Presentation is loading. Please wait.

Presentation is loading. Please wait.

OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Published byAdrian Parker Modified over 9 years ago

Similar presentations

Presentation on theme: "OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication."— Presentation transcript:

1 OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication Methods  Encryption Methods

2 OV 11 - 2 Copyright © 2011 Element K Content LLC. All rights reserved. Security Factors Authorization AccountabilityAuditing Access control

3 OV 11 - 3 Copyright © 2011 Element K Content LLC. All rights reserved. Least Privilege User 1 User 4 User 2User 3 Data Entry Clerks Financial Coordinators Perform their job with more access privileges Perform their job with more access privileges Perform their job with fewer access privileges Perform their job with fewer access privileges

4 OV 11 - 4 Copyright © 2011 Element K Content LLC. All rights reserved. Non-Repudiation With non-repudiation:  Owner or sender of data remains associated with the data  Independent verification of sender’s identity  Sender is responsible for message and data

5 OV 11 - 5 Copyright © 2011 Element K Content LLC. All rights reserved. Threats Information Security Threats Changes to Information Interruption of Services Interruption of Access Damage to Hardware Damage to Facilities Unintentional or intentional Unintentional or intentional

6 OV 11 - 6 Copyright © 2011 Element K Content LLC. All rights reserved. Vulnerabilities Vulnerabilities include:  Improperly configured or installed hardware or software  Bugs in software or operating systems  Misuse of software or communication protocols  Poorly designed networks  Poor physical security  Insecure passwords  Unchecked user input  Design flaws in software or operating systems AttackerUnsecured routerInformation system

7 OV 11 - 7 Copyright © 2011 Element K Content LLC. All rights reserved. Attacks Physical Security AttacksSoftware-Based Attacks Social Engineering AttacksWeb Application-Based Attacks Network-Based Attacks

8 OV 11 - 8 Copyright © 2011 Element K Content LLC. All rights reserved. Risks Risks include:  System loss  Power outage  Network failure  Physical losses

9 OV 11 - 9 Copyright © 2011 Element K Content LLC. All rights reserved. Unauthorized Access Attacker Intentional or unintentional misuse Intentional or unintentional misuse Deliberate attack by outsider Deliberate attack by outsider

10 OV 11 - 10 Copyright © 2011 Element K Content LLC. All rights reserved. Data Theft Attacker Data in transit Files on server

11 OV 11 - 11 Copyright © 2011 Element K Content LLC. All rights reserved. Hackers and Attackers Possess skills to gain access to computers Always malicious intent HackerAttacker

12 OV 11 - 12 Copyright © 2011 Element K Content LLC. All rights reserved. Permissions Administrators: Full access User01: Read-only access Contractors: No access Marketing documents

13 OV 11 - 13 Copyright © 2011 Element K Content LLC. All rights reserved. NTFS Permissions  Supports file-level security on Windows operating systems  Permissions can be applied either to folders or to individual files.  When applied on a folder, these permissions, are applied to the files and subfolders within it.  There are several levels of NTFS permissions, which specify whether users can:  Read files or run applications  Write to existing files and  Modify, create, or delete files.

14 OV 11 - 14 Copyright © 2011 Element K Content LLC. All rights reserved. Group Policy Group policy controls workstation, and security features

15 OV 11 - 15 Copyright © 2011 Element K Content LLC. All rights reserved. Authentication Validates an individual’s credentials to access resources

16 OV 11 - 16 Copyright © 2011 Element K Content LLC. All rights reserved. User Name/Password Authentication Compares user’s credentials against stored credentials

17 OV 11 - 17 Copyright © 2011 Element K Content LLC. All rights reserved. Strong Passwords ! P a s s 1 2 3 4 Minimum length Special characters Uppercase letters Lowercase letters Numbers

18 OV 11 - 18 Copyright © 2011 Element K Content LLC. All rights reserved. Tokens PIN Unique value User information Password

19 OV 11 - 19 Copyright © 2011 Element K Content LLC. All rights reserved. Biometrics  Fingerprint scanner  Retinal scanner  Hand geometry scanner  Voice-recognition software  Facial-recognition software Fingerprint Scanner

20 OV 11 - 20 Copyright © 2011 Element K Content LLC. All rights reserved. Multi-Factor Authentication Password Requires validation of two authentication factors

21 OV 11 - 21 Copyright © 2011 Element K Content LLC. All rights reserved. Mutual Authentication Each party verifies another’s identity

