In this unit we are continuing our discussion of IT security measures.

Similar documents
Passwords. EJ Jung. slide 1

Lecture 3 - Passwords and Authentication

Authentication Objectives People Authentication I

Lecture 3 - Passwords and Authentication

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

Authentication SPRING 2018: GANG WANG. Slides credit: Michelle Mazurek (U-Maryland) and Blase Ur (CMU)

CIS 4360 Secure Computer Systems Biometrics (Something You Are)

Authentication. Chapter 2

Sumy State University Department of Computer Science

MODULE NO.28: Password Cracking

Identification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:

Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

HY-457 Information Systems Security

BIOMETRIC MECHANISM FOR ONLINE TRANSACTION ON ANDROID SYSTEM ENHANCED SECURITY OF. Anshita Agrawal

MU2b Authentication, Authorization and Accounting Questions Set 2

CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018

Global Mobile Biometric Authentication Market: Size, Trends & Forecasts ( ) October 2017

Chapter 3: User Authentication

CSC 474 Network Security. Authentication. Identification

Authentication. Tadayoshi Kohno

Tennessee Technological University Policy No Password Management

5-899 / Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006

Evaluating Alternatives to Passwords

User Authentication. Tadayoshi Kohno

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

User Authentication and Human Factors

Chapter 2: Access Control and Site Security. Access Control. Access Control. ACIS 5584 E-Commerce Security Dr. France Belanger.

User Authentication. Daniel Halperin Tadayoshi Kohno

Stuart Hall ICTN /10/17 Advantages and Drawbacks to Using Biometric Authentication

Integrated Access Management Solutions. Access Televentures

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

Keep the Door Open for Users and Closed to Hackers

COMPUTER PASSWORDS POLICY

What is a security measure? Types of security measures. What is a security measure? Name types of security measures

Introduction to Information Security Dr. Rick Jerz

Biometrics. Overview of Authentication

Authentication Methods

Biometrics Our Past, Present, and Future Identity

Lecture 9 User Authentication

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Authentication Technologies

Whitepaper on AuthShield Two Factor Authentication with SAP

Duo End User Education Templates

Password Policy Best Practices

Challenges and. Opportunities. MSPs are Facing in Security

Authentication CS 136 Computer Security Peter Reiher January 22, 2008

Goals. Understand UNIX pw system. Understand Lamport s hash and its vulnerabilities. How it works How to attack

Usable Security Introduction to User Authentication and Human Interaction Proof Research

Managing User Accounts

Graphical User Authentication System An Overview P. Baby Maruthi 1, Dr. K. Sandhya Rani 2

Using biometrics for password reset.

Security and Privacy. Security or Privacy? Computer Security

Network Security and Cryptography. 2 September Marking Scheme

CS 528 Mobile and Ubiquitous Computing Lecture 11b: Mobile Security and Mobile Software Vulnerabilities Emmanuel Agu

CNT4406/5412 Network Security

Biometrics problem or solution?

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

AUTHENTICATION IN THE AGE OF ELECTRONIC TRANSACTIONS

Keywords security model, online banking, authentication, biometric, variable tokens

Role of Biometrics in Cybersecurity. Sam Youness

Technology in Action. Technology in Focus: Protecting Your Computer and Backing Up Your Data Prentice-Hall, Inc. 1

Syllabus: The syllabus is broadly structured as follows:

Verwelkoming. 20 September Fort Lent

HELPFUL TIPS: MOBILE DEVICE SECURITY

An Overview of Biometric Image Processing

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

NETWORK SECURITY - OVERCOME PASSWORD HACKING THROUGH GRAPHICAL PASSWORD AUTHENTICATION

How NOT To Get Hacked

User Authentication. E.g., How can I tell you re you?

