Session objectives. Identification and Authentication. A familiar scenario. Identification and Authentication
|
|
- Emil Butler
- 6 years ago
- Views:
Transcription
1 Session objectives Background Identification and Authentication CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2008 Week 3 Recognise the purposes of (password) identification. Be aware of the potential vulnerabilities in password authentication caused by organisational, human, and technical issues. Be able to identify and apply some security mechanisms for password distribution and management. Draw general security lessons from the familiar scenario of password authentication. Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 1 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 3 / 32 Background Definitions A familiar scenario Identification and Authentication How many usernames and passwords do you have? How many different passwords do you use? Identification e.g. giving your username. You reveal your identity to the system. Entity Authentication e.g. giving a password. The process of verifying a claimed identity. Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 4 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 6 / 32
2 Definitions The purpose of passwords The bootstrap problem The computer system can know who the user is. Enables the two features: Audit trail The system logs activity, and in the case of unauthorised and illegal activities, the logs can be used to trace the guilty user. Authorisation Use is restricted to recognised users, based on payment or membership. How do you identify the user when you give him the first password? How did you get your first password at Surrey? Remark Authorisation does not necessarily require identification, there are alternative approaches. However, using the audit trail to prosecute misbehaving users can hardly be done without identification. Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 7 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 9 / 32 Forgotten passwords Verification techniques What do you do if the user forgets his password? Has anyone ever forgotten the password? What did you do to have it reset? Forgotten passwords is an accessibility threat We have to reissue passwords to maintain accessibility Creates a vulnerability an intruder pretend to be an authorised user having forgotten his password. Misissuing a password is a confidentiality threat Authorised channel Do not give a password to a caller on the phone, but call back on an authorised phone number. Courier for personal delivery. Independent witness Call back someone else, like the requestor s manager. Damage limitation One-time password, forcing the user to change it immediately. Independent verification channel Confirmation by a different channel before the password is activated. Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 10 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 11 / 32
3 Related precautions Guessing passwords Do not give a password to a caller on the phone, but call back on an authorised phone number. How do you prevent phishing? You get an , allegedly from your bank, asking you to call them on a given number or click a given link. You do not know if the is genuine. What do you do? I would visit them by typing a URL I know is correct, or look up the phone number in a different source to call them. Typical crime novel Combination for a safe: your birthday A PIN code: last digits of the wife s phone number. Passwords is the same problem Dictionary attacks Exhaustive searches Users prefer passwords they can remember. Independent, authoritative channel Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 12 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 14 / 32 Exhaustive attacks Dictionary attacks How long does an exhaustive attack take? Number of passwords Time per password How do we control the vulnerability? Longer passwords (mandatory minimum length) Larger alphabet Slow response (at least on repeated attempts) Limit number of attempts Users cannot remember randomly generated words They tend to use common words etc. Hence, dictionaries can speed up the search Controls Require both upper- and lower-case letters Require special symbols (e.g. punctuation) But these controls reduce the password space exhaustive search becomes easier... Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 15 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 16 / 32
