Presentation is loading. Please wait.

Presentation is loading. Please wait.

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

Published byAubrey Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools."— Presentation transcript:

1 ASHRAY PATEL Protection Mechanisms

2 Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools Cryptography and Encryption

3 Access Control Regulates the admission of users into trusted areas of the organization  Logical access to information  Physical access to organizations facilities Maintained by means of a collection of policies, programs to carry out those policies, and technology to enforce policy Access control involves four processes:  Identification  Authentication  Authorization  Accountability

4 Identification A mechanism that provides information about an unverified entity that wants to be granted access ID must be a unique value that can be traced to one and only one person within the security domain Elements that make ID’s unique within security domain  First and last name  Picture  Department codes  Random numbers  Or special characters

5 Authentication Process to validating a persons purported identity Ensures the entity requesting access is the entity it claims to be Three types of authentication mechanisms:  Knowledge factors: Something the user knows  Ownership factors: Something the user has  Inherence factors: Something the user is or does Some places require strong authentication- usually require 2 different types of authentication mechanisms

6 Knowledge Factor Methods Username/Password is the most common in work places and schools Pass Phrase Personal identification number Challenge response Weakness: is that any of these can often be stolen, accidentally revealed, or forgotten by the user

7 Ownership Method Factors Photo Id Key Cards- swipe or scan to get authentication Wrist Bands Security Token Cell phone hardware token Cell Phone software token  hardware/software tokens acts like an electronic key to access something.

8 Inherence Method Factors Fingerprints Retina scans Iris scans Signatures Face/voice recognition Hand patterns Palm vein authentication

9 Authorization Process that determines if a user has been specifically and explicitly authorized by the proper authority to perform a function Authorization can be handled in 3 ways:  Authorization for each authenticated user : in which the system performs an authentication process to verify each entity and then grants access to resources to only that entity  Authorization for members in a group: in which the system matches authenticated entities to a list of group memberships and then grants access to resources bases on group’s access rights  Authorization across multiple systems: in which a central authentication and authorization system verifies entity ID’s and grants a set of credentials to the verifies entity

10 Accountability Ensures that all actions on a system can be attributed to an authenticated identity Actions could be ones that the entity is authorized for: such as modifying data, Or could include unauthorized attempts: such as modifying data that is beyond access level Accountability is accomplished by implementing system logs and database journals

11 Managing Access Control Access control policy: which specifies how access rights are granted to entities and groups Policy must include:  Reviewing all access rights periodically  Granting access rights  Changing access rights when needed  Revoking access rights

12 Firewalls A network security system that controls the incoming and outgoing network traffic Can filter based on: IP address, type of packet, port request, and other elements presented in packet Examines for packets for compliance with or violation of rules configured into firewalls database

13 Managing Firewalls Training  Read manuals and get educated on the firewall Uniqueness  Each brand of firewall is different, so you must learn what differences the firewalls you are using have Responsibility  Each and every person in security has a responsibility to keep the firewall updated and safe from hackers Administration  Must have administration hired to help with the firewalls

14 Scanning and Analysis Tools Used to find vulnerabilities is systems, holes in security components, and other unsecured points Different types of scanners and tools:  Port Scanners  Vulnerability Scanners  Packet Sniffers  Content Filters  Trap and trace

15 Port Scanners Are a group of utility software applications that can identify computers that are active on a network, as well as the active ports and services on those computers The functions and roles fulfilled by the machines Can scan for specific computers, protocols, resources, or conduct generic scans The more specific the scanner is, the more detailed and useful the information is provided

16 Vulnerability Scanners Variants of port scanners, are capable of scanning networks for very detailed information It can identify exposed user names and groups, show open network shares, and expose configuration problems Can also show what firewalls and OS/version is running

17 Packet Sniffers Is a network tool that collects and analyzes copies of packets from the network Can provide a administrator with valuable information to help diagnose and resolve networking issues  Can examine both live network traffic and previously captured data  Including language filtering  TCP session reconstruction utility

18 Content Filters Is a software program that allows administrators to restrict content that comes into a network Such as: web sites with nonbusiness related material  Pornography websites  Entertainment websites Can also keep spam e-mails away

19 Trap and Trace Application that entice individuals who are illegally perusing the internal areas of a network by providing simulated rich content areas but distract the attacker while the software notifies the administrator of the intrusion Then the administrator determine the identity of someone discovered in the unauthorized areas of the network or systems

20 Cryptography and Encryption Is the set of processes involved in encoding and decoding messages so that others cannot understand them Encryption: is the process of converting an original message into a form that cannot be used by unauthorized individuals Messages are decoded by algorithms and keys used to perform the encryption

21 References Management of Information Security- Whitman and Mattord http://en.wikipedia.org/wiki/Authentication http://searchsecurity.techtarget.com/feature/Protec tion-Mechanisms http://searchsecurity.techtarget.com/feature/Protec tion-Mechanisms

Download ppt "ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Access Control Methodologies

Access Control Methodologies
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Information Security Policies and Standards

Information Security Policies and Standards
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Data Security in Local Networks using Distributed Firewalls

Data Security in Local Networks using Distributed Firewalls
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Similar presentations

Ads by Google