” Contact cards use a smart card reader, while contactless cards are read wirelessly. One type of contactless card technology is radio-frequency identification (RFID). These cards contain RFID tags (also called transponders) that are read by RFID transceivers.

A magnetic stripe card contains a magnetic stripe that stores information. Unlike smart cards, magnetic stripe cards are passive devices that contain no circuits. These cards are sometimes called swipe cards because they are read when swiped through a card reader.

Physical Access Controls

Many of the access control methods we have discussed throughout the chapter can be applied to physical security as well as logical security. When concerned with physical access controls, we are often largely concerned with controlling the access of individuals and vehicles.

Access control for individuals often revolves around controlling movement into and out of buildings or facilities. We can see simple examples of such controls on the buildings of many organizations in the form of badges that moderate opening doors into or within the facility (something you have, from Chapter 2). Such badges are typically configured on an ACL that permits or denies their use for certain doors and regulates the time of day that they can be used.

One of the more common issues with physical access controls is that of tailgating. Tailgating occurs when we authenticate to the physical access control measure, such as using a badge, and then another person follows directly behind us without authenticating themselves. Tailgating can cause a variety of issues, including allowing unauthorized individuals into the building and creating an inaccurate representation of who is actually in the building in case there is an emergency.

We can attempt to solve tailgating in a variety of ways, from implementing policy that forbids doing so, to posting a guard in the area, to simply (but expensively) installing a physical access control solution that only allows one person to pass through at a time, such as a turnstile. All of these are reasonable solutions, but, depending on the environment in question, may or may not be effective. We will often find that a combination of several solutions is needed to develop a thorough and complete solution.

A much more complex example of this type of access control that many people are familiar with is the security system in use at many airports. Particularly after the terrorist attacks of 9/11 in the United States, we have seen the level of security at airports increase, much of it oriented in the direction of access controls. Once we have entered the airport security system, we are required to present a boarding pass and identification (something you have, times two). We are then typically passed through a number of steps to ensure that we do not carry any dangerous devices, a form of attribute-based access control. We then proceed to our gate and, once again, present our boarding pass to step onto the airplane. Such processes may differ slightly depending on the country in which we travel, but they are generally the same from an access control perspective.

Physical access control for vehicles often revolves around keeping said vehicles from moving into or through areas in which we do not desire them to be. This is often done through the use of various simple barriers, including Jersey barriers such as those shown in Figure 3.5, bollards, one-way spike strips, fences, and similar tools. We may also see more complex installations that include manned or unmanned rising barriers, automated gates or doors, and other similar items.

There are, of course, a huge number of other physical access controls and methods that we have not discussed here. Additionally, when we refer to physical access control devices, or access controls in general, the line between what is an authentication device and an access control device often becomes rather blurry.

Authorization and Access Control in the Real World

We can see authorization and access control used in our personal and business lives on an almost constant basis, although the portions of these that are immediately visible to us are the access controls. Looking specifically at logical access controls, we can see them used when we log in to computers or applications, when we send traffic over the Internet, when we watch cable or satellite television, when we make a call on our mobile phones, and in thousands of other places. In some cases, such measures are visible to us and require us to enter a password or a PIN, but a large portion of them happen in the background, completely invisible to the tasks we are carrying out and taken care of by the technologies that facilitate our tasks.

In the sense of physical access controls, we see these rather frequently as well, although it may not register to us that we are seeing them. Most of us carry around a set of keys that allow us access to our homes, cars, and other devices, and these are the credentials for access to them. Many of us also carry proximity badges that allow us access to our places of employment, schools, and other areas. We can also see the access controls that manage the movement of vehicles in everyday use in vehicle-oriented areas such as parking garages and parking areas at airports, and in the vicinity of high-security areas such as the White House in the United States.

9.10.2.11 Investigating Peripherals and Other Devices

A number of peripherals may be included in the case to be processed. These all must be investigated for potential evidence. This may include, but not be limited to:

access control devices;

answering machines;

audio recording devices;

car engine management systems and motor vehicle event data recorders;

CCTV;

copiers;

digital video recorders;

direct attached storage;

electronic tills;

fax machines;

gaming consoles;

GPS systems;

household and office devices containing microchips;

IP connected devices in the home (e.g., fridges);

MP3 and other digital music devices;

multifunction devices;

network attaches storage;

network management devices;

pagers;

phone systems;

photographic recording devices;

printers and their tracking dots;

radio frequency identification devices;

redundant array of independent disks;

routers;

scanners;

storage area networks;

video games devices;

VMs running multiple operating systems;

wireless access points.