4 Other controls If we overdo it... Password checkers Simulate an attack: disable detected passwords Password generation: use computer-generated passwords Expiry dates Change default passwords on default accounts. A secure product should probably demand a password entered during installation. A security-aware administrator would check that no default password is in use before deployment. If a default password is abused, who s to blame? If the password is too difficult the user will write it down If the password has to change often the user will choose a simpler one So don t loose sight of the full picture Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 17 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 18 / 32 Spoofing Passwords Spoofing Passwords Spoofing passwords Controls The conventional password authentication is unilateral How do I know that the computer requesting the password is authorised to do so? Could the password prompt be rogue? State number of failed attempts Attempts not counted indicate foul play... raise the alarm Trusted path CTRL+ALT+DEL under Windows is a secure attention sequence it calls the system to invoke the login screen always use it, even if the login screen appears to be there Mutual authenticatication ssh caches host keys, and warns about unknown keys host keys could be distributed securily Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 20 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 21 / 32
5 The UNIX password file The password file The password file Compromise of the password file ypcat passwd head ii00002:fft.sa0x6jftg:138542:13163:ikpaya Ikpaya:/user/pgt1/ii00002:/usr/local/bin/tcsh php3mm:hoewg92g08weu:23705:23300:mr Michael J Merchant:/user/phradpg/php3mm:/usr/local/bin/tcsh ph41mr:zothpad8o2geg:23196:23005:mr Michael S Rubery:/user/ph43/ph41mr:/usr/local/bin/tcsh gj0006:hiwyd0kzo65jo:143647:23200:gareth Jones:/user/phgammast/gj0006:/usr/local/bin/tcsh ees3jm:iin1yh1vhskp.:13307:13010:jinming Ma:/user/pgr1/ees3jm:/usr/local/bin/tcsh eep2zl:90hk45skpndt2:13662:13020:zongyang Luo:/user/ccsrnrpg1/eep2zl:/usr/local/bin/tcsh cs41hi:alcosbamd/axa:33299:28154:mr Hercules Iliopoulos:/user/cs4/cs41hi:/usr/local/bin/tcsh phpc251$:*:70033:979:phpc251$ machine account:/dev/null:/bin/false rj00001:disabled2kbpkybftgadk:136711:28156:richard Jeffery:/user/ug1/rj00001:/sbin/nologin Unencrypted password file: obviously catastrophic The enemy can learn everything. Encrypted passwords: how dangerous is this? allows off-line password search username : password : uid : gid : real name : home directory : shell Password is encrypted ; using one-way function Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 23 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 24 / 32 The password file Closing Words Alternative Approaches Protection Mechanisms Alternatives to passwords One-way function Encryption without key y = f (x) can be computed easily x = f 1 (y) is not computationally feasible Salting Password P; random salt S, C = f (S C); append salt before encryption. Store S C; store salt unencrypted. Result: to identical passwords have different salt, and thus different encryption. Something you know (password) Something you hold (smart card) Who you are (biometric data) What you are (signature (hand-written)) Where you are ( trusted terminal ) Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 25 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 27 / 32
6 Closing Words Alternative Approaches Closing Words User convenience An overview User convenience Vulnerabilities are found at every stage of password authentication Password issue (password management) Weak passwords (dictionary attack) Weak memory: the user writes it down Password entry (spoofing, peeking) Transmission (remote authentication) Time of check to time of use (is it secure in computer memory?) Security must be addressed at every stage, in Design, implementation, and human interaction Every service requires authorisation Access workstation Access network Access printer Nuisance for the user Several passwords? Enter password several times Single sign-on System caches password. System issues certificate upon first authorisation. Challenge! Balance security and user convenience. Watch out for this conflict! Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 28 / 32 Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 30 / 32 Discussion Exercise Closing Words Exercises [Gollmann 3.7] If you are required to use several passwords at a time, you may consider keeping them in a password book. A password book is a protected file containing your passwords. Access to the password book can again be controlled through a master password. What are the advantages of such a scheme? What are the disadvantages of such a scheme? Overall, do you think it is a good idea or not? Dr Hans Georg Schaathun Identification and Authentication Autumn 2008 Week 3 32 / 32
Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/1516/ Chapter 4: 1 Chapter 4: Identification & Authentication Chapter 4: 2 Agenda User authentication Identification & authentication Passwords
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationCSM27 Exercises. Hans Georg Schaathun. November 25, Week In session. 1.2 Weekly Exercises. Security problems brain storming
CSM27 Exercises Hans Georg Schaathun November 25, 2008 1 Week 1 1.1 In session Security problems brain storming Classication of brain stormed problems. 1.2 Weekly Exercises 1.2.1 Current Security Problems
More information7. How do I obtain a Temporary ID? You will need to visit HL Bank or mail us the econnect form to apply for a Temporary ID.
