Operating Systems Security: User Authentication
|
|
- Alfred Stephens
- 5 years ago
- Views:
Transcription
1 Introduction Operating Systems Security: User Authentication Ozalp Babaoglu! When you first make contact with a computer service (login, , web access, etc.) you need to identify yourself and then authenticate this identity to prove who you claim to be! Authentication is the basis for performing Authorization! Authentication of human principles rather different from authentication of messages or machines! Humans are not good at remembering or at computing ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA Babaoglu Sicurezza 2 User Authentication Password-based authentication! Authenticating humans can be based on 1. Something you know (password, PIN) 2. Something you have (token) 3. Something you do 4. Something you are (biometrics) 5. Where you are! Options 2, 3 and 4 usually require special hardware support! Option 1 is by far the most common Babaoglu Sicurezza 3! Leaves no trace of security breaches! Impossible to prove your innocence if someone misuses your account! Possibilità che la password venga indovinata " Scarsa cultura della sicurezza " Password banali " Post-it con la password attaccata allo schermo! Possibilità che la password venga carpita " un intruso può sbirciare chi sta digitando la password " login spoofing " sniffing di rete! Possibility of on-line or off-line attacks Babaoglu Sicurezza 4
2 Password-based authentication Password-based authentication! On-line attack: the system itself is used to verify the correctness of guesses! Defenses: " Slow down rate of guesses (insert delay) " Limit number of incorrect attempts (3 wrong PINs, the phone blocks, Bancomat eats your card) " Report date/time/location of last successful login at the next login! Off-line attacks: verify the correctness of password guesses on a system different from the one being targeted! Need access to passwords in some stored form! Based on pre-constructed lists of potential passwords Babaoglu Sicurezza 5 Babaoglu Sicurezza 6 Password-based authentication Dictionary Attack! How to save passwords " as clear text in a file protected by the operating system s access control mechanisms " subject to abuse by privileged users, administrators! Password encryption " based on a one-way hash function f() " the password file contains fingerprints of the passwords and not the clear text " at login, compute the fingerprint of the password supplied by the user and compare it to the value stored in the file " Password file in Unix/Linux: /etc/passwd! Obtain a copy of the file containing encrypted passwords! Obtain file containing lists of common words (dictionary)! For each word w in the dictionary, compute its hash value using f(w) and compare it to the encrypted passwords in the password file! All matching entries correspond to users who have set their password to w! Can be much more sophisticated by transforming w in common ways (backwards, 2-letter permutations, etc.)! Can be mechanized through easily-available programs such as crack Babaoglu Sicurezza 7 Babaoglu Sicurezza 8
3 Dictionary Attack Dictionary Attack List of common words Password file Achille Adriano Africa Afrodite Agnese Agrigento Alberto Aldo Alessandro Alessio Ambrogio America Amilcare Anastasia Ancona Andrea Anna Annibale Anselmo Antonino Antonio Aosta... root:ikgjioe9043jb:0:0:... rossi:wsfl4i4gjio:500:500:... bianchi:sdiweo38d:501:501:... franchi:bwjk2lks4df:502:502:... neri:osdtrkl9dfb:503:503:... orsi:gi5ikwsdvo:504:504:... tamburini:lkqweoibve4s:505:505:... gallo:osdtrkl9dfb:506:506:... f(anna) = osdtrkl9dfb Defenses:! Artificially slow down the performance of the one-way hash function (Unix applies DES 25 times to a all-zero block with the password as the key)! Salting of passwords to prevent global attacks! Limit access to the password file through OS! Shadow passwords: separate encrypted passwords from all the other information contained in the password file (real name of user, office location, telephone number, etc.) Babaoglu Sicurezza 9 Babaoglu Sicurezza 10! Shadow password file Shadow Passwords " Il file /etc/passwd è leggilibile a tutti perchè contiene informazioni che vanno al di là della password " Ma questo rende(va) la vita facile agli attaccanti " Il meccanismo delle shadow password memorizza le password in un file separato /etc/shadow, leggibile solo a root! Esempio di /etc/passwd con shadow password mezzina:x:501:501:leonardo Mezzina:/home/mezzina:/bin/bash trotter:x:502:503:guido Trotter:/home/trotter:/bin/bash hughes:x:503:504:dino Hughes:/home/hughes:/bin/bash acerbett:x:504:505:stefano Acerbetti:/home/acerbett:/bin/bash Password-based authentication Consigli per gli amministratori di sistemi! Always set passwords explicitly and never leave default values! Educare gli utenti sull'importanza di utilizzare password non deboli! Eseguire periodicamente programmi di cracking per verificare la sicurezza delle password attuali! Require remote users to use one-shot passwords or other secure techniques (disable telnet, ftp) Babaoglu Sicurezza 11 Babaoglu Sicurezza 12
