Authorization vs. Authentication Authentication is the process of proving identity to the system –login Authorization happens after authentication. It.

Slides:



Advertisements
Similar presentations
Policing the Power of Identity Controls Power Behavior Verify that controls are in place and functioning Monitor user behavior and verify that people.
Advertisements

By Aidan Summerville.  The process inn which a person’s unique physical and other traits are detected and recorded by an electronic device or system.
By: Monika Achury and Shuchita Singh
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Chapter 2 Accessing Your System and the Common Desktop Environment.
95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
PALM VEIN TECHNOLOGY.
SE571 Security in Computing
Marjie Rodrigues
Lecture 3: Access Control Fred Chong CS290N Architectural Support for Secure and Reliable Computing.
Geoff Lacy. Outline  Definition  Technology  Types of biometrics Fingerprints Iris Retina Face Other ○ Voice, handwriting, DNA  As an SA.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Extranet Enhancements JTC Spring 2015 May 13, 2015.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 6 BIOMETRICS.
CSCE 201 Identification and Authentication Microsoft support Fall 2010.
Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.
» Jun 9, 2003 Speaker Verification Secure AND Efficient, Deployments in Finance and Banking Jonathan Moav Director of Marketing
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Cyber Security Awareness Month Using Your Laptop Safely On the Road Off-Campus Safe Computing Part 2.
G53SEC 1 Authentication and Identification Who? What? Where?
Protection in General- Purpose OS Week-3. Our Main Concern In what way do operating systems protect one user’s process from inadvertent or malicious interaction.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
Security in Computing Protection in General-Purpose Operating Systems.
Biometrics and Retina Scan Technology Lum OSMANI Alex CHERVENKOV Course: Information Security April 2008.
G53SEC 1 Authentication and Identification Who? What? Where?
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
By: Nikhil Bendre Gauri Jape.  What is Identity?  Digital Identity  Attributes  Role  Relationship.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
MA194Using WindowsNT1 Topics for the day… WindowsNT Security WindowsNT File System (NTFS) Viewing/Setting Document and Folder Permissions Access Control.
Welcome Topic : Security.
1 Figure 2-8: Access Cards Magnetic Stripe Cards Smart Cards  Have a microprocessor and RAM  More sophisticated than mag stripe cards  Release only.
End-of Sprint Demo Sprint 1 “Auth Module, beta Release” Robert Wagner Jessica Lundberg Erik Roos.
Authentication What you know? What you have? What you are?
Biometrics Chuck Cook Matthew Etten Jeremy Vaughn.
CSCI 530 Lab Authorization. Review Authentication: proving the identity of someone Passwords Smart Cards DNA, fingerprint, retina, etc. Authorization:
Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Topic 8 – Security Methods 1)TechMed scenario covers Security methods and devices, including biometrics In the scenario: Implied.
CSCE 201 Identification and Authentication Fall 2015.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Computer Security Set of slides 8 Dr Alexei Vernitski.
Unit 1 Living in the Digital WorldChapter 2 On the move This presentation will cover the following topic: Solving a last-minute hitch Name:
An Introduction to Biometrics
Michael Carlino. ROADMAP -Biometrics Definition -Different types -Future -Advantages -Disadvantages -Common Biometric Report -Current Issues.
Identification (User Authentication). Model Alice wishes to prove to Bob her identity in order to access a resource, obtain a service etc. Bob may ask.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Understand User Authentication LESSON 2.1A Security Fundamentals.
Group policy.
Outline The basic authentication problem
Chapter 6 – Users, Groups, and Permissions
Chapter One: Mastering the Basics of Security
Challenge/Response Authentication
Cloud SaaS Integrates with Office 365 to Meet the Needs for Business Contact Management “Pobuca combined with Microsoft Office 365 and Azure Active Directory.
Authentication CSE 465 – Information Assurance Fall 2017 Adam Doupé
Outline What does the OS protect? Authentication for operating systems
Biometrics.
Biometric Security Fujitsu Palm Vein Technology
Outline What does the OS protect? Authentication for operating systems
What is an Operating System?
Operating Systems Security
Authentication CSE 365 – Information Assurance Fall 2018 Adam Doupé
COEN 351 Authentication.
CS703 - Advanced Operating Systems
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Authentication CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

Authorization vs. Authentication Authentication is the process of proving identity to the system –login Authorization happens after authentication. It determines what you have rights to. –Data access, read/write/modify –Program execution allowed or not –Ability to search directories

Authentication Authentication has proven to be one of the most difficult tasks in system security. –What can be used to uniquely identify a user or group to the system and still be secure?

Authentication Methods –Userid/password Easy to implement Hard to administer –Difficult requiring users to have adequate passwords –What is an adequate password? –Humans have bad memories. What was my password? –Should there be a time limit on the password? –ID Cards Requires some equipment cost Doesn’t guarantee the actual user is the one with the card What about lost/stolen cards?

Authentication Methods –ID Cards / password The id card acts as a user id Adds no more security. Combines the worst of both the userid/password system and the ID card system –Biometrics Fingerprint –Expensive hardware (getting cheaper) –What happens when the user gets a cut, or was gardening over the weekend?

Authentication Methods –Biometrics Iris Scan –Very expensive equipment –Many false negatives –What happens with contacts? –What about eyes exams? Facial Recognition –Very expensive –Has not worked once yet? In all forms of authentication some sort of manual bypass is required! –Which allows for social engineering exploits!

Authorization There are two major ways of providing authorization –UNIX file permissions –ACL (Access Control List) Created by Novel Used by Microsoft – with some changes!

When you have a problem with your machine and you are on a tech support call, do you give your super user / administrator password to the technician?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.