Access Control / Authenticity Michael Sheppard 11/10/10.

Slides:

Advertisements

Similar presentations

CONFIDENTIAL 1 Preparing for & Maintaining PCI Compliance.

Advertisements

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

Access Control Methodologies

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

BTC - 1 Biometrics Technology Centre (BTC) Biometrics Solution for Authentication Prof. David Zhang Director Biometrics Technology Centre (UGC/CRC) Department.

Information Security Policies and Standards

EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.

FIT3105 Smart card based authentication and identity management Lecture 4.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

Security Awareness: Applying Practical Security in Your World

Access Control Dr.Talal Alkharobi.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Chapter 19 Security.

2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.

Security-Authentication

An Introduction to Information Assurance COEN 150 Spring 2007.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Chapter 10: Authentication Guide to Computer Network Security.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Data Confidentiality. Learning Objectives: By the end of this topic you should be able to: discuss the need to keep data confidential explain how data.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

BUSINESS B1 Information Security.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.

Encryption Objective 1: Explain data encryption procedures.

Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.

1 Boundary Control Chapter Materi: Boundary controls:  Cryptographic controls  Access controls  Personal identification numbers  Digital signatures.

CREATE THE DIFFERENCE Data and Information (Special thanks to Janet Francis for this presentation)

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Module 3 Configuring File Access and Printers on Windows 7 Clients.

CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.

Biometric Technologies

1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.

Authentication What you know? What you have? What you are?

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.

Trusted Operating Systems

TOPIC: AUTHENTICITY CREATED BY SWAPNIL SAHOO AuthenticityAuthorisation Access Control Basic Authentication Apache BASIC AUTHENTICATIONDIGEST ACCESS AUTHENTICATIONDHCP.

Privilege Management Chapter 22.

CSCE 201 Identification and Authentication Fall 2015.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

Access Control for Security Management BY: CONNOR TYGER.

22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.

SECURITY Prepared By: Dr. Vipul Vekariya.. 2 S ECURITY Secure system will control, through use of specific futures, access to information that only properly.

7/10/20161 Computer Security Protection in general purpose Operating Systems.

Information Security and Privacy By: Mike Battestilli.

CSCE 522 Identification and Authentication

Identity and Access Management

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Chapter One: Mastering the Basics of Security

SECURITY in IT ~Shikhar Agarwal.

Security Barriers Asset Proper Access Attack Security System

Two Way Authentication

Computer Security Authentication

Computer Security Protection in general purpose Operating Systems

Chapter Goals Discuss the CIA triad

Session 1 – Introduction to Information Security

Presentation transcript:

Access Control / Authenticity Michael Sheppard 11/10/10

Authenticity computing, e-business and information security necessary to ensure that the data, transactions, communications or documents are genuine. important for authenticity to validate that both parties involved are who they claim they are.

Access Control Access to protected information must be restricted to people who are authorized to access the information. computer programs, and the computers that process the information. mechanisms be in place to control the access to protected information sophistication of the access control mechanisms should be in parity with the value of the information being protected the more sensitive or valuable the information the stronger the control mechanisms need to be.

Today Username is the most common form of identification and the Password is the most common form of authentication Usernames and passwords are slowly being replaced with more sophisticated authentication mechanisms. Different computing systems are equipped with different kinds of access control mechanisms.

Access Control Identification: claim of ID Authentication: varifying claim 3 types of info for ID:  Something you know  Something you have  Something you are

Somthing you know: include such things as a PIN, a password, or your mother's maiden name.

Access Control Something you have: include a driver's license or a magnetic id card.

Something you are: include palm prints, finger prints, voice prints and retina scans. (Two factor authentication) Microlatch Fingerprint

Biometrics Two Main Classes: Physioligical: relating to shaped of the body. Behavioral: relating to the behavior of a person. Harder to steal biometric identity then forging a signature.

Authentication After a person, program or computer has successfully been identified and authenticated then it must be determined what informational resources they are permitted to access and what actions they will be allowed to perform (run, view, create, delete, or change). Authorization to access information and other computing services begins with administrative policies and procedures. The policies prescribe what information and computing services can be accessed, by whom, and under what conditions. The access control mechanisms are then configured to enforce these policies.

3 Types of Access Control non-discretionary approach consolidates all access control under a centralized administration. It is usually based on the individuals function in the organization or the tasks the individual must perform. discretionary approach gives the creator or owner of the information resource the ability to control access to those resources. mandatory access control approach, access is granted or denied basing upon the security classification assigned to the information resource.

Policies and other security controls must be enforceable and upheld. Effective policies ensure that people are held accountable for their actions. All failed and successful authentication attempts must be logged, and all access to information must leave some type of audit trail.

Conclusion Computer security authentication means verifying the identity of a user logging onto a network. Passwords, digital certificates, smart cards and biometrics can be used to prove the identity of the user to the network. Computer security authentication includes verifying message integrity, authentication and MAC (Message Authentication Code), checking the integrity of a transmitted message. There are human authentication, challenge-response authentication, password, digital signature, IP spoofing and biometrics.

Citations Authentication&id=