Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Barriers Asset Proper Access Attack Security System

Published byKristopher Wilfred Lane Modified over 5 years ago

Similar presentations

Presentation on theme: "Security Barriers Asset Proper Access Attack Security System"— Presentation transcript:

1 Security Barriers Asset Proper Access Attack Security System
Security is about building barriers to protect assets. What complicates security is the necessity for barrier penetration. To be secure the barrier holes must be guarded. Proper Access Attack Security System Asset Have class list common BARRIERS outside of computing (gates, walls, motes, etc.). Have the class list HOLES (door in the building, gate in the livestock pen, bridge across the mote).

2 Computer Security Basic Concepts in Barrier Penetration Control
- Who are you? - Can you prove it? - That which you are permitted to do. Example -- a travel pass for the Tube in London 1) Photo card - from ticket clerk - contains your ID# and photo and signature - has no time limit -> authentication token 2) Pass ticket = from vending machine or clerk - good for one week, month or year - must write ID to be valid -> authorization token The pass ticket gets you through turnstiles, but spot checks require you to show both cards to a clerk. This is a clear separation of authentication from authorization that too often gets confused in real life situations. - You should be held responsible.

3 Identity Security systems need to be able to distinguish the
“white hats” from the “black hats”. This all begins with identity. What are some common identifiers used in our world? What is the problem with using people’s names as identifiers? The question is asking for things like names, SS#, Student ID, file names, credit card accounts, street addresses, addresses, domain names. This question could be separated into the non-computing and computing world (IP#, port#, UID, etc.) The problem is that IDs need to be unique. This is why Swiss bank accounts don’t require names.

4 Authorization Access privileges granted to a user, program, or process.† Common authorization tokens: Note that many authorization tokens are never authenticated (concert tickets, stamps, money), but some are (airline ticket, credit card). † Definition from National Information Systems Security

5 Authentication Security measure designed to establish the validity of a transmission, message, or originator,or a means of verifying an individual’s authorization to receive specific categories of information.† Authenticity is clearly a special kind of integrity. † Definition from National Information Systems Security

6 Authentication Authentication ... is a basis for trust
Password -- the most common means of authentication Uses challenge - reponse protocol CHALLENGE RESPONSE password: In WWII a common authentication was to ask, “Who won the 1940 World Series?”. Gundersen authenticates by asking for your birth date or street address? THESE ARE PUBLIC, as is your mother’s maiden name, Social Security #, etc. (Encryption required) Passwords are vulnerable to attacks. Why? Challenge-response systems fail when responses are efficiently discovered.

7 Password Cracking cracker algorithm == repeatedly
Give password cracking software a challenge. The conventional wisdom is as follows...  Don’t use short passwords (at least 12 symbols).  Include both lowercase and uppercase and digits.  Use first letters from some phrase you can remember. TtlsH1wwya  Bracket the password with non-alphanumerics. #TtlsH1wwya&  Bracket the password with non-alphanumerics. #TtlsH1wwya& Alt

8 Additional Means of Authentication
HHAD - Hand Held Authentication Device token -- small device carried by user (often includes microprocessor, keypad and/or real-time clock) Challenge-Response Token System displays random number which user enters on keypad. Card uses keypad input to calculate and display number. User enters number in computer which system verifies by same computation. Time-Based Token Challenge and response token typically works as follows: 1) computer displays random number (challenge), 2) user enters PIN to token, 3) user enters random number to token, 4) token gives up code, 5) user enters code into computer (response). This prohibits use of token without PIN and use of PIN without token and it prohibits reuse of a code. Card uses internal real-time clock value to calculate and display number. User enters number in computer which system verifies with its clock.

9 Additional Means of Authentication
biometric -- requires special devices to read human features Cruise lines authenticate passengers returning from shore leave by comparing their photo ID to their database. Following 9/11 the National Guard troops posted at airports were all required to memorize a few photos - humans tend to be better at such recognition.

10 Additional Means of Authentication
digital certificate -- a certificate authority performs a security check on a user and grants an electronic certificate (essentially encryption keys) smartcard -- physically requires reader, contains full microprocessor with cryptographic calculations performed onboard. Smartcards can store ... Tampering with a smartcard typically renders it useless.

11 Authentication Factors
...what you _______ (password) ...what you _______ (key, token, smartcard) ...what you _____ (biometrics - fingerprints, retinal scan) ..._______ you are (in secure location, at some terminal)

12 Non-repudiation Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data.† Attacker Note the bi-directionality. The usual scam is performed by the sender, but you can also be scammed by a web site that causes you to initiate the transaction. An expert on phone solicitation recently said that companies have discovered that getting you to call in is better than their calling you. They offer special deals, etc. User Access † Definition from National Information Systems Security

Download ppt "Security Barriers Asset Proper Access Attack Security System"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Kerberos Part 1 CNS 4650 Fall 2004 Rev. 2. The Name Greek Mythology Cerberus Gatekeeper of Hates Only allowed in dead Prevented dead from leaving Spelling.

Kerberos Part 1 CNS 4650 Fall 2004 Rev. 2. The Name Greek Mythology Cerberus Gatekeeper of Hates Only allowed in dead Prevented dead from leaving Spelling.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.

Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.

By: Piyumi Peiris 11 EDO. Swipe cards are a common type of security device used by many people. They are usually a business-card-sized plastic card with.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.

Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
SECURITY ENGINEERING 2 April 2013 William W. McMillan.

SECURITY ENGINEERING 2 April 2013 William W. McMillan.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures

Similar presentations

Ads by Google