22 OV 11 - 22 Copyright © 2011 Element K Content LLC. All rights reserved. SSO Email Instant Messaging

23 OV 11 - 23 Copyright © 2011 Element K Content LLC. All rights reserved. EAP EAP:  Hardware-based identifiers for authentication:  Fingerprint scanners  Smart Card readers  Different EAP type for each authentication scheme  Might need password in addition to physical authentication Fingerprint scanner

24 OV 11 - 24 Copyright © 2011 Element K Content LLC. All rights reserved. Kerberos Kerberos server Ticket User passes credentials to an authentication server

25 OV 11 - 25 Copyright © 2011 Element K Content LLC. All rights reserved. Wireless Authentication Methods There are three wireless authentication methods:  Open system  Shared-key  802.1x and EAP

26 OV 11 - 26 Copyright © 2011 Element K Content LLC. All rights reserved. Wireless Authentication Methods (Cont.)

27 OV 11 - 27 Copyright © 2011 Element K Content LLC. All rights reserved. Wireless Authentication Methods (Cont.) Shared WEP key

28 OV 11 - 28 Copyright © 2011 Element K Content LLC. All rights reserved. Wireless Authentication Methods (Cont.) Access point RADIUS serverActive directory Request Response

29 OV 11 - 29 Copyright © 2011 Element K Content LLC. All rights reserved. Encryption Converts data from cleartext to ciphertext

30 OV 11 - 30 Copyright © 2011 Element K Content LLC. All rights reserved. Encryption and Security Goals Encryption supports:  Confidentiality  Integrity  Non-repudiation

31 OV 11 - 31 Copyright © 2011 Element K Content LLC. All rights reserved. Key-Based Encryption Systems Shared-Key Encryption Encrypts data Decrypts data Same key on both sides

32 OV 11 - 32 Copyright © 2011 Element K Content LLC. All rights reserved. Key-Based Encryption Systems (Cont.) Key-Pair Encryption Computer AComputer B Computer A Computer B Public key B Computer AComputer B Public key A Exchange public keys Data encrypted using public key B Data decrypted using private key B 3 3 2 2 1 1

33 OV 11 - 33 Copyright © 2011 Element K Content LLC. All rights reserved. WEP Same security as on a wired network without encryption

34 OV 11 - 34 Copyright © 2011 Element K Content LLC. All rights reserved. WPA/WPA2 TKIP EAP TKIP provides improved data encryption. EAP provides stronger user authentication. TKIP provides improved data encryption. EAP provides stronger user authentication.

35 OV 11 - 35 Copyright © 2011 Element K Content LLC. All rights reserved. Digital Certificates User with CertificateDevice with Certificate

36 OV 11 - 36 Copyright © 2011 Element K Content LLC. All rights reserved. Certificate Encryption 1 1 2 2 4 4 3 3 1. User obtains certificate and keys 2. User shares public key 3. Data encrypted with public key 4. Data decrypted with private key

37 OV 11 - 37 Copyright © 2011 Element K Content LLC. All rights reserved. PKI CA CertificatesSoftwareServicesOther Cryptographic Components CA CA issuing user certificates

38 OV 11 - 38 Copyright © 2011 Element K Content LLC. All rights reserved. Certificate Authentication 1 1 2 2 4 4 3 3 1. Presents certificate 2. Validates and accepts certificate 3. Issues certificate 4. Certificate authentication is successful Certificate holderResource CA

39 OV 11 - 39 Copyright © 2011 Element K Content LLC. All rights reserved. DES 3 DES keys Shared DES key 56 bits8 parity bits Triple encoding

40 OV 11 - 40 Copyright © 2011 Element K Content LLC. All rights reserved. Encryption Devices Encryption device (HSM) Restricts execution of external programs

41 OV 11 - 41 Copyright © 2011 Element K Content LLC. All rights reserved. SSL SSL combines:  Digital certificates  RSA public-key encryption SSL

42 OV 11 - 42 Copyright © 2011 Element K Content LLC. All rights reserved. Encryption Using SSL Request secure connection 1 1 Send certificate and public key 2 2 Negotiate encryption 3 3 Generates and encrypts a session key 4 4 Uses session key for data encryption 5 5

43 OV 11 - 43 Copyright © 2011 Element K Content LLC. All rights reserved. TLS TCP/IP

44 OV 11 - 44 Copyright © 2011 Element K Content LLC. All rights reserved. Reflective Questions 1. Which of the basic security concepts in this lesson were familiar to you, and which were new? 2. Can you describe some situations in which you have used basic security techniques such as authentication, access control, and encryption, or made use of a security policy?

Download ppt "OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.

Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Web services security I

Web services security I
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Similar presentations

Ads by Google