...Security Authentication Process CMGT/400 February 9, 2013 Anthony Seymour Security Authentication Process Like most people who are computer users, you do not simply turn on your computer and start accessing programs. There are systems put in place by the user, or the administrator of the network to ensure that the properly authorized people gain access to their information. Specific profiles are created to differentiate amongst the users that allow each unique user to create, delete, and print or any other process they have access to. The process needs to be thoroughly planned out, and there also has to be a determination how whether it will be managed locally, or by third party software. This management of access controls actually comes in four different steps. The steps are: Identification, Authentication, Authorization, and finally, Accountability. No administrator worth his salt will incorporate any sort of security authentication process without these four basic steps. A properly configure authentication process will protect your network from such threats as password cracking tools, brute force attacks, the abuse of system rights and outright impersonation of authenticated users. Identification is the first of the four steps of the security process. Anyone that wishes to gain access to a system is referred to as a supplicant, and the tool that they use to gain entry to the system is referred to as an Identifier. This identifier can be a myriad of different references...
Words: 1640 - Pages: 7
...The Security Authentication Process Simply put, authentication is the process by which a subject’s (or user’s) identity is verified (Conklin, White, Williams, Davis, & Cothren, 2012). An example of authentication most people are familiar with is their e-mail login. For instance, Gmail requires a person’s Gmail address and individual password to access his or her Gmail account. However, there are numerous types of authentication outside the common username and password. Furthermore, authentication is used in numerous areas of a system to re-verify a user’s identity when he or she is accessing a new area of the system, accessing encrypted data types, and securing the preservation of a system. This paper evaluates the different authentication types, their applications, and additional security measures for securing a system and its data. Types of Authentication According to Whitman and Mattford (2010), there are four types of authentication mechanisms, which are: * Something a person knows (passwords or passphrases) * Something a person has (such as cryptographic tokens or smartcards) * Something a person is (a fingerprint, retina or iris scan, or hand topography or geometry * Something a person produces (such as voice or pattern recognition) The level of access control associated with a system and the data contained on the system is determined by legislation (varies geographically) governing data, and control policies developed and implemented by the...
Words: 1415 - Pages: 6
...Earl Robinson intorduction to security class. Essay week 2 * The remote access control policy consists of * Group membership * Type of connection * Time of day * Authentication methods * Advanced conditions: * Access server identity * Access client phone number or MAC address * Whether user account dial-in properties are ignored * Whether unauthenticated access is allowed After the connection is authorized, remote access policies can also be used to specify connection restrictions, including the following: * Idle timeout time * Maximum session time * Encryption strength * IP packet filters * Advanced restrictions: * IP address for PPP connections * Static routes Additionally, you can vary connection restrictions based on the following settings: * Group membership * Type of connection * Time of day * Authentication methods * Identity of the access server * Access client phone number or MAC address * Whether unauthenticated access is allowed On this network I recommend a WAN network . Because the wan network is great for going cities to cities or state to state plus there are more security features that can be recommended. The physical and logical access controls are as follows Authentication Identification is usually providing a public piece of information (username, account number) and authentication is providing a private piece...
Words: 348 - Pages: 2
...Associate Level Material Appendix F Access Control Policy Student Name: Christopher Waller University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Romel Llarena Date: May 13, 2012 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems 1 Authentication Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on. Authentication credentials really help control access to sensitive data or systems by making it literally to get unauthorized access to them. Passwords and usernames are a good way to start because if you use those rights then these are hard to bypass, but multifactor authentication is a more efficient way for secure access. Triple authentication requires something you have, something you know, and something you are such as a keycard, password and a fingerprint. 2 Access control strategy 1 Discretionary access control Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure confidentiality. Explain who the information owner is that has the responsibility for the information and has the discretion...
