Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Matt Norris. Physical Security - Threats -User Authentication Techniques Information Security - Threats -User Authentication Techniques Good Authentication.

Published byPauline Martin Modified over 8 years ago

Similar presentations

Presentation on theme: "By Matt Norris. Physical Security - Threats -User Authentication Techniques Information Security - Threats -User Authentication Techniques Good Authentication."— Presentation transcript:

1 By Matt Norris

2 Physical Security - Threats -User Authentication Techniques Information Security - Threats -User Authentication Techniques Good Authentication Practices

3 Types of Security - Physical Security - Information Security

4 Steps taken to protect a facility, resource, or information from being physically accessed Design concepts to ‘harden’ facilities. - barriers, locks, etc.

5 Two types of threats - Outsiders - Insiders

6 Outsider threat – By person(s) who are not part of the target organization – Easier to defend against - gaining entry into an area more difficult - less knowledge of area - less common of two threats

7 Insider threat – By person(s) who belong to the target organization – More difficult to defend against - Actor is knowledgeable of area, procedures and protocols - most common threat

8 Guards – posted security personnel at access points - verify authorization to restricted areas (i.e. IDs, Personnel Roster) - physical presence prevent unauthorized access to restricted areas

9 User authentication controls may be Something you have… Something you know… Something you are…

10 Something You Have… Locks – restricts access until unlocked or deactivated Padlocks – require key or combination to gain access Weaknesses: 1. duplicate keys 2. easily bypassed

11 Keycards – scanned through a card reader to gain access to a restricted area Only keycards with authorization can access that area - Role-based access control (RBAC) - Level of access based on role Weakness - stolen keycard

12 Something You Know… Door Codes – require code to gain entry Keypad on door serves as input device of entry code RBAC – knowledge of code based on role Weakness: Employees writing down code, easily stolen

13 Something You Are… Biometrics – method of identifying a unique human trait or characteristic as a means of authentication Best type of defense against unauthorized access

14 How it works: 1) Initial template enrolled in database 2) Later access attempts measured against initial template 3) Template ran against Match Index Decision Criterion(is it close enough?) 4) Template either accepted/rejected

15 Types of Biometrics - Voice Recognition - Fingerprint/Hand Geometry Scan - Iris/Retinal Scan - Handwriting

16 Weaknesses: - most expensive - False Accept Rate (FAR): accepting a template that should be rejected - False Reject Rate (FRR): rejecting a template that should be accepted

17 Information Security – protecting the information stored on computer hardware Prevents unauthorized access to personal information and data

18 Password/Key Crackers – tries a combination of usernames and passwords until password is discovered 3 types of cracking techniques - Brute Force Attack - Dictionary Attack - Hybrid Attack

19 Brute Force Attack – tests alpha and numeric characters, starting at 1 character, then 2, 3 etc. Dictionary Attack – uses words from the dictionary Hybrid Attack – Alphanumeric attack, uses different combinations of letters and numbers

20 Man-in-the-middle attack: attacker passes information between users on a network, with each thinking their connection is secure - intercept passwords, files, emails, etc. - only works on unsecure networks that do not require authentication

21 Social Engineering – gathering information through deception to commit fraud or gain computer system access Most common form of social engineering: Phishing

22 Phishing – fraudulent attempt to gain personal information or computer access Things they’re after: -username, password, credit card info Methods - email, chat, instant messaging

23 Key loggers – covertly recording the keys struck on a keyboard Makes guessing passwords easier Types of key loggers: - software - hardware - acoustic - optical surveillance

24 Username/id – unique name/number that identifies an authorized user Each user has their own username/id Usually used in conjunction with passwords Weakness: often listed/posted where unauthorized users can see

25 Passwords – code made up of letters and characters that enables a user access (i.e. U$3r@uTh3nt1C@t10N) Good password practice: -Should be lengthy -Made up of different numbers, letters and characters - Should be changed frequently

26 The combination of a username/id and password is the most common user authentication technique Lockout after set number of unsuccessful login attempts, user notified Weakness: - human error, choose easy to remember, reuse password - vulnerable to password cracker

27

28 Security Questions – question(s) used to verify identity of user after correct login information accepted Personal questions, only user would know the answer(s) Like with username/id and password, lock out and notification to user after set number of unsuccessful login attempts

29 Weakness: - not commonly used - others know answers to some of the questions (information is often posted on social networking sites)

30

31 Encryption – data is scrambled by an algorithm Decryption – data reassembled using reverse algorithm - Provides 3 assurances - data not modified - decryption holders only ones who can view - data received at intended destination

32 Key encryption – weaves key made up of random characters into original data, creating cipher text 2 types of key encryption - Private - Public

33 Private Key Encryption – deciphering key of data only known by senders/receivers Very secure Weakness: - Key must be shared between sender/receiver in order to work

34 Public Key Encryption – data encrypted using 2 keys, private and public Public Key Infrastructure - uses public/private key pair that is obtained/shared through a trusted authority Provides for a digital certificate that can identify an individual

35 Authentication protocols – rules computers follow to verify a user’s credentials Authentication, authorization, accounting (AAA) – common form of access control

36 Remote Authentication Dial In User Service (RADIUS) – networking protocol with centralized AAA management, share authentication database - commonly used by ISPs to manage access to the Internet, wireless connections

37 Terminal Access Controller Access- Control System +(TACACS+) - provides centralized validation of users attempting to gain access to a router or network Similar to RADIUS

38 Differences: - RADIUS combines authentication and authorization, TACACS+ separates the two - RADIUS uses User Datagram Protocol (UDP) whereas TACACS+ uses Transmission Control Protocol (TCP)

39 Password Authentication Protocol (PAP) - Uses two step authentication process 1. Here are my credentials 2. Have/have not been authenticated - Simple, not secure

40 Challenge Handshake Authentication Protocol (CHAP) - uses three-way handshake - encrypts data 1. Here is a challenge 2. Here is the challenge, plus encrypted password 3. You have/have not been authenticated

41 Security Policy – outlines protocols to ensure user authentication integrity, combats security threats - make sure policy is practiced! Patches/Updates – keep systems current, fix problems that designers find before exploited Use multiple user authentication techniques to increase security

42 Department of Defense’s (DOD) Army Knowledge Online - username/password - password combination of letters, numbers, characters - 3 security questions - password changed every 150 days - requires ID card to change password

43 Pearson Custom Business Resources. COSC 316. Boston: Pearson Learning Solutions, 2010. Print. Dean, Tamara. Network+ Guide to Networks. 5th. Print. http://www.biometrics.org

Download ppt "By Matt Norris. Physical Security - Threats -User Authentication Techniques Information Security - Threats -User Authentication Techniques Good Authentication."

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Access Control Methodologies

Access Control Methodologies
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Remote Access Network Management Kelly Given Allison Traina.

Remote Access Network Management Kelly Given Allison Traina.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Similar presentations

Ads by Google