4 Password-based authentication Consigli per gli amministratori di sistemi Login spoofing! Implementare meccanismi per evitare che password banali siano utilizzate " Impose a minimum length (at least 8 characters) " Require mixed format (at least some non-alpha characters) " Reject passwords that can be obtained from simple transformations of common words (dictionary)! Use password aging (must be used within reason)! L'attaccante scrive un programma (testuale o grafico) che presenta una finta schermata di login! Attende che la vittima inserisca login/password! Memorizza o spedisce la coppia login/password! Visualizza un messaggio di Login incorrect! Fa partire il vero programma di login per esempio terminando la shell attuale! La vittima crede di aver digitato male la password, questa volta entrando senza problemi nel sistema Babaoglu Sicurezza 13 Babaoglu Sicurezza 14 Login spoofing Login spoofing! Example #!/bin/csh -f # Only for demonstration (C) Bob Toxen cat /etc/issue echo -n "hostname login: " set x="$<" stty -echo echo -n "Password: " set y="$<" echo $x "," $y >> captured.dat stty -echo echo "" echo Login incorrect echo "" exit Welcome to XYZ Linux K.L (i586) Kernel A.B.CD (tty1) hostname login: franchi Password: Login incorrect Welcome to XYZ Linux K.L (i586) Kernel A.B.CD (tty1) hostname login: Babaoglu Sicurezza 15 Babaoglu Sicurezza 16
5 Login spoofing Login spoofing! Windows " Permette il login tramite la sequenza Ctrl-Alt-Del " La schermata iniziale di Windows XP con la lista degli utenti non dovrebbe essere utilizzata " Notion of trusted path from the keyboard to the operating system kernel " The sequence Ctrl-Alt-Del establishes this path " How can I be sure that indeed Windows running on my macine? " Reboot " How can I be sure that the image of the operating system on disk is indeed Windows? " Reinstall from CD General defenses against login spoofing based on mutual authentication:! The user authenticates himself to the host! The host authenticates itself to the user! Based on cryptographic techniques such as digital signatures and certificates Babaoglu Sicurezza 17 Babaoglu Sicurezza 18 Phishing Phishing! Modern incarnation of login spoofing! Phishers attempt to fraudulently acquire sensitive information such as passwords and credit card details by masquerading as a trustworthy person or business! Typically carried out using or instant messaging, but phone contact has been used as well Babaoglu Sicurezza 19 Babaoglu Sicurezza 20
6 Phishing Pharming! PCWorld.com, February 20, 2007 " Cisco Says 77 Routers Open to Drive-By Pharming! Attack aiming to redirect a website's traffic to another, bogus website! Malware targets a desktop computer's Hosts file, which circumvents name lookup with its own local name to IP address mapping! Attacker modifies the trusted DNS entry of a router to point to a server under his control instead of a legitimate one (suggested by an upstream ISP) Babaoglu Sicurezza 21 Babaoglu Sicurezza 22 Keyloggers Keyloggers! Keyloggers are usually designed as spyware and come in the form of a Trojan horse, can record your passwords, can detect when you type digits checking to see if it s a credit card, bank accounts or information you consider private and personal. Spyware keyloggers are also used to track your surfing habits Babaoglu Sicurezza 23 Babaoglu Sicurezza 24
7 Keylogger Defenses Packet sniffing! Spyware detection/removal programs! Firewall for blocking outgoing network traffic! Mobile virtual keyboards! Packet sniffing " un packet sniffer è un software che analizza il traffico di rete su cui il host è collegato " cerca di individuare pacchetti contenenti coppie login/password spediti in chiaro da meccanismi di comunicazione come telnet, rlogin e ftp " memorizza le coppie login/password per uso futuro Babaoglu Sicurezza 25 Babaoglu Sicurezza 26 Packet sniffing User Authentication based on something you do! General defenses are generally based on cryptographic techniques for obfuscating passwords:! Require that the password is never sent in the clear over the network " Challenge-response schemes based on symmetric/asymmetric cryptography " Challenge can be implicit (such as real time)! Require that a given password can be used only once " One-time password schemes such as SKEY! Certain human actions can serve to uniquely identify them " Inter key-stroke delays when typing on a keyboard " Velocity, acceleration, pressure of pen when writing Babaoglu Sicurezza 27 Babaoglu Sicurezza 28
