Chapter 3: Security Basics Security+ Guide to Network Security Fundamentals Second Edition.

Slides:



Advertisements
Similar presentations
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Advertisements

Lecture 6 User Authentication (cont)
An investigation into the security features of Oracle 10g R2 Enterprise Edition Supervisor: Mr J Ebden.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Access Control Methodologies
Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand.
Authentication & Kerberos
Security+ Guide to Network Security Fundamentals, Fourth Edition
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Chapter 11 Firewalls.
Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 12 Network Security.
Security+ Guide to Network Security Fundamentals, Third Edition
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Security Awareness: Applying Practical Security in Your World
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Authentication, Authorization and Accounting
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Chapter 10: Authentication Guide to Computer Network Security.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Chapter 3: Security Basics Security+ Guide to Network Security Fundamentals Second Edition.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Cryptography and Network Security
BUSINESS B1 Information Security.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
CSC8320. Outline Content from the book Recent Work Future Work.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Chapter 21 Distributed System Security Copyright © 2008.
Information Systems Security
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
Li Xiong CS573 Data Privacy and Security Access Control.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?
Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
Access Control / Authenticity Michael Sheppard 11/10/10.
Computer Security By Duncan Hall.
Privilege Management Chapter 22.
CPT 123 Internet Skills Class Notes Internet Security Session B.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
CSCE 201 Identification and Authentication Fall 2015.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Authentication, Authorization and Accounting Lesson 2.
Chapter One: Mastering the Basics of Security
Radius, LDAP, Radius used in Authenticating Users
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Network Security Unit-VI
Security in Networking
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Authentication Chapter 2.
PLANNING A SECURE BASELINE INSTALLATION
Computer Security Protection in general purpose Operating Systems
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Chapter 3: Security Basics Security+ Guide to Network Security Fundamentals Second Edition

Security+ Guide to Network Security Fundamentals, 2e 2 Objectives Identify who is responsible for information security Describe security principles Use effective authentication methods Control access to computer systems Audit information security schemes

Security+ Guide to Network Security Fundamentals, 2e 3 Identifying Who Is Responsible for Information Security When an organization secures its information, it completes a few basic tasks: –It must analyze its assets and the threats these assets face from threat agents –It identifies its vulnerabilities and how they might be exploited –It regularly assesses and reviews the security policy to ensure it is adequately protecting its information

Security+ Guide to Network Security Fundamentals, 2e 4 Identifying Who Is Responsible for Information Security (continued) Bottom-up approach: major tasks of securing information are accomplished from the lower levels of the organization upwards This approach has one key advantage: the bottom- level employees have the technical expertise to understand how to secure information

Security+ Guide to Network Security Fundamentals, 2e 5 Identifying Who Is Responsible for Information Security (continued)

Security+ Guide to Network Security Fundamentals, 2e 6 Identifying Who Is Responsible for Information Security (continued) Top-down approach starts at the highest levels of the organization and works its way down A security plan initiated by top-level managers has the backing to make the plan work

Security+ Guide to Network Security Fundamentals, 2e 7 Identifying Who Is Responsible for Information Security (continued) Chief information security officer (CISO): helps develop the security plan and ensures it is carried out Human firewall: describes the security-enforcing role of each employee

Security+ Guide to Network Security Fundamentals, 2e 8 Understanding Security Principles Ways information can be attacked: –Crackers can launch distributed denial-of-service (DDoS) attacks through the Internet –Spies can use social engineering –Employees can guess other user’s passwords –Hackers can create back doors Protecting against the wide range of attacks calls for a wide range of defense mechanisms

Security+ Guide to Network Security Fundamentals, 2e 9 Layering Layered security approach has the advantage of creating a barrier of multiple defenses that can be coordinated to thwart a variety of attacks Information security likewise must be created in layers All the security layers must be properly coordinated to be effective

Security+ Guide to Network Security Fundamentals, 2e 10 Layering (continued)

Security+ Guide to Network Security Fundamentals, 2e 11 Limiting Limiting access to information reduces the threat against it Only those who must use data should have access to it Access must be limited for a subject (a person or a computer program running on a system) to interact with an object (a computer or a database stored on a server) The amount of access granted to someone should be limited to what that person needs to know or do

Security+ Guide to Network Security Fundamentals, 2e 12 Limiting (continued)

Security+ Guide to Network Security Fundamentals, 2e 13 Diversity Diversity is closely related to layering You should protect data with diverse layers of security, so if attackers penetrate one layer, they cannot use the same techniques to break through all other layers Using diverse layers of defense means that breaching one security layer does not compromise the whole system

Security+ Guide to Network Security Fundamentals, 2e 14 Diversity (continued) You can set a firewall to filter a specific type of traffic, such as all inbound traffic, and a second firewall on the same system to filter another traffic type, such as outbound traffic Using firewalls produced by different vendors creates even greater diversity

Security+ Guide to Network Security Fundamentals, 2e 15 Obscurity Obscuring what goes on inside a system or organization and avoiding clear patterns of behavior make attacks from the outside difficult

Security+ Guide to Network Security Fundamentals, 2e 16 Simplicity Complex security systems can be difficult to understand, troubleshoot, and feel secure about The challenge is to make the system simple from the inside but complex from the outside

Security+ Guide to Network Security Fundamentals, 2e 17 Using Effective Authentication Methods Information security rests on three key pillars: –Authentication –Access control –Auditing