22.5 Conclusion and Future Work

In this chapter, we identify why securing critical infrastructure systems such as CPS presents challenges beyond what traditional security mechanisms can handle. Such systems have point solutions that either encrypt communication or provide end-device access control. We show how to build distributed, context aware, policy-driven systems better suited to protect critical infrastructure using two specific domain examples.

The framework that we have discussed in Section 22.3 provides a good starting point to cope with security threats in the cyber-physical critical infrastructure. However, the two prototyped systems that we have described in Section 22.4 merely address a few instances of the broad security/vulnerability problem formulated in Section 22.1. Thus, there is enough space that remains to be further explored.

Chapter Summary

1.

There are three common types of free egress locks: electrified mortise locks, electrified panic hardware, and electric strikes.

A mortise lock is a very strong type of lockset.

An electrified mortise lock is a mortise lock to which has been added a solenoid mechanism that can prevent the handle from turning, thus disallowing normal passage through the door to those who are not authorized to enter without a key.

Electrified mortise locks may require different wiring provisions depending on the type of frame into which the door is set.

Electrified mortise locks can also be fitted with additional features including:

Door position switch

Latch position switch

Dead-bolt position switch

Interior lever handle release switch

Door Handing: When you order a lock, it is important to order it correctly so that it will work in the correct door configuration.

The second major category of Free Egress locking devices is Electrified Panic Hardware.

The third category of Free Egress locking devices is Electrified Strikes.

Electric strikes are access control devices that can be used with conventional mechanical locks to allow the door to be opened regardless of the lock/unlock status of the mechanical lock.

Electrified Cylinder Locks are mechanically similar to a standard mechanical cylinder lock, but with the addition of a small internal solenoid that is used to remotely release the lock.

The final category of Free Egress locks is a specialty category, commonly found on hotel room doors.

Q&A

Three common types of Free Egress Locks include:

Electrified Mortise Locks, Magnetic Locks, and Electrified Dead-Bolt Locks

Electrified Mortise Locks, Magnetic Locks, and Electrified Panic Hardware

Electrified Mortise Locks, Magnetic Locks, and Electric Strikes

Electrified Mortise Locks, Electrified Panic Hardware, and Electric Strikes

An Electrified Mortise Lock

Is a Mortise Lock to which has been added a solenoid mechanism that can prevent the handle from turning, thus disallowing normal passage through the door to those who are not authorized to enter without a key

Is a very strong type of lockset

Is the best and safest lock to use for most commercial doors in new construction

All of the above

Electrified Mortise Locks

May require different wiring provisions depending on the type of frame into which the door is set

Are commonly fitted into frames such that the door swings 90 degrees to full open

Can use electrified hinges or Electric Power Transfer (EPT) units to provide power to the lock

All of the above

Electrified Panic Hardware

Causes people to panic

Keeps people from panicking

Allows large quantities of people to exit quickly in an emergency

None of the above

Electric Strikes

Are access control devices that can be used with conventional mechanical locks to allow the door to be opened regardless of the lock/unlock status of the mechanical lock

Are access control devices that can be used with conventional mechanical locks to allow the door to be opened only when the electric strike is mechanically bonded to the top of the door

Both b and c

Neither a nor b

Electrified Cylinder Locks

Are mechanically similar to a standard Mortise Lock, but with the addition of a small internal solenoid that is used to remotely release the lock

Are mechanically similar to a standard panic hardware, but with the addition of a small internal solenoid that is used to remotely release the lock

Both a and b

Neither a nor b

Self-Contained Access Control Locks

Are used in large quantities in commercial buildings

Are most common in frameless glass doors

Both a and b

Neither of the above

Answers: (1) d; (2) d; (3) d; (4) c; (5) a; (6) d; (7) d.

ACL Manager Features

The features added when ACLM is installed concern the management of ACLs on Cisco devices in the enterprise network. ACLM is accessed through CiscoWorks2000 from any client host with an Internet browser, hardware, and that is OS-compatible with the client requirements specified earlier. All ACLM tools are found under the RME section on the left panel of CiscoWorks2000. In the following, some of the ACLM features used to manage Cisco devices are described.

Adding Permissions

By now I'm sure that you have noticed that the only devices displayed on the Security screen in my screen shots are the USB and FireWire ports. The reason for this is that during the initial configuration process, I told GFI EndPointSecurity that these were the only devices that I wanted to manage. Of course, just because you are managing a device doesn't mean that you have to deny access to it.

