MIS365 8 - Security - MIS365 Data Communications &...

Info iconThis preview shows pages 1–16. Sign up to view the full content.

View Full Document Right Arrow Icon
MIS365 Jerry Malcolm Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security As long as there is something of value, it must be protected from those who seek to compromise, destroy or unethically obtain it. Just as we build better locks and vaults for protection of physical assets, we must design and create secure techniques for protection of assets accessible and transferred via the internet
Background image of page 2
Security Industry representatives have told the UT MIS department that they are desperately seeking MIS graduates that have a working knowledge of Internet Security
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Security It is possible to get a PhD in the field of internet/IT security In this class, we can only cover the main points If you have an interest in this area, you are strongly encouraged to pursue it
Background image of page 4
Security “Security” can be summarized in two words: Authentication Authorization These two areas are completely separate from each other They each have their own discipline and require unique understanding
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Definitions Authentication Verification that you are who you say you are
Background image of page 6
Definitions Authorization Ensuring that you can only view, create, modify, delete, or otherwise execute what you have been granted permission
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Authentication What is most popular form of authentication? IDs and passwords Other forms? Biometrics Fingerprint Retina A trusted party to vouch for authenticity
Background image of page 8
Double Level Authentication Two levels of authentication Something you have And something you know A “key fob” Small hardware device typically on your key ring Displays a deterministic “random” series of numbers on a display Changes every 20-30 seconds Server knows the number sequence that will be displayed on the fob at any point in time
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Double Level Authentication Enter you current fob sequence Something you have… Enter your id/pw Something you know…
Background image of page 10
Authorization In general… Restrict to “authorized” access Does this require authentication in all cases? Not always
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Authorization The most basic form of “authorization” “Security by Obscurity” URL is not linked from open pages If you know the URL… you’re in… Formally stated: “I authorize anyone who knows the URL to access the page”
Background image of page 12
Authorization More restrictive control on authorization If user is authenticated , user is authorized to…. Review: How did the user get authenticated? You don’t care… Trust your authentication mechanism… At this point, your job is protecting assets….
Background image of page 13

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Authorization Fairly limited versatility if all I can say is: “if you have a valid id/pw, then you can…” We need more granularity
Background image of page 14
Security systems often apply the concept of “ roles ” to users User “A” has the “ Operator ” role User “B” has the “ Administrator ” role User “C” only has “ User
Background image of page 15

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 16
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 73

MIS365 8 - Security - MIS365 Data Communications &...

This preview shows document pages 1 - 16. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online