Presentation is loading. Please wait.

Presentation is loading. Please wait.

95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods."— Presentation transcript:

1 95752:3-1 Access Control

2 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods –Network topology and services (later) –Passwords/Authentication methods –File Protection

3 95752:3-3 Authentication Four classic ways to authenticate: 1. something you know (passwords) 2. something you have (smartcard) 3. something you are (fingerprint) 4. something you do (usage signature) None of these is perfect

4 95752:3-4 Passwords Account - person using the system Username - Identity of account (public) – limited characters, alphanumeric & special characters – typically related to real name of user (not always), certain names reserved – unique on system – fixed at account creation Passwords – Verification of identity (private) – Less limited length and characters – Fixed until changed – Non-unique passwords – both users have bad password Many Multi-user Operating Systems have same scheme

5 95752:3-5 Password Security Password security depends on ONLY you knowing the password –Secure selection –Secure handling –Secure storage

6 95752:3-6 Password Storage “trapdoor encrypted” – scrambled in a way that cannot be unscrambled – scrambling folds password over itself - lost bits – different users with same password won’t have same scrambled password – login scrambles entered password and compares against stored scrambled password – original concept: since only scrambled passwords are available, storage is secure (FALSE!) shimeall:kr1eWN8N2pyAA

7 95752:3-7 Password Attacks Easy to Hard – Given password – Grab password – Generate password – Guess password

8 95752:3-8 Given Password Look It Up – Default passwords – Posted passwords Ask for It (Social Engineering) – As colleague – As friend – As administrator / authority – As clueless & needy Countermeasures – Education – Reverse Social Engineering – Locked accounts – Other authentication

9 95752:3-9 Grab Password (locally) Physical proximity – Shoulder surfing – Countermeasures Education Exercises One-time passwords Program access – Trojan Horse – Perverted program – Countermeasures Integrity checks Other authentication

10 95752:3-10 Under normal conditions, the data in a packet transmitted over the network is read only by the destination system to which it is addressed. Router Local Network Operation

11 95752:3-11 When a packet sniffer is present, a copy of all packets that pass by it on the network are covertly captured. Packet Sniffer Executing Router Packet Sniffing

12 95752:3-12 Wide Area Network Operation Always Switched – Circuit-Switched – Packet-Switched Switch Settings determine route Choice Points: Routers – Connect two or more networks – Maintain information on best routes – Exchange information with other routers

13 95752:3-13 Network Redirection Intruders can fool routers into sending traffic to unauthorized locations

14 95752:3-14 Other Network Attacks Tapping –Method depends on network medium –Countermeasures: Encryption Physical protection & inspection Van Eck Radiation –Current through wire: Radio waves –Receiver tunes in on hosts/network –Countermeasures: Encryption Distance Emission Control

15 95752:3-15 Generate Password Use a dictionary Requires: Scrambled password, Encryption method & Large dictionary Password Cracking –Natural language words and slang –Backwards / Forwards / Punctuation and Numbers inserted –Program: 27,000 passwords in approx 3 seconds (Pentium II/133) Countermeasures –Preventive strike (BEWARE) –Password rules –Other authentication

16 95752:3-16 Guess Password Use knowledge of user –System information –Personal information –Occupation information Often combined with dictionary attack Countermeasures –Password rules –Other authentication

17 95752:3-17 Passwords on Many Machines One or Many? –Ease of memorization vs. likelihood of writing –Options: Secure stored passwords Network authentication method Algorithm for varying passwords

18 95752:3-18 Something You Have Convert logical security to physical security –One-time pad –Strip card / smart card –Dongle –Challenge-Response calculator Problems: Cost & token issuing/handling Advantages: Physical presence; hard to hack

19 95752:3-19 Something You Are Biometrics: Measure physical characteristic –Face geometry –Hand geometry –Fingerprint –Voiceprint –Retinal Scan –Signature Advantages: Physical presence, not easily lost Disadvantages: Cost, Security, Variation, Handicaps

20 95752:3-20 Authentication Summary Many different options available None perfect Combined solutions are possible Risk: assumption that other method will protect weaknesses Overlapping design needed

21 95752:3-21 Computer Files File: almost every visible aspect of system Human names vs. Computer reference Information on files: –Location –Size –Type –Creation and access times –Owner –Protections

22 95752:3-22 File Protections File Permissions: grouped usage –Owner, Collaborators and others –Read, Write, Execute, etc. allowed Access Control Lists: who can do what –Account name and permissions Syntax and Semantics depend on Operating System

23 95752:3-23 Using File Permissions Be as restrictive as reasonable Use minimal permissions as defaults Enforce individual account usage Use directory permissions “Something everyone owns, no one owns”

24 95752:3-24 Defeating File Permissions Physical access: – Reboot under different Operating System – Raw access Subvert applications – Trojan Horses – Direct corruption – Virus Countermeasures: – Physical protection – Disk encryption – Configuration Control – Integrity checking

Download ppt "95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Computer Security and Authentication CS 5352 Spring 06.

Computer Security and Authentication CS 5352 Spring 06.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukAuthentication Systems1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO-0901223488 Under the guidance of Mrs. Chinmayee Behera.

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.

Similar presentations

Ads by Google