The Need for Biometric Authentication

COMPUTER NETWORK SECURITY

Recall Based Authentication System- An Overview

Biometric Security Roles & Resources

HumanAUT Secure Human Identification Protocols

OneID An architectural overview

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1

Signing up for My Lahey Chart

CSE 565 Computer Security Fall 2018

CS530 Authentication

Computer Security. 10. Biometric authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

Authentication KAMI VANIEA 1

Authentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin

The US Contact Center Decision-Makers Guide Contact Center Performance. sponsored by

Computer Security 4/15/18

Upgrading Your Home Network Security

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

Signer Authentication

5/15/2009. Introduction

Using Biometric Authentication to Elevate Enterprise Security

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

A Secure Graphical Password Authentication System

Information Security & Privacy

Information Security Identification and authentication. Advanced User Authentication II

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments

Define information security Define security as process, not point product.

MANAGING LOCAL AUTHENTICATION IN WINDOWS

Innovations in Identity & Access Management (IdAM)

Transcription:

1

In this unit we are continuing our discussion of IT security measures. 2

One of the best security practices in Information Security is that users should have access only to the resources and systems they need, nothing more and nothing less. Information Systems nowadays are very complex systems in which the question is not whether but where vulnerabilities are. This, coupled with the fact that the most common cause of security breaches in IT systems is the human factor, either intentional or unintentional, makes it wise to give a user access only to what he or she needs. This kind of policy can help to avoid unnecessary threats. One method of control is physically restricting access to hardware to authorized personnel only. Another is creating a permission policy which gives access to systems, applications and data only to the users who need them, regardless of whether we are using our own infrastructure or a cloud based system. 3

To establish a successful access control policy, an IT system needs a way of authenticating its users and proving their identity. This process is not the same as authorization although they are linked. First, the system must know who is trying to access it (that is authentication). Then it must decide which resources the person is authorized to use. The most comprehensive authentication systems in IT are based on 4 things: something you have (for example a card or key), something that you know (a password), something that you do (for example a signature) and something about you (a biometric scan), but they can be very cumbersome for users, so, depending n the level of security required, a subset of them can be used. 4

Passwords are one of the most frequently used ways of authenticating users. A password is a string of characters used to authenticate user identity or approve access to specific data. Obviously, passwords should be kept secret from those not allowed access. Personal passwords should be used and shared passwords should be avoided. Passwords can be attacked by brute force (trying millions of random combinations of characters with a computer), by dictionary attack (combining words extracted from a digital dictionary) or by social engineering. That is why they should be long enough and should not include personal information such as birthday dates or family names. A good practice is to use a combination of uppercase and lowercase letters, digits and symbols. Another tactic to choose a password is to think of a phrase and take the first letter of each word. Passwords generated in this way are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. 5

Passwords should be changed from time to time. The frequency of this change should increase when the access rights of the password holder are high. Password content and password ageing requirements can be defined and enforced in company wide user management policies. It is not a very good idea for a person to use the same password for different systems, as if the password to one account becomes known, all the user s accounts are at risk. However, nowadays we tend to have dozens of different accounts and having individual passwords for all of them is difficult to accomplish. Common practices in access control interfaces are: not displaying the password on the display screen while it is being entered to avoid over-the-shoulder password theft, limiting the number of allowed failures within a given time period, or blocking the system for an increasing period of time after each failure to avoid brute force or dictionary attacks. To end this brief look at passwords, we want to stress that, to be effective, a password must never be revealed to other persons. 6

Recognizing personal characteristics is a very powerful tool for access control identification, as it can be very reliable. Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals. Biometric identifiers are often categorized as physiological versus behavioral characteristics. Physiological characteristics are related to the shape of the body; they include, for example, fingerprints, palm veins, face recognition, DNA, palm prints, hand recognition, hand geometry, iris recognition or retina scan. Behavioral characteristics are related to the pattern of behavior of a person, including, but not limited to, typing rhythm, gait and voice/speech recognition. The latter s main use is automated transcription but it can also be used for access control. 7

8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback