Chapter 15 - M15_STAL6329_06_SE_C15.QXD 2/28/08 4:18 AM...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
667 CHAPTER C OMPUTER S ECURITY T ECHNIQUES 15.1 Authentication Means of Authentication Password-Based Authentication Token-Based Authentication Biometric Authentication 15.2 Access Control Discretionary Access Control Role-Based Access Control 15.3 Intrusion Detection Basic Principles Host-Based Intrusion Dectection Techniques Audit Records 15.4 Malware Defense Antivirus Approaches Worm Countermeasures Bot Countermeasures Rootkit Countermeasures 15.5 Dealing With Buffer Overflow Attacks Compile-Time Defenses Run-Time Defenses 15.6 Windows Vista Security Access Control Scheme Access Token Security Descriptors 15.7 Recommended Reading and Web Sites 15.8 Key Terms, Review Questions, and Problems M15_STAL6329_06_SE_C15.QXD 2/28/08 4:18 AM Page 667
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
668 CHAPTER 15 / COMPUTER SECURITY TECHNIQUES This chapter introduces common measures used to counter the security threats dis- cussed in Chapter 14. 15.1 AUTHENTICATION In most computer security contexts, user authentication is the fundamental building block and the primary line of defense. User authentication is the basis for most types of access control and for user accountability. RFC 2828 defines user authenti- cation as follows: For example, user Alice Toklas could have the user identifier ABTOKLAS. This information needs to be stored on any server or computer system that Alice wishes to use and could be known to system administrators and other users.A typical item of authentication information associated with this user ID is a password, which is kept secret (known only to Alice and to the system). If no one is able to obtain or guess Alice’s password, then the combination of Alice’s user ID and password enables administrators to set up Alice’s access permissions and audit her activity. Because Alice’s ID is not secret, system users can send her e-mail, but because her password is secret, no one can pretend to be Alice. In essence, identification is the means by which a user provides a claimed identity to the system; user authentication is the means of establishing the validity of the claim. Note that user authentication is distinct from message authentication. As defined in Chapter 2, message authentication is a procedure that allows com- municating parties to verify that the contents of a received message have not been altered and that the source is authentic. This chapter is concerned solely with user authentication. Means of Authentication There are four general means of authenticating a user’s identity, which can be used alone or in combination: Something the individual knows: Examples includes a password, a personal identification number (PIN), or answers to a prearranged set of questions. Something the individual possesses:
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/10/2010 for the course EXTC 56 taught by Professor Stalling during the Spring '10 term at Abu Dhabi University.

Page1 / 40

Chapter 15 - M15_STAL6329_06_SE_C15.QXD 2/28/08 4:18 AM...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online