xid-37552792_2.pdf - COS30015 and COS80013Security Aug-17 COS80013 Internet Security COS30015 IT SECURITY Week 2 Physical

COS30015 and COS80013SecurityAug-171COS80013 Internet SecurityCOS30015 IT SECURITYWeek 2Physical SecuritySlide 2

COS30015 and COS80013SecurityAug-172Slide 3Research material• Textbooks:–GoodrichChapter 2• Netcasts:–Security Now211, 213, 137, 90, 94, 291–Risky Business240, 163. 159, 129, 73, 70, 52, 51IT and Internet Security © J Hamlyn-Harris, Faculty of SET, SwinburneSlide 4Locks•Pin tumbler locks (easy to pick)•Radial locks (computers)•Wafer locks (medium security)•Combination locks (low security)•Electronic locks– mag stripe, RFID, keypad, biometric– easy to change combination– easy to monitorIT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne

COS30015 and COS80013SecurityAug-173Slide 5Access control•Locks require Access Control Policies– who has which key– how are keys issued, returned, disabled– what happens when someone leaves– lost/stolen keys– master keysIT and Internet Security © J Hamlyn-Harris, Faculty of SET, SwinburneSlide 6Lock picking•Locks are a deterrent– Not a security control•Picks – easy to make• Pick-guns• Bump-keys• Raking•Drilling out the tumbler• Impressioning•Brute forceIT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne

COS30015 and COS80013SecurityAug-174Picking techniques•Tradition picking• Raking•Bump Key•Pick gunDefences:IT and Internet Security © J Hamlyn-Harris, Faculty of SET, SwinburneSlide 7Slide 8Side channel attacks•Remove the hinges•Cut through the door•Enter through the roof (tiles, vents, manhole)•Enter through emergency exits, windows•Social engineering– deliveries– tail-gating– Ask nicely!IT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne

COS30015 and COS80013SecurityAug-175IT and Internet Security © J Hamlyn-Harris, Faculty of SET, SwinburneSlide 9More Access Controls• Barcodes•Mag stripe•Smart cards•-hacking-how-easy-is-it-6130•SIM cards• RFID– Key fobs (hopping codes)– PassportsSlide 10Biometrics•Measures a human characteristic and compares features of it to those stored in a database.• Requires:– Universal – everyome must have the characteristic.–Distinctive – characteristic must be different for everyone–Permanent – characteristic must not change with time–Collectable – must be possible to collect featues of characteristic easily. – Low False-positive /false-negative rate– Hard to forgeIT and Internet Security © J Hamlyn-Harris, Faculty of SET, Swinburne

COS30015 and COS80013SecurityAug-176Slide 11Biometrics• Signature•Face, fingerprint, retina, iris•Vein scanners, handprints•Voice, odour, gait•All are problematic. Fingerprint probably the best.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 26 pages?

Upload your study docs or become a

Course Hero member to access this document

Term

Three

Professor

NoProfessor

xid-37552792_2.pdf - COS30015 and COS80013Security Aug-17...

Share this link with a friend:

Other Related Materials