Another thing that you have probably noticed is that so far we have taken an all or nothing approach to device security. What I mean by that is that the devices that we've looked at so far are either allowed or blocked; there really hasn't been anything in between. Furthermore, we have been applying the policy to all of the computers in the protection group with absolutely no regard for who's using the computers. That's a problem, because while you may want to block your end users from accessing certain devices, your technical support staff will most likely need full access to the hardware.

Fortunately, GFI EndPointSecurity gives you more granular control over device access than what it would initially appear to be available. To see how this works, let's do a simple exercise in which we tell GFI EndPointSecurity that we want to manage some additional devices, and then set some more granular security permissions for those devices. To do so, follow these steps:

Right-click on an empty area in the device window, and then choose the Add Permissions command from the resulting shortcut menu.

Windows will now display the Add Permissions dialog box, shown in Figure 9.16. As you can see in the figure, you have the option of adding permissions for device categories, connectivity ports, or for specific devices. Choose the Device Categories option, and click Next.

At this point, you'll see a screen similar to the one that as shown in Figure 9.17. Select the check boxes for all of the devices that you want to manage, and click Next.

At this point, you will see the Add Permissions screen that is shown in Figure 9.18. As you can see in the figure, you have the ability to apply device security to the protection group, but to do so in a way that allows different security groups to have different levels of access to the devices.

So far the only devices that you have seen in the console have been Universal Serial Bus (USB) ports and FireWire ports. Ports typically only allow you to enable or disable access, however, other types of devices support more granular access. One example of this is floppy disks. Nobody uses floppy disks anymore, but if they did, you could control whether users have read-only access to floppies, read-write access, or no access at all. You will find this same concept to be true of other types of devices as well.

In order to show you how device access control works, let's give everyone access to all of the devices except for USB and FireWire ports, which we will block access to. Since the Information Technology (IT) staff may occasionally need access to workstation hardware, let's give the administrators group full access to everything. To do so, let's continue the procedure that we started earlier by performing these steps:

Click the Add button.

When the Select Users or Groups dialog box appears, verify that your domain is listed in the From This Location field.

When prompted, enter the word Everyone into the Enter the Object Names to Select field.

Click the Check Names button, and make sure that Windows recognizes the Everyone group.

Click OK.

Click the Add button.

Enter the word Administrators into the Enter the Object Names to Select field.

Click the Check Names button to verify that Windows recognizes the Administrators group.

You should now be returned to the Add Permissions dialog box. Deselect the Write check box for the Everyone group, as shown in Figure 9.19.

Click Finish, and you will be returned to the main Security screen, as shown in Figure 9.20.

As you look at the figure above, there are a couple of different things that I want you to pay attention to. First, you can see that the hardware devices that we have selected have been added to the protection policy, and that the Everyone group has been denied write access for any devices that differentiate between read and write access.

Another thing that I want to point out is that the permissions check boxes on this screen are active. You can fine tune your security settings by selecting and deselecting check boxes for the various access levels.

One last thing that I want to point out about this screen is that we have not fully accomplished our objective. If you look at the bottom of the screen, you can see that the entire protection group has been granted full access to USB and FireWire ports. That's because when we worked through the Add Permissions wizard a moment ago, we only worked with the Device Categories option, not the Connectivity Ports option. You can remedy this situation by completing the following steps:

Right-click on an empty area of the Security screen, and choose the Add Permissions command from the resulting shortcut menu.

When the Add Permissions dialog box appears, select the Connectivity Ports option.

Click Next.

Select the USB and Firewire check boxes, and click Next.

Click the Add button.

Verify that your domain is displayed in the From this Location field.

Enter the word Everyone into the Enter Object Names to Select field.

Click the Check Names button to verify the spelling of the Everyone group.

Click OK.

Click the Add button.

Enter the word Administrators into the Enter the Object Names to Select field.

Click the Check Names button.

Click OK.

Deselect the check box next to the Everyone group, as shown in Figure 9.21.

Click Finish.

When Windows displays the Security screen, deselect the USB and FireWire check boxes that apply to the protection group as a whole. You can see an example of this in Figure 9.22.

That's all there is to it. Keep in mind that you can modify your security settings at any time. You can access the screen shown in Figure 9.22 at any time by selecting the Security container located in the console's Protection Policies tree, beneath the protection policy that you want to modify.