Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Slides:

Advertisements

Similar presentations

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

Security+ Guide to Network Security Fundamentals, Fourth Edition

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

Security+ Guide to Network Security Fundamentals, Third Edition

Remote Access Network Management Kelly Given Allison Traina.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

FIT3105 Smart card based authentication and identity management Lecture 4.

Remote Desktop Connection Techniques Wireless Communication Networks.

An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

.  Define authentication  Authentication credentials  Authentication models  Authentication servers  Extended authentication protocols  Virtual.

Remote Networking Architectures

Virtual Private Network

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Authentication, Authorization and Accounting

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

Windows Server 2008 Chapter 9 Last Update

Chapter 10: Authentication Guide to Computer Network Security.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Configuring Routing and Remote Access(RRAS) and Wireless Networking

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

IT Terminology Quiz VSB 1002: Business Dynamics II Spring 2009.

Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.

Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets.

Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.

BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Chapter 3: Security Basics Security+ Guide to Network Security Fundamentals Second Edition.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.

Operating System Security Fundamentals Dr. Gabriel.

Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.

Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.

Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

WHAT IS E-COMMERCE? E-COMMERCE is a online service that helps the seller/buyer complete their transaction through a secure server. Throughout the past.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

Chapter 13: Managing Identity and Authentication.

VPN Alex Carr. Overview  Introduction  3 Main Purposes of a VPN  Equipment  Remote-Access VPN  Site-to-Site VPN  Extranet Based  Intranet Based.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

Information Systems Design and Development Security Precautions Computing Science.

1 Example security systems n Kerberos n Secure shell.

Virtual Private Network Wo Yan Lam. Overview What is Virtual Private Network Different types of VPN –Remote-Access VPN –Site-to-site VPN Security features.

7/10/20161 Computer Security Protection in general purpose Operating Systems.

Understand User Authentication LESSON 2.1A Security Fundamentals.

Authentication, Authorization and Accounting Lesson 2.

Authentication and Account Management

Radius, LDAP, Radius used in Authenticating Users

Presentation transcript:

Dr. John P. Abraham Professor UTPA

 Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan

 Access control is the process by which resources or services are granted or denied ◦ Identification – presentation of credentials ◦ Authentication – verification of the credentials that they are genuine ◦ Authorization – granting permission for admittance ◦ Access – right to use specific resources ◦ Accounting – measures the resources a user consumes. May provide evidence of problems from log files.

 System generates a unique password on demand that is not reusable. ◦ Time-synchronized OTP used in conjunction with a token. The token is something like a modern keyless car key. The server and the token uses similar algorithm to generate a key every 30 to 60 seconds. The key is only valid as long as it is displayed on the token. It can be used to login with a user name just once. ◦ Challenge based OTP. When a user attempts to login, the server issues a random number. This number is entered into the token which generates a key.

Security+ Guide to Network Security Fundamentals, Third Edition One-Time Passwords (continued) 5

 A persons unique characteristics.  Fingerprints, faces, hands, irises and retinas.

Security+ Guide to Network Security Fundamentals, Third Edition Standard Biometrics (continued) 7

 Keystroke dynamics ◦ User’s unique typing rhythm – dwell time (time to press and release) and flight time (time between keystrokes)  Voice recognition  Computer footprinting (computer habits of a person). Suppose person usually access the bank record from home at certain time.

 Related to the perception, thought process and understanding of the user. User’s life experiences. Such as memorable events, specific questions only the person would know.

 Single and multi-factor authentication  Single sign-on – one authentication to access multiple accounts or applications. Example windows live id. ◦ Windows live id was introduced in 1999 as.net passport. ◦ When a user wants to log into a web site that supports windows live id, the user will first be redirected to the nearest authentication server, where he/she enters the name and password; once authenticated the user is given an encrypted time- limited global cookie that is stored along with an encrypted id tag. This id tag is then sent to the web site, which in turn checks the cookie on the users computer, and places its on cookie. The use of global and local cookies is the basis of live id.

 Provides users with control of their digital identities. ◦ Allows users to create and use virtual business cards that contain information that identifies the user. Websites can ask for their card rather than requiring them for username and password. ◦ Users can download cards from identity providers such as their bank or e-commerce website (managed cards). Personal cards are general- purpose information card created by the user himself. amily/cardspace/default.mspx amily/cardspace/default.mspx

 decentralized authentication  Open source federated identity management  url based identity system. Example, myopenid.com creates a web url for you.

 Dedicated servers for AAA (authentication, authorization, accounting)  Example: Radius, Kerberos, CACACS+  Also generic servers built on lightweight Directory Access Protocol (LDAP)

 Remote Authentication Dial in User Service  Developed in 1992  Suitable for high-volume service such as dial in access to corporate network  Allows an organization to maintain user profiles in a central database that all remote servers can share

 Developed by MIT  Can be used with vista, win 2008, apple mac os x, and linux  When user wants to use a network service, the user is issued a ticket by Kerberos (which is very similar to a driver license, used to cash checks)

 Runs over TCP/IP, making it ideal for Internet and intranet application  Developed by Netscape communications and the university of mitchigan in 1996

 Remote Access Services (RAS)-Microsoft’s built-in remote access modem tools for windows NT  VPNs - Remote-access vpn and virtual private dial-up network ◦ Can be software based or hardware based.

 Uses an unsecured public network such as the internet as if it were a secure network.  It does this by encrypting data that is transmitted between the remote device and the network.  Remote access VPN ( virtual private dialup network) ◦ User-to-LAN ◦ Site-to-site vpn: multiple sites connects together. (lan to lan) ◦ VPN concentrator is a dedicated hardware which aggregates multiple connections

 When VPNs on two ends are not controlled by the same company, it is better to use software based VPN.  Best for travelling people, because they do not have carry another hardware.  Does not have quite the security of the hardware devices.  Does not have the same performance as the hardware devices.