120 likes | 302 Views
Proper Access. Attack. Security System. Security Barriers. Security is about building barriers to protect assets. What complicates security is the necessity for barrier penetration. To be secure the barrier holes must be guarded. Asset. Computer Security.
E N D
Proper Access Attack Security System Security Barriers Security is about building barriers to protect assets. What complicates security is the necessity for barrier penetration. To be secure the barrier holes must be guarded. Asset
Computer Security Basic Concepts in Barrier Penetration Control - Who are you? - Can you prove it? - That which you are permitted to do. - You should be held responsible.
Identity Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers used in our world? What is the problem with using people’s names as identifiers?
Authorization Access privileges granted to a user, program, or process.† Common authorization tokens: † Definition from National Information Systems Security
Authentication Security measure designed to establish the validity of a transmission, message, or originator,or a means of verifying an individual’s authorization to receive specific categories of information.† † Definition from National Information Systems Security
RESPONSE CHALLENGE Authentication Authentication ... is a basis for trust Password -- the most common means of authentication Uses challenge - reponse protocol password: (Encryption required) Passwords are vulnerable to attacks. Why? Challenge-response systems fail when responses are efficiently discovered.
TtlsH1wwya #TtlsH1wwya& #TtlsH1wwya& Alt - 0181 Password Cracking cracker algorithm == repeatedly Give password cracking software a challenge. The conventional wisdom is as follows... Don’t use short passwords (at least 12 symbols). Include both lowercase and uppercase and digits. Use first letters from some phrase you can remember. Bracket the password with non-alphanumerics. Bracket the password with non-alphanumerics.
Additional Means of Authentication HHAD - Hand Held Authentication Device token-- small device carried by user (often includes microprocessor, keypad and/or real-time clock) Challenge-Response Token System displays random number which user enters on keypad. Card uses keypad input to calculate and display number. User enters number in computer which system verifies by same computation. Time-Based Token Card uses internal real-time clock value to calculate and display number. User enters number in computer which system verifies with its clock.
Additional Means of Authentication biometric-- requires special devices to read human features
Additional Means of Authentication digital certificate-- a certificate authority performs a security check on a user and grants an electronic certificate (essentially encryption keys) smartcard-- physically requires reader, contains full microprocessor with cryptographic calculations performed onboard. Smartcards can store ... Tampering with a smartcard typically renders it useless.
Authentication Factors ...what you _______ (password) ...what you _______ (key, token, smartcard) ...what you _____ (biometrics - fingerprints, retinal scan) ..._______ you are (in secure location, at some terminal)
User Non-repudiation Assurance the sender of data is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the data.† Attacker Access † Definition from National Information Systems Security