8 User Authentication based on something you are Biometrics! Biometrics " Finger print " Voice print " Retinal patterns " Facial features (distance between eyes, shape of lips, nose, leftright symmetry, etc.)! Typically require hardware support to acquire! Chosen biometric should minimize both false negatives and false positives Desirable properties for a chosen biometric:! Universality: Every person must posses them! Uniqueness: Two different persons must not have the same characteristics! Permanence: Characteristic should not be alterable or change over time! Acquirability: Characteristic easy to acquire and quantify Babaoglu Sicurezza 29 Babaoglu Sicurezza 30 User Authentication based on where you are Non-textual Passwords! Limit root access to system console (no remote)! Your access to a certain trusted host or certain trusted network may be sufficient to grant access to another host without further evidence! Older versions of Unix implemented this idea through.rhosts and /etc/hosts.equiv files and the collection of r commands: rlogin, rsh, rcp, rwho! Today considered to be highly insecure due to attacks based on IP spoofing! Can use GPS or GSM cell data! Rather than a sequence of characters, a password can be sequence of coordinates in a cartesian plane (x 1,y 1 )(x 2,y 2 )...(x 10,y 10 )! Difficult to remember and enter in numerical format! Can benefit from graphical assistance Babaoglu Sicurezza 31 Babaoglu Sicurezza 32
9 Non-textual Passwords Babaoglu Sicurezza 33
Operating Systems Security: User Authentication
The Internet Dog Operating Systems Security: User Authentication Ozalp Babaoglu ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA The New Yorker, 5 July 1993!2 Introduction User Authentication When you first
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationInformation Security CS 526
Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 13
CIS 551 / TCOM 401 Computer and Network Security Spring 2006 Lecture 13 Announcements Talk today: 3:00 Wu & Chen Auditorium Boon Thau Loo "Declarative Networking: Extensible Networks with Declarative Queries"
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/1516/ Chapter 4: 1 Chapter 4: Identification & Authentication Chapter 4: 2 Agenda User authentication Identification & authentication Passwords
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 19
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 19 Announcements Reminder: Project 3 is due *TOMORROW* night at 11:59 Plan for today: Authentication: SSH Human authentication One-time
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationCSC 474 Network Security. Authentication. Identification
Computer Science CSC 474 Network Security Topic 6. Authentication CSC 474 Dr. Peng Ning 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication. Identification. AIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationComputer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Authentication Paul Krzyzanowski Rutgers University Spring 2018 1 Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Protocols such
More informationInformation Security CS 526
Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted
More informationComputer Security 3/20/18
Authentication Identification: who are you? Authentication: prove it Computer Security 08. Authentication Authorization: you can do it Protocols such as Kerberos combine all three Paul Krzyzanowski Rutgers
More information5. Authentication Contents
Contents 1 / 47 Introduction Password-based Authentication Address-based Authentication Cryptographic Authentication Protocols Eavesdropping and Server Database Reading Trusted Intermediaries Session Key
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationInternet Security Firewalls
Overview Internet Security Firewalls Ozalp Babaoglu Cryptographic technologies Secure Sockets Layer IPSec Exo-structures Firewalls Virtual Private Networks ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA 2
More information10 Defense Mechanisms
SE 4C03 Winter 2006 10 Defense Mechanisms Instructor: W. M. Farmer Revised: 23 March 2006 1 Defensive Services Authentication (subject, source) Access control (network, host, file) Data protection (privacy
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationCIS 6930/4930 Computer and Network Security. Topic 6. Authentication
CIS 6930/4930 Computer and Network Security Topic 6. Authentication 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication Allow a user to
More informationComputer Security 4/12/19
Authentication Computer Security 09. Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Paul Krzyzanowski Protocols such as Kerberos combine all three Rutgers
More informationAuthentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi
Authentication Overview of Authentication systems 1 Approaches for Message Authentication Authentication is process of reliably verifying the identity of someone. Authentication Schemes 1. Password-based
More informationLinux Network Administration
Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH
More informationAuthentication. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Authentication Murat Kantarcioglu Authentication Overview Basics Passwords Challenge-Response Biometrics Location Multiple Methods Basics
More informationAuthentication Objectives People Authentication I
Authentication Objectives People Authentication I Dr. Shlomo Kipnis December 15, 2003 User identification (name, id, etc.) User validation (proof of identity) Resource identification (name, address, etc.)
