Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

Published byAmice Bradford Modified over 8 years ago

Similar presentations

Presentation on theme: "© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements."— Presentation transcript:

1 © ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements

2 © ITT Educational Services, Inc. All rights reserved.Page 2 IS3230 Access Security Class Agenda 10/29/15 Chapter 10 Learning Objectives Lesson Presentation and Discussions. Quiz 3 will be held today. Lab Activities will be performed in class. Assignments will be given in class. Break Times. 10 Minutes break in every 1 Hour. Note: All Assignment and labs due today.

3 © ITT Educational Services, Inc. All rights reserved.Page 3 IS3230 Access Security Learning Objective  Design appropriate authentication solutions throughout an information technology (IT) infrastructure based on user types and data classification standards.

4 © ITT Educational Services, Inc. All rights reserved.Page 4 IS3230 Access Security Key Concepts  Different users and their authentication requirements  Remote Authentication Dial In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) authentication server deployments  Multi-factor authentication  Authentication requirements for the Institute of Electrical and Electronics Engineers (IEEE) 802.11 wireless local area networks (WLANs) infrastructure  Best practices for private and public sector authentication

5 © ITT Educational Services, Inc. All rights reserved.Page 5 IS3230 Access Security Access Control Lists Set of permissions attached to an object Specifies which subjects may access the object and what operations they can perform ACLs usually viewed in relation to operating system files Security+ Guide to Network Security Fundamentals, Fourth Edition 5

6 © ITT Educational Services, Inc. All rights reserved.Page 6 IS3230 Access Security Do they need special permissions? What tools will they need? What applications and data do they want? Who are my customers? From where are they accessing the network? Has the data been classified and made available? How will the risks be managed? User Access Considerations

7 © ITT Educational Services, Inc. All rights reserved.Page 7 IS3230 Access Security User Types and Potential Access Considerations Types of UsersAuthentication Methods Remote User  Virtual Private Networks (VPNs)  Secure Browser Secure Shell (SSH)  Internet Protocol Security (IPSec)  Citrix  Remote Desktop Protocol (RDP) Local User  Access Credentials Web Customer  Secure Browser Secure Sockets Layer (SSL)  Secure Extra Net Data Classification and Least Privilege are essential to all access methods

8 © ITT Educational Services, Inc. All rights reserved.Page 8 IS3230 Access Security User Types and Potential Access Considerations (Continued) Types of UsersAuthentication Methods Wireless User  Secure Channel–VPN  Secure Browser–SSL Dial-In User  VPN and Wireless Fidelity (Wi-Fi)  Encryption and Citrix Business-to- Business (B2B) Customer  Secure Browser  Secure File System Access Method Data Classification and Least Privilege are essential to all access methods

9 © ITT Educational Services, Inc. All rights reserved.Page 9 IS3230 Access Security Discussion

10 © ITT Educational Services, Inc. All rights reserved.Page 10 IS3230 Access Security Security+ Guide to Network Security Fundamentals, Fourth Edition 10 Table 9-3 Access control models

11 © ITT Educational Services, Inc. All rights reserved.Page 11 IS3230 Access Security Access Control Models Standards that provide a predefined framework for hardware or software developers Four major access control models Mandatory Access Control (MAC)-Policy defined by system Discretionary Access Control (DAC)-Policy defined by owner Role Based Access Control (RBAC)-Policy defined by user function Rule Based Access Control (RBAC)-Policy defined by Rules Security+ Guide to Network Security Fundamentals, Fourth Edition 11

12 © ITT Educational Services, Inc. All rights reserved.Page 12 IS3230 Access Security Multi-Factor Authentication Combination of authentication concepts (something you know, something you have, and something you are) to form two- or three-factor authentication methods:  Increases security  Decreases the likelihood of compromising a user’s credentials

13 © ITT Educational Services, Inc. All rights reserved.Page 13 IS3230 Access Security Multi-Factor Authentication Examples  Bank automated teller machine (ATM) or credit card and personal identification number (PIN)  Shopper discount card with barcode or magnetic strip  E-mail address and password  Government photo identity card (ID) and control number

14 © ITT Educational Services, Inc. All rights reserved.Page 14 IS3230 Access Security Multi-Factor Authentication Methods My Passion The personal image method

