Lecture9

Lecture9 - TEL2813/IS2820 Security Management Protection...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
    TEL2813/IS2820  Security Management Protection Mechanisms   Lecture 9 Feb 24, 2005
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Introduction (Continued) Some of the most powerful and widely  used technical security mechanisms  include: Access controls Firewalls Dial-up protection Intrusion detection systems Vulnerability Auditing Systems
Background image of page 2
    Sphere of Security
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Access Control Devices Access control encompasses two processes:  Confirming identity of entity accessing a logical or  physical area (authentication) Determining which actions that entity can perform  in that physical or logical area (authorization) A successful access control approach (for  both physical access or logical access always  consists of  authentication and  authorization
Background image of page 4
    Authentication Mechanisms Mechanism types: Something you know Something you have Something you are  Something you produce  Strong authentication uses at least two  different authentication mechanism types Two factor authentication Have + Know
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Something You Know Authentication mechanism based on the user’s  identity password, passphrase, or other unique code A password is a private word or combination of characters  that only the user should know A passphrase is a plain-language phrase, typically longer  than a password, from which a virtual password is derived A good rule of thumb is to require that passwords be  at least eight characters long and contain at least one  number and one special character Attack against password Dictionary, brute force, man-in-the-middle, social  engineering; keyboard attack
Background image of page 6
    Password Power (1)
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Password Power (2)
Background image of page 8
    Something You Have Authentication mechanism based on  what user has a card, key, or token dumb card (such as an ATM cards) with  magnetic stripes smart card containing a processor  Cryptographic token, a processor in  a card that has a display Tokens may be either  synchronous or  Synchronized with the server Asynchronous Challenge response
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
    Something You Are Biometric something inherent in the user Fingerprints, palm scans, hand geometry/topology,  facial recognition, retina scan, iris scan Most of the technologies that scan human  characteristics convert these images to obtain  some form of  minutiae  —  unique points of reference that are digitized and  stored in an encrypted format
Background image of page 10
    Something You Do This type of authentication makes use of  something the user performs or produces signature recognition and  voice recognition (voice phrase) Key stroke pattern Timing for known sequence of keystrokes
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/27/2010 for the course IS 2813 taught by Professor Jameskoshi during the Spring '06 term at Webber.

Page1 / 135

Lecture9 - TEL2813/IS2820 Security Management Protection...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online