...the authentication process and the related hardware and software to go along with it. Identification and Authentication Authentication is the process of the system or program recognizing the user and granting them access, which has been predetermined by access controls. It begins with two major parts; Identification and Authentication. Identification is the process in which the system recognizes the user and gives them access according to Abstract object that are controlled by the administrators of the files and systems. Privileges will be granted based on their user account having been verified. This process is usually a user ID. The system recognized the ID and knows the access right and privileges of that individual that have been verified. The Authentication begins once the user account ID has been identified. This is the process in which the user credentials are actually verified, meaning the specific attributes of their specific user account and authenticated and verified to make sure the access rights are correct. This process uses a password or some sort of credential such as, a PIN, Certificate, or ticket. The system needs to authenticate the identity of the user by verifying their credentials. (Todorov, 2011). Authentication can be completed by a system in many different ways. As explained earlier, a simple password or form of identifying the person specifically is used a front line authentication method. This is also known as a Single Sign-on Authentication...
Words: 2199 - Pages: 9
...popularity due to its convenience and ease of use. However, as with any transactions that take place over the Internet, online banking transmissions are vulnerable to various forms of malicious attacks. Although phishing is still a common method hackers use to commit bank fraud, another method that is difficult to combat is a 'man-in-the-middle' attack, referred to in the video as a 'manin-the-browser' attack. Banking transactions are traditionally conducted via two-factor authentication (T-FA). An authentication factor is a piece of information or process used to authenticate or verify a person's identity or other entity requesting access under security constraints. Two-factor authentication is a system in which two different factors are used in conjunction to authenticate. Authentication factors are classified into three groups: human factors (biometrics, for example 'something you are'), personal factors ('something you know'), and technical factors ('something you have'). An example of a traditional two-factor authentication method is the use of a bank card and a PIN number to access a bank account from an ATM. However, if a transaction is initiated on a computer with malware installed, the security of the transaction is compromised. Not even 'padlocked'...
Words: 748 - Pages: 3
...identification System Withdrawal The system displays the options, which are currently avaible in the ATM. Select Amount The bank system displays the standard withdrawal amount on the screen for the customer to choose the amount to be withdrawn from the machine. Withdrawal Confirmation After selecting the amount the system lets the customer recheck the amount and confirm the withdrawal by selecting conduct withdrawal option Eject Card The system ejects the card of the customer so the customer can take it back from the machine. Cash Give The system disburses the amount requested but the customer and prints a receipt slip containing the whole information of the account balance and the use case is done. Alternative flows There are some alternative flows side by side,...
Words: 1170 - Pages: 5
...hard drives. The real time protection tab of the Avira anti virus application holds a further option named ‘Scan;’ in which there are also alternative modifications to choose from depending on the workstations scenario. A higher level of priority for a scan which is required to be complete at that moment, due to the likely possibility of a user downloading malicious files, settings will be established to appropriately suit the situation, if the user would have known which file extension the data had been downloaded had been integrated with, the scan could have been made specifically to remove the threat as soon as possible, as if the malware was some sort of a worm, it would replicate and spread briskly, if this was a high priority scenario, the user would start the scan even when the computers in use with the ‘Scan mode’ section of this tab seen above, setting the computer to it’s comatose option of attempting to scan for malware while the user works away, now aware of the threats the internet...
Words: 1225 - Pages: 5
... and Haughn, M., 2014): • Use a minimum of 8 characters selected from a 94-character set. • Include at least one upper case letter, one lower case letter, one number and one special character. • Use a dictionary of common words that user should avoid. • Don’t use any permutation of your username as your password. That being said some sites or systems are still allowing users to create passwords such as “123456”, “password”, and “12345678” according to SplashData’s annual worst password list (SplashData, 2014). The advances in software setup and checking should prevent a user from ever creating a password so simple. The issues stem from a couple of problems. One is not educating users more on the concept of complex password creation. Two not all administrators of systems...
Words: 661 - Pages: 3
...Week 4 Assignment 2: Use Cases CIS 210: Systems Analysis and Development November 3, 2013 A use case with typical and alternate courses that documents the event of a bank customer withdrawing money from an ATM. In this particular use-case scenario a system analysis will be identified when a bank customer interacts with an ATM to withdraw money. Typical and alternate courses will be identified. A use-case diagram will be used as a tool to provide clarification of the necessary components or processes including hardware, system software, process and human interaction to layout or plan and identify the various components necessary to produce the desired session outcome. Rouse (2007) describes the use-case methodology; “A use case is a methodology used in system analysis to identify, clarify, and organize system requirements. The use case is made up of a set of possible sequences of interactions between systems and users in a particular environment and related to a particular goal. It consists of a group of elements (for example, classes and interfaces) that can be used together in a way that will have an effect larger than the sum of the separate elements combined. The use case should contain all system activities that have significance to the users. A use case can be thought of as a collection of possible scenarios related to a particular goal, indeed, the use case and goal are sometimes considered to be synonymous.” In this...
