Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Published byHarold McCoy Modified over 9 years ago

Similar presentations

Presentation on theme: "Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan."— Presentation transcript:

1 Dr. John P. Abraham Professor UTPA

2  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan

3  Access control is the process by which resources or services are granted or denied ◦ Identification – presentation of credentials ◦ Authentication – verification of the credentials that they are genuine ◦ Authorization – granting permission for admittance ◦ Access – right to use specific resources ◦ Accounting – measures the resources a user consumes. May provide evidence of problems from log files.

4  System generates a unique password on demand that is not reusable. ◦ Time-synchronized OTP used in conjunction with a token. The token is something like a modern keyless car key. The server and the token uses similar algorithm to generate a key every 30 to 60 seconds. The key is only valid as long as it is displayed on the token. It can be used to login with a user name just once. ◦ Challenge based OTP. When a user attempts to login, the server issues a random number. This number is entered into the token which generates a key.

5 Security+ Guide to Network Security Fundamentals, Third Edition One-Time Passwords (continued) 5

6  A persons unique characteristics.  Fingerprints, faces, hands, irises and retinas.

7 Security+ Guide to Network Security Fundamentals, Third Edition Standard Biometrics (continued) 7

8  Keystroke dynamics ◦ User’s unique typing rhythm – dwell time (time to press and release) and flight time (time between keystrokes)  Voice recognition  Computer footprinting (computer habits of a person). Suppose person usually access the bank record from home at certain time.

9  Related to the perception, thought process and understanding of the user. User’s life experiences. Such as memorable events, specific questions only the person would know.

10  Single and multi-factor authentication  Single sign-on – one authentication to access multiple accounts or applications. Example windows live id. ◦ Windows live id was introduced in 1999 as.net passport. ◦ When a user wants to log into a web site that supports windows live id, the user will first be redirected to the nearest authentication server, where he/she enters the name and password; once authenticated the user is given an encrypted time- limited global cookie that is stored along with an encrypted id tag. This id tag is then sent to the web site, which in turn checks the cookie on the users computer, and places its on cookie. The use of global and local cookies is the basis of live id.

11  Provides users with control of their digital identities. ◦ Allows users to create and use virtual business cards that contain information that identifies the user. Websites can ask for their card rather than requiring them for username and password. ◦ Users can download cards from identity providers such as their bank or e-commerce website (managed cards). Personal cards are general- purpose information card created by the user himself. http://www.microsoft.com/windows/products/winf amily/cardspace/default.mspx http://www.microsoft.com/windows/products/winf amily/cardspace/default.mspx

12  decentralized authentication  Open source federated identity management  url based identity system. Example, myopenid.com creates a web url for you. http://jpabraham.myopenid.com/ http://jpabraham.myopenid.com/

13  Dedicated servers for AAA (authentication, authorization, accounting)  Example: Radius, Kerberos, CACACS+  Also generic servers built on lightweight Directory Access Protocol (LDAP)

14  Remote Authentication Dial in User Service  Developed in 1992  Suitable for high-volume service such as dial in access to corporate network  Allows an organization to maintain user profiles in a central database that all remote servers can share

15  Developed by MIT  Can be used with vista, win 2008, apple mac os x, and linux  When user wants to use a network service, the user is issued a ticket by Kerberos (which is very similar to a driver license, used to cash checks)

16  Runs over TCP/IP, making it ideal for Internet and intranet application  Developed by Netscape communications and the university of mitchigan in 1996

17  Remote Access Services (RAS)-Microsoft’s built-in remote access modem tools for windows NT  VPNs - Remote-access vpn and virtual private dial-up network ◦ Can be software based or hardware based.

18  Uses an unsecured public network such as the internet as if it were a secure network.  It does this by encrypting data that is transmitted between the remote device and the network.  Remote access VPN ( virtual private dialup network) ◦ User-to-LAN ◦ Site-to-site vpn: multiple sites connects together. (lan to lan) ◦ VPN concentrator is a dedicated hardware which aggregates multiple connections

19  When VPNs on two ends are not controlled by the same company, it is better to use software based VPN.  Best for travelling people, because they do not have carry another hardware.  Does not have quite the security of the hardware devices.  Does not have the same performance as the hardware devices.

Download ppt "Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan."

Similar presentations

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Remote Access Network Management Kelly Given Allison Traina.

Remote Access Network Management Kelly Given Allison Traina.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Remote Desktop Connection Techniques Wireless Communication Networks.

Remote Desktop Connection Techniques Wireless Communication Networks.
An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.

An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.

VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Similar presentations

Ads by Google