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationCNT4406/5412 Network Security
CNT4406/5412 Network Security Authentication Zhi Wang Florida State University Fall 2014 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2014 1 / 43 Introduction Introduction Authentication is the process
More informationAccess Controls. CISSP Guide to Security Essentials Chapter 2
Access Controls CISSP Guide to Security Essentials Chapter 2 Objectives Identification and Authentication Centralized Access Control Decentralized Access Control Access Control Attacks Testing Access Controls
More informationLecture Notes for Chapter 3 System Security
Lecture Notes for Chapter 3 System Security Digital Signatures: A digital signature is a scheme that is used to simulate the security properties provided by a hand-written signature. It is something which
More informationLecture 14 Passwords and Authentication
Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Major Portions Courtesy Ryan Cunningham AUTHENTICATION Authentication
More informationLecture 9 User Authentication
Lecture 9 User Authentication RFC 4949 RFC 4949 defines user authentication as: The process of verifying an identity claimed by or for a system entity. Authentication Process Fundamental building block
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationOperating Systems Security Access Control
Authorization and access control Operating Systems Security Access Control Ozalp Babaoglu From authentication to authorization Once subjects have been authenticated, the next problem to confront is authorization
More informationMODULE NO.28: Password Cracking
SUBJECT Paper No. and Title Module No. and Title Module Tag PAPER No. 16: Digital Forensics MODULE No. 28: Password Cracking FSC_P16_M28 TABLE OF CONTENTS 1. Learning Outcomes 2. Introduction 3. Nature
More informationSE420 Software Quality Assurance
SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationCS System Security Mid-Semester Review
CS 356 - System Security Mid-Semester Review Fall 2013 Mid-Term Exam Thursday, 9:30-10:45 you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This is to
More informationLecture 9. Authentication & Key Distribution
Lecture 9 Authentication & Key Distribution 1 Where are we now? We know a bit of the following: Conventional (symmetric) cryptography Hash functions and MACs Public key (asymmetric) cryptography Encryption
More informationProject #6: Using ssh, scp and sftp with Key-Based Authentication
Project #6: Using ssh, scp and sftp with Key-Based Authentication ssh, scp and sftp Going beyond Password Protection Creating Keys Creating Keys with a Passphrase Using Key-Based Authentication in Our
More informationComputer Security & Privacy
Computer Security & Privacy Melissa Winstanley (mwinst@cs.washington.edu) (based on slides by Daniel Halperin) How exploration sessions work You get 1/3 point of extra credit for each session Attendance
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 3 User Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown User Authentication fundamental security building
More informationInformation Security & Privacy
IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 8 Feb 24, 2015 Authentication, Identity 1 Objectives Understand/explain the issues related to, and utilize
More informationELECTRONIC BANKING & ONLINE AUTHENTICATION
ELECTRONIC BANKING & ONLINE AUTHENTICATION How Internet fraudsters are trying to trick you What you can do to stop them How multi-factor authentication and other new techniques can help HELPING YOU STAY
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationAA 2015/2016 System hardening (Authentication, Firewalls) Dr. Luca Allodi
Network Security AA 2015/2016 System hardening (Authentication, Firewalls) Dr. Luca Allodi Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016) 1 Default configurations All systems
More informationProtection and Security. Sarah Diesburg Operating Systems CS 3430
Protection and Security Sarah Diesburg Operating Systems CS 3430 Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms implemented
More informationProcesses and authentication
Processes and authentication UNIX process hierarchy ssh b146-* pstree -p less -S pstree -pu crandall lsof -p31009 nc -l 20202 & lsof -p31626 kill -9 31626 Process 1 Process 2 Process 3 System calls Kernel
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 9: Authentication Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Definition of entity authentication Solutions password-based
More informationSumy State University Department of Computer Science
Sumy State University Department of Computer Science Lecture 1 (part 2). Access control. What is access control? A cornerstone in the foundation of information security is controlling how resources are
More informationPractical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February
Practical Magic with SSH By David F. Skoll Roaring Penguin Software Inc. 1 February 2001 http://www.roaringpenguin.com dfs@roaringpenguin.com Overview of Presentation Why SSH? Problems with Telnet & Friends
More informationAuthentication CHAPTER 17
Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance
More informationMW MOC INSTALLING AND CONFIGURING WINDOWS 10
MW10-4 - MOC 20698 - INSTALLING AND CONFIGURING WINDOWS 10 Categoria: Windows 10 INFORMAZIONI SUL CORSO Durata: Categoria: Qualifica Istruttore: Dedicato a: Produttore: 5 Giorni Windows 10 Microsoft Certified
More informationQ) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system...
