© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Network Security.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Access Control Methodologies

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Security+ Guide to Network Security Fundamentals, Fourth Edition

Remote Access Network Management Kelly Given Allison Traina.

Chapter 7 HARDENING SERVERS.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Remote Networking Architectures

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.

Chapter 20: Getting from the Office to the Road: VPNs BAI617.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

Module 11: Remote Access Fundamentals

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Module 9: Fundamentals of Securing Network Communication.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.

Operating System Security Fundamentals Dr. Gabriel.

Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.

Access Security IS3230.

Privilege Management Chapter 22.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

IS3220 Information Technology Infrastructure Security

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

Electronic Banking & Security Electronic Banking & Security.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Understand User Authentication LESSON 2.1A Security Fundamentals.

Identity and Access Management

Secure Connected Infrastructure

Virtual Private Networks

Chapter One: Mastering the Basics of Security

Radius, LDAP, Radius used in Authenticating Users

CompTIA Security+ Study Guide (SY0-401)

IS3440 Linux Security Unit 3 User Account Management

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

IS4550 Security Policies and Implementation

IS4680 Security Auditing for Compliance

Designing IIS Security (IIS – Internet Information Service)

Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8

Presentation transcript:

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements

© ITT Educational Services, Inc. All rights reserved.Page 2 IS3230 Access Security Class Agenda 10/29/15 Chapter 10 Learning Objectives Lesson Presentation and Discussions. Quiz 3 will be held today. Lab Activities will be performed in class. Assignments will be given in class. Break Times. 10 Minutes break in every 1 Hour. Note: All Assignment and labs due today.

© ITT Educational Services, Inc. All rights reserved.Page 3 IS3230 Access Security Learning Objective  Design appropriate authentication solutions throughout an information technology (IT) infrastructure based on user types and data classification standards.

© ITT Educational Services, Inc. All rights reserved.Page 4 IS3230 Access Security Key Concepts  Different users and their authentication requirements  Remote Authentication Dial In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) authentication server deployments  Multi-factor authentication  Authentication requirements for the Institute of Electrical and Electronics Engineers (IEEE) wireless local area networks (WLANs) infrastructure  Best practices for private and public sector authentication

© ITT Educational Services, Inc. All rights reserved.Page 5 IS3230 Access Security Access Control Lists Set of permissions attached to an object Specifies which subjects may access the object and what operations they can perform ACLs usually viewed in relation to operating system files Security+ Guide to Network Security Fundamentals, Fourth Edition 5

© ITT Educational Services, Inc. All rights reserved.Page 6 IS3230 Access Security Do they need special permissions? What tools will they need? What applications and data do they want? Who are my customers? From where are they accessing the network? Has the data been classified and made available? How will the risks be managed? User Access Considerations

© ITT Educational Services, Inc. All rights reserved.Page 7 IS3230 Access Security User Types and Potential Access Considerations Types of UsersAuthentication Methods Remote User  Virtual Private Networks (VPNs)  Secure Browser Secure Shell (SSH)  Internet Protocol Security (IPSec)  Citrix  Remote Desktop Protocol (RDP) Local User  Access Credentials Web Customer  Secure Browser Secure Sockets Layer (SSL)  Secure Extra Net Data Classification and Least Privilege are essential to all access methods

© ITT Educational Services, Inc. All rights reserved.Page 8 IS3230 Access Security User Types and Potential Access Considerations (Continued) Types of UsersAuthentication Methods Wireless User  Secure Channel–VPN  Secure Browser–SSL Dial-In User  VPN and Wireless Fidelity (Wi-Fi)  Encryption and Citrix Business-to- Business (B2B) Customer  Secure Browser  Secure File System Access Method Data Classification and Least Privilege are essential to all access methods

© ITT Educational Services, Inc. All rights reserved.Page 9 IS3230 Access Security Discussion

© ITT Educational Services, Inc. All rights reserved.Page 10 IS3230 Access Security Security+ Guide to Network Security Fundamentals, Fourth Edition 10 Table 9-3 Access control models

© ITT Educational Services, Inc. All rights reserved.Page 11 IS3230 Access Security Access Control Models Standards that provide a predefined framework for hardware or software developers Four major access control models Mandatory Access Control (MAC)-Policy defined by system Discretionary Access Control (DAC)-Policy defined by owner Role Based Access Control (RBAC)-Policy defined by user function Rule Based Access Control (RBAC)-Policy defined by Rules Security+ Guide to Network Security Fundamentals, Fourth Edition 11