Words: 1164 - Pages: 5
...ACCESS CONTROL IN SUPPORT OF INFORMATION SYSTEMS SECURITY TECHNICAL IMPLEMENTATION GUIDE Version 2, Release 2 26 DECEMBER 2008 Developed by DISA for the DoD UNCLASSIFIED Access Control in Support of Information Systems STIG, V2R2 26 December 2008 DISA Field Security Operations Developed by DISA for the DoD This page is intentionally blank. ii UNCLASSIFIED Access Control in Support of Information Systems STIG, V2R2 26 December 2008 DISA Field Security Operations Developed by DISA for the DoD TABLE OF CONTENTS Page SUMMARY OF CHANGES...................................................................................................... IX 1. INTRODUCTION................................................................................................................. 1 1.1 1.2 1.3 1.4 1.5 1.6 1.7 2. Background ..................................................................................................................... 1 Authority ......................................................................................................................... 2 Scope............................................................................................................................... 3 Writing Conventions....................................................................................................... 3 Vulnerability Severity Code Definitions ........................................................................ 4 STIG Distribution .......
Words: 38488 - Pages: 154
...ITT Capstone Project NT2799: Network Systems Administration | Donna Williamson, Andy Lara, Mary Hunter, Carlos Vargas, Matt Koppe, Morten Laigaard Donna Williamson, Andy Lara, Mary Hunter, Carlos Vargas, Matt Koppe, Morten Laigaard Table of Contents Part 1: Structure of WAN2 Part 2: Types of Equipment7 Part 3: Protocol Choices25 Part 4: Phone System73 Part 5: Security Proposal78 References89-92 Part 1 Structure of WAN Structure of WAN- Mary Hunter We have initially considered our LAN components and began our documentation. We have planed the design and determined all resources involved. We have considered and interviewed all the stakeholders involved. We are in the beginning stage, so the components, resources, stakeholders and design may change. We will use switches to connect hosts to the internetwork, and both hubs and switches will be used to interconnect devices in our star network architecture. This way if we need to add workstations we will only have to insert another hub or switch. All of ABC worldwide offices will include file services, print services, message services, directory services, and application services. All of the offices will have the use of a file server for file sharing backing up files and storage. They will have access to a print server that will include Queue-based printing and print sharing; a message server that will allow for e-mails with attachment files, including video, sound, and documents. All the offices will have access to a...
Words: 13943 - Pages: 56
...to the hardware. Higher-level mechanisms can be more expressive, but also tend to be more vulnerable to attack, for a variety of reasons ranging from intrinsic complexity to implementer skill levels. Most attacks involve the opportunistic exploitation of bugs; and software that is very large, very widely used, or both (as with operating systems) is particularly likely to have security bugs found and publicized. Operating systems are also vulnerable to environmental changes that undermine the assumptions used in their design. The main function of access control in computer operating systems is to limit the damage that can be done by particular groups, users, and programs whether through error or malice. This project will be conducted in two main checkpoints: * Phase I: The first step in this project is to analyze risk and develop a mitigation plan to identify which assets are more critical. Determining what systems rely on each other...
Words: 2458 - Pages: 10
...A Structured Analysis of PHISHING By Prasath Manimaran ID: 20038303 Table of Contents Chapter One – Introduction 1. Research Questions and Objectives……………….…………………………………………….5 Chapter Two – Literature Review & Definition of Phishing 2.1. Literature Review…………………………………………………………………………………………..8 2.1.2. Definitions of Phishing……………………………………………………………………..8 2.1.3. Outcomes of this Study…………………………………………………………………….16 2.2. Research Details 2.2.1. Scope of the Research……………………………………………………………………….17 2.2.2. Research Methodology……………………………………………………………………..17 2.2.3Inductive versus Deductive Study……..………………………………………………..20 2.2.4. Qualitative versus Quantative……………………………………………………..20 Chapter Three – Phishing in a Banking Context 3.1. Confidence in Internet Banking……………………………………………………………………22 3.1.1. Security Requirements………………………………………………………………………23 3.2. Threat Models……………………………………………………………………………………………….25 3.2.1. The Internet Threat Model……………………………………………………..25 3.2.2. Thompson Threat Model……………………………………………………….26 3.2.3. Viral Threaet Model………………………………………………………………26 3.3. The Phishing Threat Model…………………………………………………………………………..26 3.3.1. Identification of Internet Banking Components………………………………..27 3.3.2. Identification of Phishing Threats………………………………………………29 Chapter 4 – Analysis of Current Phishing Techniques 4.1. Modus Operandi………………………………………………………………………………………….…36 4.2. Roles of Adversary in Phishing………………………………………………………………………...