15 © ITT Educational Services, Inc. All rights reserved.Page 15 IS3230 Access Security Multi-Factor Authentication Methods (Continued) The keyboard and mouse password method

16 © ITT Educational Services, Inc. All rights reserved.Page 16 IS3230 Access Security Multi-Factor Authentication Methods (Continued)  Account Name–Password–Security Token  Account Name–Bank Card–PIN  Credit Card Number–PIN–Validation Number  Fingerprint–Card–Keypad  Retina Scan–Key Pad or ID

17 © ITT Educational Services, Inc. All rights reserved.Page 17 IS3230 Access Security EXPLORE: PROCESSES

18 © ITT Educational Services, Inc. All rights reserved.Page 18 IS3230 Access Security Enhanced Login Security  What is enhanced login security?  Why do I need to use enhanced login security?  How does enhanced login security work?  How do you recognize my computer?  What will adding extra security protection do for me?

19 © ITT Educational Services, Inc. All rights reserved.Page 19 IS3230 Access Security Enhanced Login Security (Continued)  What will happen if I remove extra security protection from this computer?  How does enhanced login security protect me?  When I add extra security, can I still log in to my account from anywhere?  Can I log in from multiple computers and browsers?

20 © ITT Educational Services, Inc. All rights reserved.Page 20 IS3230 Access Security EXPLORE: CONTEXTS

21 © ITT Educational Services, Inc. All rights reserved.Page 21 IS3230 Access Security Authentication Best Practices

22 © ITT Educational Services, Inc. All rights reserved.Page 22 IS3230 Access Security EXPLORE: RATIONALE

23 © ITT Educational Services, Inc. All rights reserved.Page 23 IS3230 Access Security Benefits of Multi-Factor Authentication  Provides a secure device or method to access network with sophisticated verification mechanisms beyond the user’s or attacker’s control  Have internal self-control mechanisms that work with a distant server or client to validate authenticity of the authentication request

24 © ITT Educational Services, Inc. All rights reserved.Page 24 IS3230 Access Security  Usually provide some form of encryption, compression or scrambling to protect data content  Increases the confidentiality and integrity level of network connection and throughput Benefits of Multi-Factor Authentication (Continued)

25 © ITT Educational Services, Inc. All rights reserved.Page 25 IS3230 Access Security Authentication Services Authentication-Process of verifying credentials Authentication services provided on a network Common types of authentication and AAA servers: Kerberos, RADIUS, LDAP Security+ Guide to Network Security Fundamentals, Fourth Edition 25

26 © ITT Educational Services, Inc. All rights reserved.Page 26 IS3230 Access Security Kerberos Security protocol that provides authentication and authorization services on the network Use strong cryptography. Works like using a driver’s license to cash a check Kerberos ticket Contains information linking it to the user User presents ticket to network for a service Difficult to copy Expires after a few hours or a day Security+ Guide to Network Security Fundamentals, Fourth Edition 26

27 © ITT Educational Services, Inc. All rights reserved.Page 27 IS3230 Access Security Single Sign-on (SSO) Access control that allowed user to log on to a system and gain access to other resources within a log on via the initial log on. Discussion.

28 © ITT Educational Services, Inc. All rights reserved.Page 28 IS3230 Access Security Summary  User types and potential access considerations  Multi-factor authentication  Enhanced login security  Authentication best practices

29 © ITT Educational Services, Inc. All rights reserved.Page 29 IS3230 Access Security Unit 6 Lab Activities Lab # 6: Enhance Security Controls Leveraging Group Policy Objects Complete the lab activities in class

30 © ITT Educational Services, Inc. All rights reserved.Page 30 IS3230 Access Security Unit 6 Assignments Unit 7 Assignment: Complete chapter 10 Assessment A copy of the assignment will be given in class. Reading assignment: Read Chapters 11 and 12

Download ppt "© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Network Security.

Network Security.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Access Control Methodologies

Access Control Methodologies
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Remote Access Network Management Kelly Given Allison Traina.

Remote Access Network Management Kelly Given Allison Traina.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Remote Networking Architectures

Remote Networking Architectures

Similar presentations

Ads by Google