© ITT Educational Services, Inc. All rights reserved.Page 12 IS3230 Access Security Multi-Factor Authentication Combination of authentication concepts (something you know, something you have, and something you are) to form two- or three-factor authentication methods:  Increases security  Decreases the likelihood of compromising a user’s credentials

© ITT Educational Services, Inc. All rights reserved.Page 13 IS3230 Access Security Multi-Factor Authentication Examples  Bank automated teller machine (ATM) or credit card and personal identification number (PIN)  Shopper discount card with barcode or magnetic strip  address and password  Government photo identity card (ID) and control number

© ITT Educational Services, Inc. All rights reserved.Page 14 IS3230 Access Security Multi-Factor Authentication Methods My Passion The personal image method

© ITT Educational Services, Inc. All rights reserved.Page 15 IS3230 Access Security Multi-Factor Authentication Methods (Continued) The keyboard and mouse password method

© ITT Educational Services, Inc. All rights reserved.Page 16 IS3230 Access Security Multi-Factor Authentication Methods (Continued)  Account Name–Password–Security Token  Account Name–Bank Card–PIN  Credit Card Number–PIN–Validation Number  Fingerprint–Card–Keypad  Retina Scan–Key Pad or ID

© ITT Educational Services, Inc. All rights reserved.Page 17 IS3230 Access Security EXPLORE: PROCESSES

© ITT Educational Services, Inc. All rights reserved.Page 18 IS3230 Access Security Enhanced Login Security  What is enhanced login security?  Why do I need to use enhanced login security?  How does enhanced login security work?  How do you recognize my computer?  What will adding extra security protection do for me?

© ITT Educational Services, Inc. All rights reserved.Page 19 IS3230 Access Security Enhanced Login Security (Continued)  What will happen if I remove extra security protection from this computer?  How does enhanced login security protect me?  When I add extra security, can I still log in to my account from anywhere?  Can I log in from multiple computers and browsers?

© ITT Educational Services, Inc. All rights reserved.Page 20 IS3230 Access Security EXPLORE: CONTEXTS

© ITT Educational Services, Inc. All rights reserved.Page 21 IS3230 Access Security Authentication Best Practices

© ITT Educational Services, Inc. All rights reserved.Page 22 IS3230 Access Security EXPLORE: RATIONALE

© ITT Educational Services, Inc. All rights reserved.Page 23 IS3230 Access Security Benefits of Multi-Factor Authentication  Provides a secure device or method to access network with sophisticated verification mechanisms beyond the user’s or attacker’s control  Have internal self-control mechanisms that work with a distant server or client to validate authenticity of the authentication request

© ITT Educational Services, Inc. All rights reserved.Page 24 IS3230 Access Security  Usually provide some form of encryption, compression or scrambling to protect data content  Increases the confidentiality and integrity level of network connection and throughput Benefits of Multi-Factor Authentication (Continued)

© ITT Educational Services, Inc. All rights reserved.Page 25 IS3230 Access Security Authentication Services Authentication-Process of verifying credentials Authentication services provided on a network Common types of authentication and AAA servers: Kerberos, RADIUS, LDAP Security+ Guide to Network Security Fundamentals, Fourth Edition 25

© ITT Educational Services, Inc. All rights reserved.Page 26 IS3230 Access Security Kerberos Security protocol that provides authentication and authorization services on the network Use strong cryptography. Works like using a driver’s license to cash a check Kerberos ticket Contains information linking it to the user User presents ticket to network for a service Difficult to copy Expires after a few hours or a day Security+ Guide to Network Security Fundamentals, Fourth Edition 26

© ITT Educational Services, Inc. All rights reserved.Page 27 IS3230 Access Security Single Sign-on (SSO) Access control that allowed user to log on to a system and gain access to other resources within a log on via the initial log on. Discussion.

© ITT Educational Services, Inc. All rights reserved.Page 28 IS3230 Access Security Summary  User types and potential access considerations  Multi-factor authentication  Enhanced login security  Authentication best practices

© ITT Educational Services, Inc. All rights reserved.Page 29 IS3230 Access Security Unit 6 Lab Activities Lab # 6: Enhance Security Controls Leveraging Group Policy Objects Complete the lab activities in class

© ITT Educational Services, Inc. All rights reserved.Page 30 IS3230 Access Security Unit 6 Assignments Unit 7 Assignment: Complete chapter 10 Assessment A copy of the assignment will be given in class. Reading assignment: Read Chapters 11 and 12