Words: 526 - Pages: 3
...User Authentication through Keystroke Dynamics1 FRANCESCO BERGADANO, DANIELE GUNETTI, and CLAUDIA PICARDI University of Torino Unlike other access control systems based on biometric features, keystroke analysis has not led to techniques providing an acceptable level of accuracy. The reason is probably the intrinsic variability of typing dynamics, versus other—very stable—biometric characteristics, such as face or fingerprint patterns. In this paper we present an original measure for keystroke dynamics that limits the instability of this biometric feature. We have tested our approach on 154 individuals, achieving a False Alarm Rate of about 4% and an Impostor Pass Rate of less than 0.01%. This performance is reached using the same sampling text for all the individuals, allowing typing errors, without any specific tailoring of the authentication system with respect to the available set of typing samples and users, and collecting the samples over a 28.8-Kbaud remote modem connection. Categories and Subject Descriptors: D.4.6 [Operating Systems]: Security and Protection—access controls, authentication General Terms: Experimentation, Security Additional Key Words and Phrases: Biometric techniques, keystroke analysis 1. INTRODUCTION Biometric features (and techniques [Ashbourn 2000a]) are conveniently divided into two main categories. The physiological features include face, eye (normally, retinal or iris patterns), fingerprints, palm topology, hand geometry, wrist veins and thermal...
Words: 16880 - Pages: 68
...more than 40 billion messages on their behalf each year. On March 30th, 2011 Epsilon announced that unknown intruders had broken into one of its email servers and accessed the names and email accounts of some of its 2,500 corporate customers, including 7 of the Fortune 10. Companies affected by the breach include the grocery store Kroger, Walgreens, Best Buy, Tivo and significant household banks such as JP Morgan Chase, U.S. Bancorp, Citigroup, Capital One, and Barclays Bank to name a few. Roughly 50 companies were affected by this major breach one that the Guardian called “the largest Internet security breaches in U.S. history” . Experts say the good news is this was not credit card data, Social Security numbers, or account numbers and passwords. The hackers mainly got email addresses and names. Even though these scammers did not receive credit card information or social security numbers it is still a major breach that can cause serious damage to its clients. This is a concern because of a crafty way to obtain personal information from someone through a technique called phishing. “Phishing is a type of Internet fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details, and other confidential information. Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems...
Words: 904 - Pages: 4
...Technology Computer Manufacturing Enterprise Security Network Access Control: User and Device Authentication August 2005 Intel IT is piloting new security methods to provide network access control by authenticating devices as well as users. Since networking has evolved to support both wired and wireless access, securing corporate networks from attack has become ever more essential. Therefore, to effectively enforce network access control policies in a proactive manner, we are developing a method to authenticate users and devices before they connect to the network. Network Access Control at Intel • Over 90,000 employees worldwide • 80 percent of knowledge workers are mobile and unwired • Over 50,000 remote access users Background As a global corporation, Intel IT supports more than 90,000 employees and contractors all over the world, and 80 percent of our knowledge workers are mobile and unwired. Network access depends more and more upon wireless LANs and WANs, as well as virtual private network (VPN) remote access. All of these technologies have the potential to open our network perimeter to threats. When we considered the threat of viruses and worms, it was evident that we needed additional controls to secure the enterprise network and its information assets from unauthorized devices and unauthorized people. Figure 1 shows how we could authenticate devices and users as part of the authentication pyramid. Figure 1. Authentication pyramid Info Use Auditing Access...