About HL Bank Connect 1. What is HL Bank Connect? HL Bank Connect provides you with the convenience of accessing your bank accounts and performing online banking transactions via the Internet. 2. What
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationWho are you? Enter userid and password. Means of Authentication. Authentication 2/19/2010 COMP Authentication is the process of verifying that
Who are you? Authentication COMP620 Authentication is the process of verifying that the user or system is who they claim li to be. A system may be acting on behalf of a given principal. Authentication
More informationChapter 3: User Authentication
Chapter 3: User Authentication Comp Sci 3600 Security Outline 1 2 3 4 Outline 1 2 3 4 User Authentication NIST SP 800-63-3 (Digital Authentication Guideline, October 2016) defines user as: The process
More informationMODULE NO.28: Password Cracking
SUBJECT Paper No. and Title Module No. and Title Module Tag PAPER No. 16: Digital Forensics MODULE No. 28: Password Cracking FSC_P16_M28 TABLE OF CONTENTS 1. Learning Outcomes 2. Introduction 3. Nature
More informationAuthentication. Chapter 2
Authentication Chapter 2 Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationComputer Security 3/20/18
Authentication Identification: who are you? Authentication: prove it Computer Security 08. Authentication Authorization: you can do it Protocols such as Kerberos combine all three Paul Krzyzanowski Rutgers
More informationInformation Security CS 526
Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted
More informationComputer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Authentication Paul Krzyzanowski Rutgers University Spring 2018 1 Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Protocols such
More informationUNIVERSITY OF SURREY c
CS/M27/14/AS07 UNIVERSITY OF SURREY c Faculty of Engineering and Physical Sciences Department of Computing MSc Security Technologies and Applications Module ; 99 credits CSM27: Computer Security Level
More informationSecurID Information. General Card Information. Card Precautions. Security Features FRED HUTCHINSON CANCER RESEARCH CENTER
FRED HUTCHINSON CANCER RESEARCH CENTER SecurID Information General Card Information The SecurID card is a credit-card-sized microprocessor token that lets authorized users access the SCHARP secure web
More informationPassword Standard Version 2.0 October 2006
Password Standard Version 2.0 October 2006 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 POLICY 4 3.2 PROTECTION 4 3.3 LENGTH 4 3.4 SELECTIONS 4 3.5 EXPIRATION 5 3.6
More informationOctopus Online Service Safety Guide
Octopus Online Service Safety Guide This Octopus Online Service Safety Guide is to provide you with security tips and reminders that you should be aware of when using online and mobile services provided
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More information5. Authentication Contents
Contents 1 / 47 Introduction Password-based Authentication Address-based Authentication Cryptographic Authentication Protocols Eavesdropping and Server Database Reading Trusted Intermediaries Session Key
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationPasswords. Secure Software Systems
1 Passwords 2 Password Lifecycle Change/Reset Password Create Password (user choice) Use Password (user supplies for auth) Store Password (with user identifier) 3 Password Creation 4 Password Creation
More informationHY-457 Information Systems Security
HY-457 Information Systems Security Recitation 1 Panagiotis Papadopoulos(panpap@csd.uoc.gr) Kostas Solomos (solomos@csd.uoc.gr) 1 Question 1 List and briefly define categories of passive and active network
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More information10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms
Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is
More informationSession objectives. Security Evaluation. Evaluation Standards. Can we trust a secure product/system? CSM27 Computer Security
Overview Session objectives Security Evaluation CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Discuss advantages and limitations of security evaluations Clarify fundamental concepts
More informationRethinking Authentication. Steven M. Bellovin
Rethinking Authentication Steven M. https://www.cs.columbia.edu/~smb Why? I don t think we understand the real security issues with authentication Our defenses are ad hoc I regard this as a step towards
More informationIntruders and Intrusion Detection. Mahalingam Ramkumar
Intruders and Intrusion Detection Mahalingam Ramkumar Intruders A significant issue for networked systems hostile or unwanted access either via network or local Classes of intruders: masquerader misfeasor
More informationGLOBAL PAYMENTS AND CASH MANAGEMENT. Security
GLOBAL PAYMENTS AND CASH MANAGEMENT Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationComputer Security & Privacy
Computer Security & Privacy Melissa Winstanley (mwinst@cs.washington.edu) (based on slides by Daniel Halperin) How exploration sessions work You get 1/3 point of extra credit for each session Attendance
