1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.

Slides:



Advertisements
Similar presentations
Lecture 6 User Authentication (cont)
Advertisements

Computer Security Computer Security is defined as:
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Access Control Methodologies
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Chapter 10: Authentication Guide to Computer Network Security.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
ESCCO Data Security Training David Dixon September 2014.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
Security Planning and Administrative Delegation Lesson 6.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Profiles, Password Policies, Privileges, and Roles
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Network Security & Accounting
Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.
Power Point Project Michael Bennett CST 105Y01 ONLINE Course Editor-Paulette Gannett.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Authentication What you know? What you have? What you are?
Access Control / Authenticity Michael Sheppard 11/10/10.
Privilege Management Chapter 22.
Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.
SEC835 Identity and Access Management Overview. Tasks of IAM Specify the rules of electronic identity Maintain identity Validate identity Define access.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
CSCE 201 Identification and Authentication Fall 2015.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Policies and Security for Internet Access
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Computer Security Sample security policy Dr Alexei Vernitski.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
SECURITY Prepared By: Dr. Vipul Vekariya.. 2 S ECURITY Secure system will control, through use of specific futures, access to information that only properly.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
Identity and Access Management
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
DATA SECURITY FOR MEDICAL RESEARCH
System Access Authentication
Chapter One: Mastering the Basics of Security
SECURITY in IT ~Shikhar Agarwal.
Security Barriers Asset Proper Access Attack Security System
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
State of e-Authentication in Higher Education Bernie Gleason
Things To Avoid: 1-Never your password to anyone.
2. Access Control Matrix Introduction to Computer Security © 2004 Matt Bishop 9/21/2018.
Fun gym Cambridge Nationals R001.
Fun gym Cambridge Nationals R001.
Setting up an online account
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Computer Security Authentication
Computer Security Protection in general purpose Operating Systems
Chapter Goals Discuss the CIA triad
Security Planning and Administrative Delegation
Presentation transcript:

1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc. (Statistics, Major in Econometrics) Dhaka University PGD(ICT)BUET M. Sc. (ICT) BUET Assistant Professor, BIBM, Mirpur, Dhaka. Cell: , Mail: Website: mralam.net

2 Kiosk Branch Internet Customer POST PSTN ATM Branch Other Bank Mobile Call Center

3 Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

4 Data access typically refers to software and activities related to storing, retrieving, or acting on data housed in a database or other repository. Data Access is simply the authorization you have to access different data files. Data Access Control Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

5 Access Controls Access Controls should provide reasonable assurance that data and applications are protected against unauthorized modifications, disclosure, loss or impairment. Such controls include physical controls, such as keeping a computer in a locked room to limit physical access, and logical controls such as security software programs designed to prevent or detect unauthorized access to sensitive files. Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

6  Implement Separation of duties (SOD) a preventive control.  Establish test and production environments which are preventive control.  Restrict user account and Database administrator access which is a preventive control. Restricting Access Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

7 Elements to restrict include: Data access (Successful/Failed Selects) Data Changes (Insert, Update, Delete) System Access (Successful/Failed Logins); User/Role/Permissions/Password changes Privileged User Activity (All) Schema Changes (Create/Drop/Alter Tables, Columns, Fields) Identification, Authentication and Process Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

8 Authentication Methods We can authenticate an identity in three ways: Something the user knows (such as a password or personal identification number) Something the user has (a security token or smart card) Something the user is (a physical characteristic, such as a fingerprint, called a biometric). Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

9 Fingerprint Recognition Hand or Palm Geometry Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

10 Facial Recognition Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

11 Eye Scans Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

12 USB Security Token or One Time Password RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman RSA Security LLC Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

Login Authentication AUTHENTICATION Database Server Verifies Trusted Connection Database Server Verifies Name and Password OR Database Server Windows 2000 Group or User Windows 2000 Group or User Windows 2000 Database Server Login Account

Database User Accounts and Roles Database Server Assigns Logins to User Accounts and Roles Database User Database Role Windows 2000 Group User Database Server Login Account Database Server Verifies Trusted Connection Database Server Verifies Name and Password Database Server Windows 2000 OR

Database Server Checks Permissions Permission Validation Permissions OK; Performs Command Permissions not OK; Returns Error 2233 SELECT * FROM Members Database User Executes Command 11

Granting Permissions to Allow Access User/RoleUser/RoleSELECTSELECT Eva Ivan David public INSERTINSERT UPDATEUPDATE DELETEDELETE

Denying Permissions to Prevent Access User/RoleUser/RoleSELECTSELECT Eva Ivan David public INSERTINSERT UPDATEUPDATE DELETEDELETE

Revoking Granted and Denied Permissions User/RoleUser/RoleSELECTSELECT Eva Ivan David public INSERTINSERT UPDATEUPDATE DELETEDELETE

19 Password Policy  Use of both upper- and lower-case letters (case sensitivity)  Inclusion of one or more numerical digits  Inclusion of special characters, #, $ etc.  Prohibition of words found in a dictionary or the user's personal information  Prohibition of passwords that match the format of calendar dates, license plate numbers, telephone numbers, or other common numbers  Prohibition of use of company name or an abbreviation Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

20 Password Duration Some policies require users to change passwords periodically, e.g. every 90 or 180 days. The benefit of password expiration, however, is debatable. Systems that implement such policies sometimes prevent users from picking a password too close to a previous selection. Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

21 Common Password Practice  Never share a computer account  Never use the same password for more than one account  Never tell a password to anyone, including people who claim to be from customer service or security  Never write down a password  Never communicate a password by telephone, or instant messaging Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

22 Common Password Practice  Being careful to log off before leaving a computer unattended  Changing passwords whenever there is suspicion they may have been compromised  Operating system password and application passwords are different  Password should be alpha-numeric  Never use online password generation tools Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

23 Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability. Password Strength Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

24 MFA, two-factor authentication, TFA, T-FA or 2FA is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something only the user knows"), a possession factor ("something only the user has"), and an inherence factor ("something only the user is"). After presentation, each factor must be validated by the other party for authentication to occur. Multi-factor Authentication (MFA) Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

25 Something only the user knows (e.g., password, PIN, pattern); Something only the user has (e.g., ATM card, smart card, mobile phone); Something only the user is (e.g., biometric characteristic, such as a fingerprint). Multi-factor Authentication (MFA) Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail:

26 Questions are Welcome Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.