Words: 1319 - Pages: 6
...Week 3 Course Lesson Plan IT2580 Introduction to Information Systems Security—Unit 3 Mr. Phillip Parrinelli pparrinelli@itt-tech.edu 619-327-1800 Unit 3: Appropriate Access Controls for Systems, Applications, and Data Access Learning Objective Explain the role of access controls in implementing security policy. Key Concepts The authorization policies applying access control to systems, application, and data The role of identification in granting access to information systems The role of authentication in granting access to information systems The authentication factor types and the need for two- or three-factor authentication The pros and cons of the formal models used for access controls Reading Kim and Solomon, Chapter 5: Access Controls. GROUP ACTIVITY Discuss and complete the following worksheet: ------------------------------------------------- IT2580: Unit 3 Types of Authentication Instructions: In the following table, identify the type of authentication for the given authentication methods. Authentication Method | Authentication Type (Knowledge, Ownership, or Characteristic) | Password | | Smart card | | Fingerprint | | Personal identification number (PIN) | | Token | | Badge | | Signature | | ------------------------------------------------- DISCUSSION ------------------------------------------------- IT2580: Unit 3 Access Controls Discussion: Access controls can be...
Words: 716 - Pages: 3
...ECommerce (AugDec 2009) Term Paper Name: MANILA M V Roll No: CS08M028 Title: ThreeDimensional Password for More Secure Authentication Goal The goal is to design a multi factor authentication scheme that combines the the various authentication scheme into a single 3D virtual environment which results in a larger password space. The design of 3D virtual environment, the selection of object inside the environment, and the object type reflect the resulted password space. User have freedom to select whether the 3D password will be solely recall, recognition, or token based, or combination of two schemes or more. Brief Description of the System The proposed system is a multi factor authentication scheme. It can combine all existing authentication schemes into a single 3D virtual environment. This 3D virtual environment contains several objects or items with which the user can interact. The user is presented with this 3D virtual environment where the user navigates and interacts with various objects. The sequence of actions and interactions toward the objects inside the 3D environment constructs the user’s 3D password. The 3D password can combine most existing authentication schemes such as textual passwords, graphical passwords, and various types of biometrics into a 3D virtual environment. The choice of what authentication schemes will be part of the user's 3D password reflects the user's preferences and requirements. ...
Words: 3177 - Pages: 13
...1. What are the three major categories used to provide authentication of an individual? Something they have, something they are and something they know 2. What is Authorization and how is this concept aligned with Identification and Authentication? Authorization is the determination to if a user has the rights to perform specific tasks or actions on the network or system. Authorization is after Identification and Authorization where each verifies the user prior to verifying there role. 3. Provide at least 3 examples of Network Architecture Controls that help enforce data access policies at the LAN-to-WAN Domain level? 1. Smart Cards – A token CAC card that is used in tandem with a password 2. Passwords – User defined passwords that coincide with password standards. 3. Cognitive password – Pre-answered questions that hopefully only the user knows the answer to. 4. When a computer is physically connected to a network port, manual procedures and/or an automated method must exist to perform what type of security functions at the Network Port and Data Switch level for access control? Name and define at least three. Verify authorized access to the asset Verify the user is who they say they are through authentication Verify the configuration of the computer is compliant with local security standards.. 5. What is a Network Access Control (NAC) System? Explain its benefits in securing access control to a network. A NAC is the use of certain policy of the network...
Words: 536 - Pages: 3
...RECOMMENDATIONS FOR WIRELESS NETWORK SECURITY POLICY Introduction One of the newer technologies being increasingly used in today's business is that of wireless networks. While this technology has the advantages of providing greater user mobility and temporary access, it does have the disadvantage of an intrinsic lack of security. SECURITY THREATS There are a number of types of attack that wireless LANs are vulnerable to, based on different aspects of their operation and configuration. These include. i. Broadcast medium Wireless is a broadcast medium, where there is no way to control where the information is sent and who therefore has access to it. If an access point is set up and used in its default Configuration, then the user of such a system is vulnerable to attack, because anyone running sniffer software can see and capture everything that a user does across that network... ii. WEP Vulnerabilities. There were two problems with the original WEP encryption system. Firstly, the shared key system requires the use of the WEP key to verify a user attempting to connect to the wireless network. The second was the actual implementation of the encryption system itself. iii. Denial of Service This type of attack can be perpetrated by a jamming attack which can be either intentional attack which is one in which the attacker broadcasts a very high-power signal at the same frequency that the wireless network is operating on, causing interference to the network...