More informationContents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Symbolic Links 4. Deploy A Firewall 5
Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Symbolic Links 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationCIS 6930/4930 Computer and Network Security. Topic 6. Authentication
CIS 6930/4930 Computer and Network Security Topic 6. Authentication 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication Allow a user to
More informationGetting started on Bankline: administrators guide
Getting started on Bankline: administrators guide This guide explains what happens next, and what you need to do to start using Bankline as an administrator Your role as an administrator Administrator
More informationANDROID PRIVACY & SECURITY GUIDE ANDROID DEVICE SETTINGS
ANDROID PRIVACY & SECURITY GUIDE WESNET The Women s Services Network Smartphones store a lot of personal information, including email or social media accounts, reminders and notes, the number of steps
More informationInformation Security CS 526
Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted
More informationFrequently Asked Questions on One Page Internet Banking
Frequently Asked Questions on One Page Internet Banking 1. What is Saraswat Bank One Page Internet Banking? Saraswat Bank One Page Internet Banking is the easiest way of online banking anytime, anywhere,
More informationKey Management and Distribution
2 and Distribution : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 css441y15s2l10, Steve/Courses/2015/s2/css441/lectures/key-management-and-distribution.tex,
More informationSECURITY AND DATA REDUNDANCY. A White Paper
SECURITY AND DATA REDUNDANCY A White Paper Security and Data Redundancy Whitepaper 2 At MyCase, Security is Our Top Priority. Here at MyCase, we understand how important it is to keep our customer s data
More informationGrenada Co-operative Bank Limited. User Guide
Grenada Co-operative Bank Limited User Guide Welcome to Co-op Bank s ebanking Service, which provides convenient, private and secure access to your accounts, anywhere and at anytime, using smart phones
More informationUndergraduate programme in Computer sciences
What is authentication? Security Engineering MSc in Computer Science EIT Master on Security and Privacy Lecture 12 Authentication Massacci Fabio It is the process of verifying a claimed identity by r for
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationDeprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018
Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationLord of the Rings J.R.R. TOLKIEN
Copyright 1994 AT&T and Lumeta Corporation. All Rights Reserved. Notice: For personal use only. These materials may not be reproduced or distributed in any form or by any means except that they may be
More informationCNT4406/5412 Network Security
CNT4406/5412 Network Security Authentication Zhi Wang Florida State University Fall 2014 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2014 1 / 43 Introduction Introduction Authentication is the process
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationCorporate Online. Introducing Corporate Online
Corporate Online. Introducing Corporate Online Effective as at April 2015 About this Guide About Corporate Online Westpac Corporate Online is an internet-based electronic platform, providing a single point
More informationCredentials Policy. Document Summary
Credentials Policy Document Summary Document ID Credentials Policy Status Approved Information Classification Public Document Version 1.0 May 2017 1. Purpose and Scope The Royal Holloway Credentials Policy
More informationUser Authentication. E.g., How can I tell you re you?
User Authentication E.g., How can I tell you re you? 1 The Basics Unlike real world authentication (e.g., you recognize someone s voice over the phone) computer can t recognize someone (well, not in the
More informationNetwork Security: Kerberos. Tuomas Aura
Network Security: Kerberos Tuomas Aura Kerberos authentication Outline Kerberos in Windows domains 2 Kerberos authentication 3 Kerberos Shared-key protocol for user login authentication Uses passwords
More informationSeite 1 von 20
This English translation is provided for your convenience only. In the event of discrepancies the German original text shall prevail over the English translation. Version of October 2016 Version of July
More informationOperating System Security. 0Handouts: Quizzes ProsoftTraining All Rights Reserved. Version 3.07
0Handouts: Lesson 1 Quiz 1. What is the working definition of authentication? a. The ability for a person or system to prove identity. b. Protection of data on a system or host from unauthorized access.
More informationSecuring today s identity and transaction systems:! What you need to know! about two-factor authentication!
Securing today s identity and transaction systems:! What you need to know! about two-factor authentication! 1 Today s Speakers! Alex Doll! CEO OneID Jim Fenton! Chief Security Officer OneID 2 Contents!