Security+ Guide to Network Security Fundamentals, 2e 18 Using Effective Authentication Methods (continued) Authentication: –Process of providing identity –Can be classified into three main categories: what you know, what you have, what you are –Most common method: providing a user with a unique username and a secret password

Security+ Guide to Network Security Fundamentals, 2e 19 Username and Password (continued) ID management: –User’s single authenticated ID is shared across multiple networks or online businesses –Attempts to address the problem of users having individual usernames and passwords for each account (thus, resorting to simple passwords that are easy to remember) –Can be for users and for computers that share data

Security+ Guide to Network Security Fundamentals, 2e 20 Tokens Token: security device that authenticates the user by having the appropriate permission embedded into the token itself Passwords are based on what you know, tokens are based on what you have Proximity card: plastic card with an embedded, thin metal strip that emits a low-frequency, short-wave radio signal

Security+ Guide to Network Security Fundamentals, 2e 21 Biometrics Uses a person’s unique characteristics to authenticate them Is an example of authentication based on what you are Human characteristics that can be used for identification include: –Fingerprint– Face –Hand– Iris –Retina– Voice

Security+ Guide to Network Security Fundamentals, 2e 22 Biometrics (continued)

Security+ Guide to Network Security Fundamentals, 2e 23 Certificates The key system does not prove that the senders are actually who they claim to be Certificates let the receiver verify who sent the message Certificates link or bind a specific person to a key Digital certificates are issued by a certification authority (CA), an independent third-party organization

Security+ Guide to Network Security Fundamentals, 2e 24 Kerberos Authentication system developed by the Massachusetts Institute of Technology (MIT) Used to verify the identity of networked users, like using a driver’s license to cash a check Typically used when someone on a network attempts to use a network service and the service wants assurance that the user is who he says he is

Security+ Guide to Network Security Fundamentals, 2e 25 Kerberos (continued) A state agency, such as the DMV, issues a driver’s license that has these characteristics: –It is difficult to copy –It contains specific information (name, address, height, etc.) –It lists restrictions (must wear corrective lenses, etc.) –It expires on a specified date The user is provided a ticket that is issued by the Kerberos authentication server (AS), much as a driver’s license is issued by the DMV

Security+ Guide to Network Security Fundamentals, 2e 26 Challenge Handshake Authentication Protocol (CHAP) Considered a more secure procedure for connecting to a system than using a password –User enters a password and connects to a server; server sends a challenge message to user’s computer –User’s computer receives message and uses a specific algorithm to create a response sent back to the server –Server checks response by comparing it to its own calculation of the expected value; if values match, authentication is acknowledged; otherwise, connection is terminated

Security+ Guide to Network Security Fundamentals, 2e 27 Challenge Handshake Authentication Protocol (CHAP) (continued)

Security+ Guide to Network Security Fundamentals, 2e 28 Mutual Authentication Two-way authentication (mutual authentication) can be used to combat identity attacks, such as man-in- the-middle and replay attacks The server authenticates the user through a password, tokens, or other means

Security+ Guide to Network Security Fundamentals, 2e 29 Mutual Authentication (continued)

Security+ Guide to Network Security Fundamentals, 2e 30 Multifactor Authentication Multifactor authentication: implementing two or more types of authentication Being strongly proposed to verify authentication of cell phone users who use their phones to purchase goods and services

Security+ Guide to Network Security Fundamentals, 2e 31 Controlling Access to Computer Systems Restrictions to user access are stored in an access control list (ACL) An ACL is a table in the operating system that contains the access rights each subject (a user or device) has to a particular system object (a folder or file)

Security+ Guide to Network Security Fundamentals, 2e 32 Controlling Access to Computer Systems (continued) In Microsoft Windows, an ACL has one or more access control entries (ACEs) consisting of the name of a subject or group of subjects Inherited rights: user rights based on membership in a group Review pages 85 and 86 for basic folder and file permissions in a Windows Server 2003 system

Security+ Guide to Network Security Fundamentals, 2e 33 Mandatory Access Control (MAC) A more restrictive model The subject is not allowed to give access to another subject to use an object

Security+ Guide to Network Security Fundamentals, 2e 34 Role Based Access Control (RBAC) Instead of setting permissions for each user or group, you can assign permissions to a position or role and then assign users and other objects to that role Users and objects inherit all of the permissions for the role

Security+ Guide to Network Security Fundamentals, 2e 35 Discretionary Access Control (DAC) Least restrictive model One subject can adjust the permissions for other subjects over objects Type of access most users associate with their personal computers

Security+ Guide to Network Security Fundamentals, 2e 36 Auditing Information Security Schemes Two ways to audit a security system –Logging records which user performed a specific activity and when –System scanning to check permissions assigned to a user or role; these results are compared to what is expected to detect any differences

Security+ Guide to Network Security Fundamentals, 2e 37 Summary Creating and maintaining a secure environment cannot be delegated to one or two employees in an organization Major tasks of securing information can be accomplished using a bottom-up approach, where security effort originates with low-level employees and moves up the organization chart to the CEO In a top-down approach, the effort starts at the highest levels of the organization and works its way down

Security+ Guide to Network Security Fundamentals, 2e 38 Summary (continued) Basic principles for creating a secure environment: layering, limiting, diversity, obscurity, and simplicity Basic pillars of security: –Authentication: verifying that a person requesting access to a system is who he claims to be –Access control: regulating what a subject can do with an object –Auditing: review of the security settings

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.