95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Lecture 6 User Authentication (cont)
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Computer Security and Authentication CS 5352 Spring 06.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Authentication Approaches over Internet Jia Li
Chapter 10: Authentication Guide to Computer Network Security.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
BUSINESS B1 Information Security.
Introduction to Networking. Key Terms packet  envelope of data sent between computers server  provides services to the network client  requests actions.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
CIS 450 – Network Security Chapter 8 – Password Security.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
COEN 250 Authentication. Between human and machine Between machine and machine.
29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.
Protection in General- Purpose OS Week-3. Our Main Concern In what way do operating systems protect one user’s process from inadvertent or malicious interaction.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.
Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
INFORMATION TECHNOLOGY IN A GLOBAL SOCIETY: SECURITY Taylor Moncrief.
Authentication What you know? What you have? What you are?
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Privilege Management Chapter 22.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
CSCE 201 Identification and Authentication Fall 2015.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Computer Security and Authentication CS 4351/5352 Spring 2014.
Computer Security Set of slides 8 Dr Alexei Vernitski.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Information Systems Design and Development Security Precautions Computing Science.
Understanding Security Policies Lesson 3. Objectives.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Challenge/Response Authentication
Chapter 9 Intruders.
Outline The basic authentication problem
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Challenge/Response Authentication
Computer Security and Authentication
Chapter 9 Intruders.
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Presentation transcript:

95752:3-1 Access Control

95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods –Network topology and services (later) –Passwords/Authentication methods –File Protection

95752:3-3 Authentication Four classic ways to authenticate: 1. something you know (passwords) 2. something you have (smartcard) 3. something you are (fingerprint) 4. something you do (usage signature) None of these is perfect

95752:3-4 Passwords Account - person using the system Username - Identity of account (public) – limited characters, alphanumeric & special characters – typically related to real name of user (not always), certain names reserved – unique on system – fixed at account creation Passwords – Verification of identity (private) – Less limited length and characters – Fixed until changed – Non-unique passwords – both users have bad password Many Multi-user Operating Systems have same scheme

95752:3-5 Password Security Password security depends on ONLY you knowing the password –Secure selection –Secure handling –Secure storage

95752:3-6 Password Storage “trapdoor encrypted” – scrambled in a way that cannot be unscrambled – scrambling folds password over itself - lost bits – different users with same password won’t have same scrambled password – login scrambles entered password and compares against stored scrambled password – original concept: since only scrambled passwords are available, storage is secure (FALSE!) shimeall:kr1eWN8N2pyAA

95752:3-7 Password Attacks Easy to Hard – Given password – Grab password – Generate password – Guess password

95752:3-8 Given Password Look It Up – Default passwords – Posted passwords Ask for It (Social Engineering) – As colleague – As friend – As administrator / authority – As clueless & needy Countermeasures – Education – Reverse Social Engineering – Locked accounts – Other authentication

95752:3-9 Grab Password (locally) Physical proximity – Shoulder surfing – Countermeasures Education Exercises One-time passwords Program access – Trojan Horse – Perverted program – Countermeasures Integrity checks Other authentication

95752:3-10 Under normal conditions, the data in a packet transmitted over the network is read only by the destination system to which it is addressed. Router Local Network Operation

95752:3-11 When a packet sniffer is present, a copy of all packets that pass by it on the network are covertly captured. Packet Sniffer Executing Router Packet Sniffing

95752:3-12 Wide Area Network Operation Always Switched – Circuit-Switched – Packet-Switched Switch Settings determine route Choice Points: Routers – Connect two or more networks – Maintain information on best routes – Exchange information with other routers

95752:3-13 Network Redirection Intruders can fool routers into sending traffic to unauthorized locations

95752:3-14 Other Network Attacks Tapping –Method depends on network medium –Countermeasures: Encryption Physical protection & inspection Van Eck Radiation –Current through wire: Radio waves –Receiver tunes in on hosts/network –Countermeasures: Encryption Distance Emission Control

95752:3-15 Generate Password Use a dictionary Requires: Scrambled password, Encryption method & Large dictionary Password Cracking –Natural language words and slang –Backwards / Forwards / Punctuation and Numbers inserted –Program: 27,000 passwords in approx 3 seconds (Pentium II/133) Countermeasures –Preventive strike (BEWARE) –Password rules –Other authentication

95752:3-16 Guess Password Use knowledge of user –System information –Personal information –Occupation information Often combined with dictionary attack Countermeasures –Password rules –Other authentication

95752:3-17 Passwords on Many Machines One or Many? –Ease of memorization vs. likelihood of writing –Options: Secure stored passwords Network authentication method Algorithm for varying passwords

95752:3-18 Something You Have Convert logical security to physical security –One-time pad –Strip card / smart card –Dongle –Challenge-Response calculator Problems: Cost & token issuing/handling Advantages: Physical presence; hard to hack

95752:3-19 Something You Are Biometrics: Measure physical characteristic –Face geometry –Hand geometry –Fingerprint –Voiceprint –Retinal Scan –Signature Advantages: Physical presence, not easily lost Disadvantages: Cost, Security, Variation, Handicaps

95752:3-20 Authentication Summary Many different options available None perfect Combined solutions are possible Risk: assumption that other method will protect weaknesses Overlapping design needed

95752:3-21 Computer Files File: almost every visible aspect of system Human names vs. Computer reference Information on files: –Location –Size –Type –Creation and access times –Owner –Protections

95752:3-22 File Protections File Permissions: grouped usage –Owner, Collaborators and others –Read, Write, Execute, etc. allowed Access Control Lists: who can do what –Account name and permissions Syntax and Semantics depend on Operating System

95752:3-23 Using File Permissions Be as restrictive as reasonable Use minimal permissions as defaults Enforce individual account usage Use directory permissions “Something everyone owns, no one owns”

95752:3-24 Defeating File Permissions Physical access: – Reboot under different Operating System – Raw access Subvert applications – Trojan Horses – Direct corruption – Virus Countermeasures: – Physical protection – Disk encryption – Configuration Control – Integrity checking

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.