More informationPractical Issues with TLS Client Certificate Authentication
Practical Issues with TLS Client Certificate Authentication Arnis Parsovs February 26, 2014 1 / 10 Motivation 2 / 10 Motivation Problems with password authentication: 2 / 10 Motivation Problems with password
More informationAuthentication KAMI VANIEA 1
Authentication KAMI VANIEA FEBRUARY 1ST KAMI VANIEA 1 First, the news KAMI VANIEA 2 Today Basics of authentication Something you know passwords Something you have Something you are KAMI VANIEA 3 Most recommended
More informationIERG 4210 Tutorial 07. Securing web page (I): login page and admin user authentication Shizhan Zhu
IERG 4210 Tutorial 07 Securing web page (I): login page and admin user authentication Shizhan Zhu Content for today Phase 4 preview From now please pay attention to the security issue of your website This
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationMCB Lite FAQs What is MCB Lite? How do I apply for MCB Lite? Can I apply for MCB Lite without a valid CNIC?
MCB Lite FAQs What is MCB Lite? MCB Lite is a socially connected payments solution that saves you time and money by enabling you to make unlimited free payments through a Visa Card and a Mobile Wallet.
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More information5 MANAGING USER ACCOUNTS AND GROUPS
MANAGING USER ACCOUNTS AND GROUPS.1 Introduction to user accounts Objectives.2 Types of User Accounts.2.1 Local User Account.2.2 Built-in User Account.2.3 Domain User Account.3 User Profile.3.1 Content
More informationmaxecurity Product Suite
maxecurity Product Suite Domain Administrator s Manual Firmware v2.2 ii Table of Contents BASICS... 1 Understanding how maxecurity products work in your company... 1 Getting started as a Domain Administrator...
More informationCUSTOMER TIPS: HOW TO GUARD AGAINST FRAUD WHEN USING ONLINE BANKING OR ATM s
CUSTOMER TIPS: HOW TO GUARD AGAINST FRAUD WHEN USING ONLINE BANKING OR ATM s ATM Fraud - Watch out for the following scams. Scam 1 - you find you are having difficulty with your card. Someone will come
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationArchitecture. Steven M. Bellovin October 27,
Architecture Steven M. Bellovin October 27, 2015 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationArchitecture. Steven M. Bellovin October 31,
Architecture Steven M. Bellovin October 31, 2016 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationMU2b Authentication, Authorization and Accounting Questions Set 2
MU2b Authentication, Authorization and Accounting Questions Set 2 1. You enable the audit of successful and failed policy changes. Where can you view entries related to policy change attempts? Lesson 2
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market (Apache has 70%; IIS has 20%) Both major servers have lots
More informationAuthentication System
A Biologically Inspired Password Authentication System Dipankar Dasgupta and Sudip Saha Center for Information Assurance University of Memphis Memphis, TN 38152 Outline Motivation Position Authentication
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationIntroduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 09 Now, we discuss about the insecurity of passwords.
More informationLecture 9 User Authentication
Lecture 9 User Authentication RFC 4949 RFC 4949 defines user authentication as: The process of verifying an identity claimed by or for a system entity. Authentication Process Fundamental building block
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationContents. Introduction Upgrade your firmware to v Always use strong passwords Secure Web Admin user password...
Contents Introduction... 1 1 Upgrade your firmware to v2.1.4... 2 2 Always use strong passwords... 2 2.1 Secure Web Admin user password... 2 2.2 Secure operator user password... 3 2.3 Secure extension
More informationGuide to credit card security
Contents Click on a title below to jump straight to that section. What is credit card fraud? Types of credit card fraud Current scams Keeping your card and card details safe Banking and shopping securely
More informationNote: If a New Account Representative provided you a NetTeller ID at new account opening, skip this section of the enrollment process.
