Presentation is loading. Please wait.

Presentation is loading. Please wait.

CONTROLLING USER ACCESS: AUTHENTICATION AND AUTHORIZATION DEFIANA ARNALDY, M.SI 0818 0296 4763 1.

Published byMargaretMargaret Mitchell Modified over 8 years ago

Similar presentations

Presentation on theme: "CONTROLLING USER ACCESS: AUTHENTICATION AND AUTHORIZATION DEFIANA ARNALDY, M.SI 0818 0296 4763 1."— Presentation transcript:

1 CONTROLLING USER ACCESS: AUTHENTICATION AND AUTHORIZATION DEFIANA ARNALDY, M.SI 0818 0296 4763 DEFF_ARNALDY@YAHOO.COM 1

2 OVERVIEW Introduction Authentication techniques IIS authentication Microsoft.NET Passport authentication Hashing information Hashing algorithms SSL Financial network security Conclusion 2

3 INTRODUCTION Until now, we have assumed that hackers use network- sniffing software to intercept confidential data; however, there is as much danger in forged or spoofed data Authentication systems must be able to validate supplied credentials securely against trusted sources and also to ensure that the message has not been tampered with in transit 3

4 AUTHENTICATION TECHNIQUES To guarantee the identity of a client, you need to trust one piece of information that is unique to that client and that cannot easily be determined or faked (e.g., IP address, Windows username/password, or some other credential) 4

5 Several different types of authentications are applicable to different scenarios ISP  can use IP addresses as credentials Windows-only intranet application  Windows logins 5

6 IIS AUTHENTICATION The most basic is anonymous  the clients do not have to supply any credentials and are automatically granted IUSR (guest) privileges. One step above is basic authentication  Forces the client to supply credentials in base64 (basically, clear text) combined with SSL, this is a secure solution. 6

7 MICROSOFT.NET PASSPORT AUTHENTICATION Passport authentication is where users can be identified by their Hotmail email addresses The advantage of passport over in-house-developed systems is that many people already have a Hotmail email address, and thus do not have to reregister their details. 7

8 Passport authentication is used primarily for Web sites, but can also be applied to applications, MSN Messenger being a good example Passports are available in two flavors: Preproduction  free Production  not free 8

9 HASHING INFORMATION Hashing is a one-way algorithm in which data can be converted to a hash value, but a hash value cannot be converted back to meaningful data Modern hashing systems include Message Digest (MD5) and Secure Hash Algorithm (SHA-1). 9

10 HASHING ALGORITHMS.NET provides support for two hashing algorithms: Secure Hash Algorithm (SHA), and Message Digest (MD5) There are four different variations of the SHA available for use in.NET: SHA1Managed (20-byte hash), SHA256Managed (32-byte hash), SHA384Managed (48-byte hash), SHA512Managed (64-byte hash). 10

11 SSL SSL is a secure stream protocol, which uses both symmetric and asymmetric encryption, combined with digital certificates to provide authentication. Digital certificates can be bought from a certificate authority (CA) such as Thawte or Verisign 11

12 SSL is defined in RFC 2660. SSL is used for securing Web pages, email, FTP, or news. HTTP over SSL (HTTPS) operates on port 443; SMTP over SSL (SSMTP) operates on port 465; NNTP over SSL (SNNTP) operates on port 563. 12

13 CERTIfiCATES A certificate has to be issued by a CA in order to be globally accepted. It is possible to create self-signed certificates, but these would generally be deemed trustworthy only within your organization The most common form of digital certificate is known as X.509. This is an international standard maintained by the IETF Public Key Infrastructure (PKIX) working group 13

14 The certificate comprises various fields that identify the holder, the issuer, and the certificate itself: Serial number: The unique serial number on every certificate created by an issuer Signature: Identifies the makeup of the certificate, represented by an object identifier (OID). Validity period: The date at which the certificate becomes and ceases to be valid Subject: The owner of the private key Public key : The key that will decrypt the certificate hash Signed hash: The hash of the certificate encrypted with the private key of the CA 14

15 15

16 SERVER CERTIfiCATES Server certificates for real-world Web sites need to be obtained from a CA. A useful utility for creating self-signed certificates is IBM KeyMan (www.alphaworks.ibm.com/tech/keyman).www.alphaworks.ibm.com/tech/keyman The steps to enable HTTPS using a self-signed certificate and IBM KeyMan on IIS  see your self on the e-book. 16

17 CLIENT CERTIFICATES Client certificates are only used for maximum-security Web sites, such as online business banking. Client certificates are available free of charge from Thawte. They are used to send and receive encrypted emails and to authenticate your email address to recipients 17

18 18

19 MICROSOFT CERTIFICATE SERVICES MSCS runs on Windows 2000 and can generate X.509 certificates in PKCS #7 format from PKCS #10 certificate requests. MSCS can run as either a root CA or subordinate CA and can optionally hold certificates in the active directory. When used in conjunction with the active directory, MSCS will use this as its certificate revocation list (CRL) 19

20 READING CERTIFICATES Certificates can be read using the X509Certificate class (Table 9.2) in.NET. 20

21 21

22 FINANCIAL NETWORK SECURITY If a hacker were to break into an e-commerce site successfully and capture someone’s credit card number, some unfortunate person would get stung financially; however, if the same thing happened on an interbank network, a country’s economy could be ruined overnight 22

23 Most banks use private leased lines between their branches so that the confidential information does not come into contact with the public phone network When a bank needs to communicate with a second financial institution overseas to perform, it must use the public phone network 23

24 CONCLUSION This chapter has looked at the mechanisms for guaranteeing the identity of network clients over the Web and on Microsoft networks Extending the topic to real-world scenarios, we looked at how banks use authentication to transfer billions of dollars safely across phone lines. 24

Download ppt "CONTROLLING USER ACCESS: AUTHENTICATION AND AUTHORIZATION DEFIANA ARNALDY, M.SI 0818 0296 4763 1."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Similar presentations

Ads by Google