Words: 906 - Pages: 4
...approaches are accepted as strong and efficient technologies for access control. Answer b) If MPS is to strengthen user authentication then biometric techniques will bring a definite improvement by increasing the level of security and being cost effective. That’s because biometric techniques are the authentication methods that use one or more intrinsic physical or behavioural characteristics for recognising an individual. So, there is no question of forgetting passwords or access by some other person by steeling password of the authentic person. Current biometric systems use the enrolment process. This process has a risk of an attacker gaining access to the stored template. If once the biometric measurements are stolen then it is impossible to change the owners’ physical characteristics. So, there is need for template free biometric techniques which is free from templates which stores pre-captured data for comparison before authentication is achieved. This will reduce unauthorised access to confidential information and fraudulent information authoring. Answer c) Biological identity contains data that uniquely describes an entity with means of biometric techniques whereas Digital Identification is about recognising individuals based on either “what you have” or “what you know” (Wayman.,2008 ) For the Police Computer Crime Unit both of these authentication means can be used. Since the cases are highly sensitive, more secured identification processes are needed. Computer...
Words: 550 - Pages: 3
...resources you’ll need to have in place in order to begin testing. Any NAC deployment must start by answering three critical questions: 1) What is my access control policy? 2) What are the access methods (such as LAN, wireless, or VPN) I want to protect? 3) How will this integrate with my existing infrastructure? Once you answer these questions, you can begin to gather test lab resources, such as servers (for policy definition points), laptops or desktops (for network access requestors), and switches, access points, and VPN servers (for policy enforcement points). Getting Started with Network Access Control What is my access control policy? NAC is a generic concept that deals with defining access controls based on user authentication, end-point security assessment, and network environmental information. That’s too big for most network managers to bite off in a single chunk, so many NAC deployments hone in on a subset of these goals and expand over time. You’d be wise to do the same---trying to do too much too early in the lifecycle of this emerging group of products will lead to undue frustration and unnecessary complexity. To start, you should define a simple network access control policy. It is important to define your access control policy first, because that will frame the rest of your testing and deployment. You can put it in any format you want, but most network managers will be most comfortable with something that looks like a table. The following table might give you...
Words: 1611 - Pages: 7
...Chapter 2. Security in the Microsoft Windows Operating System ONE OF THE MORE DIFFICULT TASKS when securing any computer system or network is identifying where to start. There are many components in any computing environment. Each component is a potential point of attack. Since the operating system provides the ability for software and hardware to interact it is a good starting point for securing an entire environment. On any computer, the operating system enables software to access physical resources. For example, it is the operating system that governs how any application actually reads from, or writes to, a physical disk. Consequently, the operating system is a prime candidate for attack and a valuable resource to protect. From an attacker's point of view, a compromised operating system provides easy access to protected information. Compromising operating system controls gives the attacker the ability to remove evidence of attacks and "clean up" any leftover log entries or other traces of the attack. A secure operating system is the basis of a secure environment. In this chapter you will learn about the Windows operating system architecture and controls to ensure system security. You will also learn how attackers search for, find, and exploit operating system vulnerabilities. With the knowledge of how attackers operate you'll be able to identify and implement the right controls to secure your environment. Chapter 2 Topics In this chapter, the following topics and concepts are presented:...
Words: 6274 - Pages: 26
...and DIAMETER | [Type the document subtitle] | Jackie Cooper 2/5/2014 | Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc. in 1991 as an access server authentication and accounting protocol and later brought into the Internet Engineering Task Force (IETF) standards. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server (NAS), are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. RADIUS is often the backend of choice for 802.1X authentication as well. The RADIUS server is usually a background process running on a UNIX or Microsoft Windows server. Diameter is an authentication, authorization, and accounting protocol for computer networks. It evolved from and replaces...
Words: 669 - Pages: 3