Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

Slides:



Advertisements
Similar presentations
Access Control Chapter 3 Part 3 Pages 209 to 227.
Advertisements

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Access Control Methodologies
Biometric Authentication Andrea Blanco Binglin Li Brian Connelly.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Access Control Patterns Fatemeh Imani Mehr Amirkabir university of technology, Department of Computer Engineering & Information Technology.
By: Monika Achury and Shuchita Singh
CSA 223 network and web security Chapter one
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Network Security Testing Techniques Presented By:- Sachin Vador.
95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Li Xiong CS573 Data Privacy and Security Access Control.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
The Impact of Physical Security on Network Security
GCSE ICT Viruses, Security & Hacking. Introduction to Viruses – what is a virus? Computer virus definition - Malicious code of computer programming How.
CS 736 A methodology for Analyzing the Performance of Authentication Protocol by Laseinde Olaoluwa Peter Department of Computer Science West Virginia.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
CS CS 5150 Software Engineering Lecture 18 Security.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.
Information Systems Security
Li Xiong CS573 Data Privacy and Security Access Control.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.
Academic Year 2014 Spring Academic Year 2014 Spring.
Welcome Topic : Security.
Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
CSCE 201 Introduction to Information Security Fall 2010 Access Control Models.
Trusted Operating Systems
Privilege Management Chapter 22.
Physical security By Ola Abd el-latif Abbass Hassan.
CSCE 201 Identification and Authentication Fall 2015.
Chapter 14: Controlling and Monitoring Access. Comparing Access Control Models Comparing permissions, rights, and privileges Understanding authorization.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.
An Introduction to Biometrics
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Technical Implementation: Security Risks
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Challenge/Response Authentication
Secure Software Confidentiality Integrity Data Security Authentication
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
WELCOME.
CompTIA Security+ Study Guide (SY0-401)
SECURITY IN THE LINUX OPERATING SYSTEM
OS Access Control Mauricio Sifontes.
Managing User Security
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Module 2 OBJECTIVE 14: Compare various security mechanisms.
BACHELOR’S THESIS DEFENSE
How it affects policies and procedures
Chapter 5 Computer Security
Presentation transcript:

Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

Topic overview Introduction Two main types of access control Access control models Conclusions References

Introduction Access control means allowing the correct users to access the certain systems or resources while keeping out unauthorized users to gain access to the certain systems or resources. Access control is one of the fountains of the security.

Two types of access control:  Physical  Logical Physical access control Physical access control limits access to campuses, buildings, rooms and physical IT assets

Types of physical access control  Security guards  Walls  Fences  Locks and doors

Benefits of physical access control  Easy to maintain  Cost friendly  Reliable

Drawbacks of physical access control  Can be easily manipulated / damaged  Guards can be unreliable  Land scape / walls can be bad

Logical access control  Logical access control limits connections to computer networks, system files and data. The following are some types of logical access controls;  Biometrics systems  User identification and authentication,

Biometric access control systems Is the science way of identifying someone from physical characteristics. This includes technologies. Types of Biometric access controls  Finger prints  voice verification  retinal scan  palm identification

Biometric access control systems Benefits  Prevents unauthorised access  No need to remember passwords  Reduce the criminal act of fraud  Our human characteristics cannot be lost Disadvantages  Lack of standardization  Systems must be able to accommodate changes over a period of time due to facts such; ageing, injuries and illness.  Risk of misusing biometric systems.

Methods of comparing biometric system accuracy Before implementing a biometric system make sure you done following accuracy comparisons.  Type I Error : False rejection rate  Type II Error : False acceptance rate ( very dangerous make sure it mitigated),  Cross over rate

Identification and Authentication access control systems Identification & Authentication is the act of determining the identity of a user and of the host that they are using. The goal of authentication is to first verify that the user, either a person or system, which is attempting to interact with your system is allowed to do so. Types of identification and authentication access control  Passwords  Access cards  Pins/codes

Authentication & Identification Advantages  Users can choose their own passwords  Mostly passwords are not stored in the system  Access cards are portable ( can carry it around) Disadvantages  Eaves dropping  Social Engineering  passwords can be hacked & cracked using tools such; Brute force attack & dictionary attack.  Cards can be cloned

Methods of avoiding Authentication & Identification problems.  Protect passwords effectively  Encrypt passwords using tools such MD5 algorithm  Watch out who you socialize with  Choose complicated passwords

Access control models  Mandatory access control (MAC)  Discretionary access control (DAC)  Role-based access control (RBAC)  Rule –based access control (RBAC)

Mandatory access control Mandatory access control (MAC) is a security strategy that restricts the ability individual resources owners have to grand or deny access to resource objects in a file system.  All access capabilities are predefined  Sharing of information among users are established by system administrators and strictly enforced by OS or security kernel.] Continue….

 Considered the most secure security model  Often used in government and military facilities where the confidentiality is a driving force E.G top secret, highly confidential.

Discretionary Access control This model allows users to users to share resources and information dynamically with other users.  The model offers more flexibility  All permissions in the operating systems (OS) fall within three groups: owner, group and other.  The permissions are based on the roles of users or groups

Role-Based access control This model approach the problem of access to a resources or information based on individual roles within an organisation or company.  This method grants access based on job responsibility and functions.  Used in the windows operating systems.

Rule based access control This model uses the settings in predefined security policies to make decisions, Rules can be ;  Deny all those who appears on (allow list)  Deny all those appears in the (A true deny list)

References   methods/ methods/   Jeff Smith,(2001) CISSP ITNS and CERIAS CISSP Luncheon Series: Access Control Systems & Methodology, Purdue University

Conclusion To conclude, access control is a broader topic it encompasses of all security measure that have to be taken for the safety and security of an organization, lot of precaution are still being proposed and in process of being tested before put into working environments.

End….

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.