Q) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system... Q) Q) What is the difference between home directory and working directory? Answer
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (3 rd Week) 3. User Authentication 3.Outline Electronic User Authentication Principles Password-Based Authentication Token-Based Authentication Biometric
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationKeywords security model, online banking, authentication, biometric, variable tokens
Volume 4, Issue 11, November 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Authentication
More informationAuthentication systems. Authentication methodologies. User authentication. Authentication systems (auth - april 2011)
Authentication systems Diana Berbecaru < diana.berbecaru @ polito.it > Politecnico di Torino Dip. Automatica e Informatica Authentication methodologies can be based on different factors ( 1/2/3-factors
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users Learning Objectives Explain why authentication is a critical aspect of network security Explain
More informationCertificates, Certification Authorities and Public-Key Infrastructures
(Digital) Certificates Certificates, Certification Authorities and Public-Key Infrastructures We need to be sure that the public key used to encrypt a message indeed belongs to the destination of the message
More informationPracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam
PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationDefending Yourself Against The Wily Wireless Hacker
Defending Yourself Against The Wily Wireless Hacker Brian S. Walden NYCWireless Presentation October 27, 2004 http://wifidefense.cuzuco.com/ What You Expect Common Hacker Techniques Direct Break-In Man-In-The-Middle
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationAuthentication and passwords
Authentication and passwords Passwords The Key Idea Prover sends a password to a Verifier. The channel must be private If an attacker obtains a user s password, he can authenticate as her. Passwords must
More informationAuthentication CS 136 Computer Security Peter Reiher January 22, 2008
Authentication CS 136 Computer Security Peter Reiher January 22, 2008 Page 1 Outline Introduction Basic authentication mechanisms Authentication on a single machine Authentication across a network Page
More informationMicrosoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ]
s@lm@n Microsoft Exam 98-367 Security fundamentals Version: 9.0 [ Total Questions: 123 ] Question No : 1 The Active Directory controls, enforces, and assigns security policies and access rights for all
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationSSH. Partly a tool, partly an application Features:
Internet security SSH 1 Secure Shell: SSH Partly a tool, partly an application Features: Encrypted login and shell connections Easy, drop-in replacements for rlogin, rsh, rcp Multiple means of authentication
More informationManagement of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model
Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model Abhijit Vitthal Sathe Modern Institute of Business Management, Shivajinagar, Pune 411 005 abhijit_sathe@hotmail.com
More informationAuthentication. Chapter 2
Authentication Chapter 2 Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication
More informationUser Authentication and Passwords
User Authentication and : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 31 October 2012 Y12S2L11, Steve/Courses/2012/s2/css322/lectures/passwords.tex,
More informationOS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015
OS Security Authentication Radboud University Nijmegen, The Netherlands Winter 2014/2015 What does an OS do? Definition An operating system (OS) is a computer program that manages access of processes (programs)
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationWhite paper. Common attacks and counter measures. How Keytalk helps protect against sniffing, man in the middle, phishing and trojan attacks
White paper Common attacks and counter measures How Keytalk helps protect against sniffing, man in the middle, phishing and trojan attacks KeyTalk.com General Security Claims 2 Content 1 Introduction 3
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationAuthentication System
A Biologically Inspired Password Authentication System Dipankar Dasgupta and Sudip Saha Center for Information Assurance University of Memphis Memphis, TN 38152 Outline Motivation Position Authentication