Thank you for choosing to bank online with First Security Bank! To begin the process of enrolling for online banking, visit our website at www.fsbmsla.com and click on the Enroll Now! link. Note: If a
More informationTABLE OF CONTENTS. Lakehead University Password Maintenance Standard Operating Procedure
TABLE OF CONTENTS 1.0 General Statement... 3 2.0 Purpose... 3 3.0 Scope... 3 4.0 Procedure... 3 4.1 General... 3 4.2 Requirements... 4 4.3 Guidelines... 4 5.0 Failure to comply... 6 2 1.0 GENERAL STATEMENT
More informationCyber Security Guide. For Politicians and Political Parties
Cyber Security Guide For Politicians and Political Parties Indian Election Integrity Initiative Design by ccm.design Cover Image by Paul Dufour Helping to Safeguard the Integrity of the Electoral Process
More informationAuthentication. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Authentication Murat Kantarcioglu Authentication Overview Basics Passwords Challenge-Response Biometrics Location Multiple Methods Basics
More informationSecurity and Privacy
E-mail Security and Privacy Department of Computer Science Montclair State University Course : CMPT 320 Internet/Intranet Security Semester : Fall 2008 Student Instructor : Alex Chen : Dr. Stefan Robila
More informationAssistance with University Projects? Research Reports? Writing Skills? We ve got you covered! www.assignmentstudio.net WhatsApp: +61-424-295050 Toll Free: 1-800-794-425 Email: contact@assignmentstudio.net
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache has 49%; IIS has 36% (source: http://news.netcraft.com/archives/2008/09/30/
More informationCSC 474 Network Security. Authentication. Identification
Computer Science CSC 474 Network Security Topic 6. Authentication CSC 474 Dr. Peng Ning 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationELECTRONIC BANKING & ONLINE AUTHENTICATION
ELECTRONIC BANKING & ONLINE AUTHENTICATION How Internet fraudsters are trying to trick you What you can do to stop them How multi-factor authentication and other new techniques can help HELPING YOU STAY
More informationCYBER SECURITY MADE SIMPLE
CYBER SECURITY MADE SIMPLE Author: Christopher Gorog www.logiccentral.org www.newcyberfrontier.com Christopher Gorog, MBA, PMP, CISSP Lead Faculty for Cybersecurity at Colorado Technical University; Published
More informationAuthentication SPRING 2018: GANG WANG. Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU)
Authentication SPRING 2018: GANG WANG Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU) Passwords, Hashes, Salt Password database Username Plaintext Password Not a good idea to store plaintext
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 15 February 29, 2012 CPSC 467b, Lecture 15 1/65 Message Digest / Cryptographic Hash Functions Hash Function Constructions Extending
More informationPNC Prepaid Card Programs Cardholder Website How-To Manual
PNC Prepaid Card Programs Cardholder Website How-To Manual February 2012 Cardholder Website How-To Manual Congratulations on your new PNC Prepaid Card! We hope you find the card simple and convenient to
More informationControls Electronic messaging Information involved in electronic messaging shall be appropriately protected.
I Use of computers This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information security policy. To
More informationNetwork Camera Security Guide
Network Camera Security Guide January 2018 About This Document This Guide includes instructions for using and managing the product safely. User Manual COPYRIGHT 2018 Hangzhou Hikvision Digital Technology
More informationCyber Hygiene Guide. Politicians and Political Parties
Cyber Hygiene Guide Politicians and Political Parties Canadian Election Integrity Initiative Design by ccm.design Cover Image by Songquan Deng Helping to Safeguard the Integrity of the Electoral Process
More informationCSci530 Final Exam. Fall 2011
CSci530 Final Exam Fall 2011 Instructions: Show all work. No electronic devices are allowed. This exam is open book, open notes. You have 120 minutes to complete the exam. Please prepare your answers on
More informationIntegrating Password Management with Enterprise Single Sign-On
Integrating Password Management with Enterprise Single Sign-On 2016 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Background: one problem, two solutions 2 2.1 The Problem.............................................
More informationCryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood of the enemy's
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.1 Introduction to Cryptography CSC 474/574 By Dr. Peng Ning 1 Cryptography Cryptography Original meaning: The art of secret writing Becoming a science that
More information