Words: 15039 - Pages: 61
...The Security Authentication Process Simply put, authentication is the process by which a subject’s (or user’s) identity is verified (Conklin, White, Williams, Davis, & Cothren, 2012). An example of authentication most people are familiar with is their e-mail login. For instance, Gmail requires a person’s Gmail address and individual password to access his or her Gmail account. However, there are numerous types of authentication outside the common username and password. Furthermore, authentication is used in numerous areas of a system to re-verify a user’s identity when he or she is accessing a new area of the system, accessing encrypted data types, and securing the preservation of a system. This paper evaluates the different authentication types, their applications, and additional security measures for securing a system and its data. Types of Authentication According to Whitman and Mattford (2010), there are four types of authentication mechanisms, which are: * Something a person knows (passwords or passphrases) * Something a person has (such as cryptographic tokens or smartcards) * Something a person is (a fingerprint, retina or iris scan, or hand topography or geometry * Something a person produces (such as voice or pattern recognition) The level of access control associated with a system and the data contained on the system is determined by legislation (varies geographically) governing data, and control policies developed and implemented by the...
Words: 1415 - Pages: 6
...Communication and Information Technologies Tutor Marked Assignment Dynamic Holiday Limited Biometric Authentication Report Introduction This report aims to give a brief overview of the alternatives to the current authentication system being used at Dynamic Holidays Limited. Specifically it will detail the technologies behind both fingerprint and iris scanning, doing a comparison of each in turn, and then ultimately leading to a recommendation as to which would suit the company better. Biometric Overview Biometrics, or the singular biometric, is the measurement of living things and in most contexts details the measurement of human beings for security and authentication purposes. This stems from the Greek bios (life) and metron (measure). In a security environment, biometrics are utilised to ensure that the correct people have access to the products and services to which they are entitled. The field of biometrics covers a wide scope of technologies, including but not limited to facial, iris, fingerprint and DNA recognition. Within the field of biometrics, there are generally two sources of identification classifications: physiological and behavioural. Physiological characteristics are those that we are born with and do not usually change (iris and fingerprints), especially once we have reached adulthood. This excludes the nature of physical injury or various other medical or traumatic...
Words: 3039 - Pages: 13
...ACCESS CONTROL MODELS An access control model is a framework that dictates how subjects access objects. There are three main types of access control model mandatory access control, discretionary access control and role-based access control. Discretionary (DAC) The creator of a file is the ‘owner’ and can grant ownership to others. Access control is at the discretion of the owner. Most common implementation is through access control lists. Discretionary access control is required for the Orange Book “C” Level. Mandatory (MAC) Much more structured. Is based on security labels and classifications. Access decisions are based on clearance level of the data and clearance level of the user, and, classification of the object. Rules are made by management, configured by the administrators and enforced by the operating system. Mandatory access control is required for the Orange Book “B” Level. Role-Based (RBAC) Continually administered set of controls by role within organization. Access rights assigned to roles – not directly to users. Roles are tighter controlled than groups - a user can only have one role. Can use different types of RBAC Role-based Role within organization. Task-based Specific task assigned to the user. Lattice-based Upper and Lower bounds Access Control Techniques and Technologies Once a company decides on the access control model to use, the technologies and techniques to implement that model need to be determined Role-based Can be used with...
Words: 1719 - Pages: 7
...security, there are certain measures that the server side of the authentication process can implement to increase security without the user changing their habits. This approach would solve many of the security problems that authentication servers are facing. The goal of this study is to determine a set of best practices that can be implemented to increase security without the intervention of the user. While passwords may not be around forever, due to the introduction of new authentication hardware, they will be around until one of these hardware become mainstream and readily available to the general public. These practices will offer greater security until that time comes. User authentication in today's world generally requires a user name and a password. Though the strength of the user's password is generally seen as the base line for security, the authenticating server can implement certain security measures that can compensate for weak passwords. One main factor for considering different security measures is the advancement of brute force attack techniques on passwords. These techniques make even very strong, by accepted standards, random character passwords susceptible to being cracked through brute force cracking techniques (Gosney, 2013). With the number of services requiring log in credentials, often comprising of a password, the risk of account compromise grows, leading to the need of more secure authentication techniques. There are a...
Words: 1960 - Pages: 8
...NAVAL POSTGRADUATE SCHOOL Monterey, California THESIS A REQUIREMENT ANALYSIS FOR THE NAVAL POSTGRADUATE SCHOOL’S ALUMNI DATABASE SYSTEM by Lawrence M. Gaines September 2002 Thesis Advisor: Co-Advisor: Julie Filizetti Daniel Dolk Approved for public release; distribution is unlimited THIS PAGE INTENTIONALLY LEFT BLANK REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington DC 20503. 1. AGENCY USE ONLY (Leave 2. REPORT DATE 3. REPORT TYPE AND DATES COVERED blank) September 2002 Master’s Thesis 4. TITLE AND SUBTITLE A Requirement Analysis of the Naval 5. FUNDING NUMBERS Postgraduate School’s Alumni Database System 6. AUTHOR (S) Lawrence M. Gaines 8. PERFORMING ORGANIZATION 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) REPORT NUMBER Naval Postgraduate School Monterey, CA 93943-5000...
Words: 17005 - Pages: 69