Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.

Published byWilfred Green Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc."— Presentation transcript:

1 1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc. (Statistics, Major in Econometrics) Dhaka University PGD(ICT)BUET M. Sc. (ICT) BUET Assistant Professor, BIBM, Mirpur, Dhaka. Cell: 01556323244, Mail: alam_mr@yahoo.com Website: mralam.net

2 2 Kiosk Branch Internet Customer POST PSTN ATM Branch Other Bank Mobile Call Center

3 3 Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

4 4 Data access typically refers to software and activities related to storing, retrieving, or acting on data housed in a database or other repository. Data Access is simply the authorization you have to access different data files. Data Access Control Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

5 5 Access Controls Access Controls should provide reasonable assurance that data and applications are protected against unauthorized modifications, disclosure, loss or impairment. Such controls include physical controls, such as keeping a computer in a locked room to limit physical access, and logical controls such as security software programs designed to prevent or detect unauthorized access to sensitive files. Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

6 6  Implement Separation of duties (SOD) a preventive control.  Establish test and production environments which are preventive control.  Restrict user account and Database administrator access which is a preventive control. Restricting Access Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

7 7 Elements to restrict include: Data access (Successful/Failed Selects) Data Changes (Insert, Update, Delete) System Access (Successful/Failed Logins); User/Role/Permissions/Password changes Privileged User Activity (All) Schema Changes (Create/Drop/Alter Tables, Columns, Fields) Identification, Authentication and Process Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

8 8 Authentication Methods We can authenticate an identity in three ways: Something the user knows (such as a password or personal identification number) Something the user has (a security token or smart card) Something the user is (a physical characteristic, such as a fingerprint, called a biometric). Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

9 9 Fingerprint Recognition Hand or Palm Geometry Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

10 10 Facial Recognition Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

11 11 Eye Scans Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

12 12 USB Security Token or One Time Password RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman RSA Security LLC Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

13 Login Authentication AUTHENTICATION Database Server Verifies Trusted Connection Database Server Verifies Name and Password OR Database Server Windows 2000 Group or User Windows 2000 Group or User Windows 2000 Database Server Login Account

14 Database User Accounts and Roles Database Server Assigns Logins to User Accounts and Roles Database User Database Role Windows 2000 Group User Database Server Login Account Database Server Verifies Trusted Connection Database Server Verifies Name and Password Database Server Windows 2000 OR

15 Database Server Checks Permissions Permission Validation Permissions OK; Performs Command Permissions not OK; Returns Error 2233 SELECT * FROM Members Database User Executes Command 11

16 Granting Permissions to Allow Access User/RoleUser/RoleSELECTSELECT Eva Ivan David public INSERTINSERT UPDATEUPDATE DELETEDELETE

17 Denying Permissions to Prevent Access User/RoleUser/RoleSELECTSELECT Eva Ivan David public INSERTINSERT UPDATEUPDATE DELETEDELETE

18 Revoking Granted and Denied Permissions User/RoleUser/RoleSELECTSELECT Eva Ivan David public INSERTINSERT UPDATEUPDATE DELETEDELETE

19 19 Password Policy  Use of both upper- and lower-case letters (case sensitivity)  Inclusion of one or more numerical digits  Inclusion of special characters, e.g. @, #, $ etc.  Prohibition of words found in a dictionary or the user's personal information  Prohibition of passwords that match the format of calendar dates, license plate numbers, telephone numbers, or other common numbers  Prohibition of use of company name or an abbreviation Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

20 20 Password Duration Some policies require users to change passwords periodically, e.g. every 90 or 180 days. The benefit of password expiration, however, is debatable. Systems that implement such policies sometimes prevent users from picking a password too close to a previous selection. Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

21 21 Common Password Practice  Never share a computer account  Never use the same password for more than one account  Never tell a password to anyone, including people who claim to be from customer service or security  Never write down a password  Never communicate a password by telephone, e-mail or instant messaging Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

22 22 Common Password Practice  Being careful to log off before leaving a computer unattended  Changing passwords whenever there is suspicion they may have been compromised  Operating system password and application passwords are different  Password should be alpha-numeric  Never use online password generation tools Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

23 23 Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability. Password Strength Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

24 24 MFA, two-factor authentication, TFA, T-FA or 2FA is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something only the user knows"), a possession factor ("something only the user has"), and an inherence factor ("something only the user is"). After presentation, each factor must be validated by the other party for authentication to occur. Multi-factor Authentication (MFA) Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

25 25 Something only the user knows (e.g., password, PIN, pattern); Something only the user has (e.g., ATM card, smart card, mobile phone); Something only the user is (e.g., biometric characteristic, such as a fingerprint). Multi-factor Authentication (MFA) Md. Mahbubur Rahman Alam, Assistant Professor (ICT), BIBM. Mail: alam_mr@yahoo.com

26 26 Questions are Welcome Thank You

Download ppt "1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc."

Similar presentations

Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Access Control Methodologies

Access Control Methodologies
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
© 2005-07 NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
ESCCO Data Security Training David Dixon September 2014.

ESCCO Data Security Training David Dixon September 2014.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.

Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.

Similar presentations

Ads by Google