Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technical Devices for Security Management Kathryn Hockman COSC 481.

Published byTracy Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "Technical Devices for Security Management Kathryn Hockman COSC 481."— Presentation transcript:

1 Technical Devices for Security Management Kathryn Hockman COSC 481

2 Outline Introduction Introduction Types of Devices Types of Devices Smart CardsSmart Cards Cryptographic tokensCryptographic tokens FirewallsFirewalls Biometric DevicesBiometric Devices Summery Summery

3 Introduction What kinds of technical devices are there for Security Management? What kinds of technical devices are there for Security Management? Smart CardsSmart Cards Cryptographic tokensCryptographic tokens Synchronous tokens Synchronous tokens Asynchronous tokens Asynchronous tokens FirewallsFirewalls Biometric DevicesBiometric Devices

4 Smart Cards A Smart Card is a card with embedded integrated circuits which can process information A Smart Card is a card with embedded integrated circuits which can process information A Smart Card can receive input which is processed and then gives output A Smart Card can receive input which is processed and then gives output In comparison to a “Dumb Card”, a Smart Card is secured so that only people with the enabling code (PIN) or using an authorized reader for the card can access the data stored on it. In comparison to a “Dumb Card”, a Smart Card is secured so that only people with the enabling code (PIN) or using an authorized reader for the card can access the data stored on it.

5 Cryptographic Tokens A Cryptographic Token is a device that is used to authenticate a user on a computer system. A Cryptographic Token is a device that is used to authenticate a user on a computer system. Two types: Two types: Synchronous tokensSynchronous tokens Asynchronous tokensAsynchronous tokens

6 Synchronous tokens Synchronous Token is a Cryptographic Token that is time-based and generates a value that is used in authentication Synchronous Token is a Cryptographic Token that is time-based and generates a value that is used in authentication The token’s value is valid for a set period of time before it changes, and is based on a secret key held by both the token and the server The token’s value is valid for a set period of time before it changes, and is based on a secret key held by both the token and the server Known Problem: Known Problem: Mistiming issuesMistiming issues

7 Asynchronous Token An Asynchronous Token is a device that uses a challenge-response mechanism to determine whether the user is valid. An Asynchronous Token is a device that uses a challenge-response mechanism to determine whether the user is valid. The server gives users a number, the user puts number into token to get response number for authentication The server gives users a number, the user puts number into token to get response number for authentication

8 Firewalls A Firewall is any device that prevents a specific type of information from the outside world to the inside world A Firewall is any device that prevents a specific type of information from the outside world to the inside world Types of Firewalls: Types of Firewalls: Packet filtering firewallsPacket filtering firewalls Application-level firewallsApplication-level firewalls Stateful inspection firewallsStateful inspection firewalls Dynamic packet filtering firewallsDynamic packet filtering firewalls

9 Application-level Firewalls An Application-level Firewall consists of dedicated computers kept separate from the first filtering router, used in conjunction with a separate or internal filtering router. An Application-level Firewall consists of dedicated computers kept separate from the first filtering router, used in conjunction with a separate or internal filtering router. It is also known as a proxy serverIt is also known as a proxy server

10 Stateful Inspection Firewalls Stateful Inspection Firewalls keeps track of each network connection established between internal and external system using a "state table“ Stateful Inspection Firewalls keeps track of each network connection established between internal and external system using a "state table“ Known Problem: Known Problem: Because of addition processing requirements of Stateful Inspection Firewalls, it makes DoS (Denial of Service) attacks easierBecause of addition processing requirements of Stateful Inspection Firewalls, it makes DoS (Denial of Service) attacks easier

11 Dynamic Packet Filtering Firewalls Dynamic Packet Filtering Firewalls allow only a particular packet with a specific source, destination, and port address to pass through the firewall Dynamic Packet Filtering Firewalls allow only a particular packet with a specific source, destination, and port address to pass through the firewall

12 Other Devices that involve Hybrid Firewall Systems Screened-host firewall system Screened-host firewall system Dual-homed host firewalls Dual-homed host firewalls Screened-subnet firewalls (with DMZ) Screened-subnet firewalls (with DMZ)

13 Screened-host Firewall System Screened-host Firewall System is a mix of a packet filtering router with a dedicated firewall like a proxy server Screened-host Firewall System is a mix of a packet filtering router with a dedicated firewall like a proxy server Can Include: Can Include: bastion hostbastion host A bastion host is a computer on a network that provides a single entrance and exit point to the Internet from the internal network and vice versa A bastion host is a computer on a network that provides a single entrance and exit point to the Internet from the internal network and vice versa sacrificial hostsacrificial host A computer server placed outside an organization's Internet Firewall to provide a service that might otherwise compromise the local net's security A computer server placed outside an organization's Internet Firewall to provide a service that might otherwise compromise the local net's security

14 Dual-homed Host Firewalls A Dual-homed Host Firewall uses two or more network interfaces. One connection is an internal network and the second connection is to the Internet. A Dual-homed Host Firewall uses two or more network interfaces. One connection is an internal network and the second connection is to the Internet. It works as a simple firewall provided there is no direct IP traffic between the Internet and the internal network. It works as a simple firewall provided there is no direct IP traffic between the Internet and the internal network.

15 Screened-subnet Firewalls (with DMZ) Screened-subnet Firewalls is made up of one or more screened internal bastion hosts behind a packet filtering firewall Screened-subnet Firewalls is made up of one or more screened internal bastion hosts behind a packet filtering firewall

16 Biometric Devices Certain Security Devices can use Biometrics to aide in Authentication Certain Security Devices can use Biometrics to aide in Authentication Biometrics are comprised of: Biometrics are comprised of: Something you areSomething you are Something you ProduceSomething you Produce

17 Biometrics Something you are: fingerprints fingerprints palm scan palm scan hand geometry hand geometry hand topography hand topography ID cards (face representation) ID cards (face representation) facial recognition facial recognition retina scan retina scan iris scan iris scan

18 Biometrics Something you produce: Something you produce: signature recognition signature recognition voice recognition voice recognition keystroke pattern recognition keystroke pattern recognition

19 Biometrics Problems with Biometrics: Problems with Biometrics: False Accept RateFalse Accept Rate Accepting Someone who should not have been Accepting Someone who should not have been False Reject RateFalse Reject Rate Rejecting someone who should not have been Rejecting someone who should not have been Crossover Rate Crossover Rate Place where the number of False Accepts and False Rejects is equalPlace where the number of False Accepts and False Rejects is equal

20 Summery Introduction Introduction Types of Devices Types of Devices Smart CardsSmart Cards Cryptographic tokensCryptographic tokens FirewallsFirewalls Hybrid Firewall SystemsHybrid Firewall Systems Biometric DevicesBiometric Devices

Download ppt "Technical Devices for Security Management Kathryn Hockman COSC 481."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
CSE 4482: Computer Security Management: Assessment and Forensics

CSE 4482: Computer Security Management: Assessment and Forensics
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. BRUCE SCHNEIER,

If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. BRUCE SCHNEIER,
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Security-Authentication

Security-Authentication
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
Management of Information Security, 4th Edition

Management of Information Security, 4th Edition
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Similar presentations

Ads by Google