More informationIntruders and Intrusion Detection. Mahalingam Ramkumar
Intruders and Intrusion Detection Mahalingam Ramkumar Intruders A significant issue for networked systems hostile or unwanted access either via network or local Classes of intruders: masquerader misfeasor
More informationCSCI 667: Concepts of Computer Security
CSCI 667: Concepts of Computer Security Lecture 8 Prof. Adwait Nadkarni Derived from slides by William Enck, Micah Sherr, Patrick McDaniel and Peng Ning 1 2 Announcements Project Proposals due Tonight,
More informationAuthentication KAMI VANIEA 1
Authentication KAMI VANIEA FEBRUARY 1ST KAMI VANIEA 1 First, the news KAMI VANIEA 2 Today Basics of authentication Something you know passwords Something you have Something you are KAMI VANIEA 3 Most recommended
More informationLord of the Rings J.R.R. TOLKIEN
Copyright 1994 AT&T and Lumeta Corporation. All Rights Reserved. Notice: For personal use only. These materials may not be reproduced or distributed in any form or by any means except that they may be
More informationSecurity. Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018
Security Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018 Basic Security Aspects 1. Systems must be usable by legitimate users only 2. Access is granted on the basis of
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-541 Title : VPN and Security Cisco SAFE Implementation Exam (CSI) Vendors : Cisco
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationSecurity and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1
Security and Privacy Xin Liu Computer Science University of California, Davis Introduction 1-1 What is network security? Confidentiality: only sender, intended receiver should understand message contents
More informationMW MOC SUPPORTING AND TROUBLESHOOTING WINDOWS 10
MW10-3 - MOC 10982 - SUPPORTING AND TROUBLESHOOTING WINDOWS 10 Categoria: Windows 10 INFORMAZIONI SUL CORSO Durata: Categoria: Qualifica Istruttore: Dedicato a: Produttore: 5 Giorni Windows 10 Microsoft
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationKeys and Passwords. Steven M. Bellovin October 17,
Keys and Passwords Steven M. Bellovin October 17, 2010 1 Handling Long-Term Keys Where do cryptographic keys come from? How should they be handled? What are the risks? As always, there are tradeoffs Steven
More informationOS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015
OS Security Authentication Radboud University Nijmegen, The Netherlands Winter 2014/2015 What does an OS do? Definition An operating system (OS) is a computer program that manages access of processes (programs)
More informationGarantía y Seguridad en Sistemas y Redes
Garantía y Seguridad en Sistemas y Redes Tema 3 User Authen0ca0on Esteban Stafford Departamento de Ingeniería Informá2ca y Electrónica Este tema se publica bajo Licencia: Crea2ve Commons BY- NC- SA 40
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationChapter 3: User Authentication
Chapter 3: User Authentication Comp Sci 3600 Security Outline 1 2 3 4 Outline 1 2 3 4 User Authentication NIST SP 800-63-3 (Digital Authentication Guideline, October 2016) defines user as: The process
More informationUndergraduate programme in Computer sciences
What is authentication? Security Engineering MSc in Computer Science EIT Master on Security and Privacy Lecture 12 Authentication Massacci Fabio It is the process of verifying a claimed identity by r for
More informationCSC 405 Introduction to Computer Security
CSC 405 Introduction to Computer Security Topic 4. Security in Conventional Operating Systems -- Part II 1 Basic Concepts of UNIX Access Control: Users, Groups, Files, Processes Each user has a unique
More informationWho are you? Enter userid and password. Means of Authentication. Authentication 2/19/2010 COMP Authentication is the process of verifying that
Who are you? Authentication COMP620 Authentication is the process of verifying that the user or system is who they claim li to be. A system may be acting on behalf of a given principal. Authentication
More informationCS 111. Operating Systems Peter Reiher
Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources Operating Systems Peter Reiher Page 1 Outline Basic concepts in computer security Design principles for security
More informationPasswords. EJ Jung. slide 1
Passwords EJ Jung slide 1 Basic Problem? How do you prove to someone that you are who you claim to be? Any system with access control must solve this problem slide 2 Many Ways to Prove Who You Are What
More information