1. Trang chủ
  2. » Công Nghệ Thông Tin

Lecture Security+ Certification: Chapter 2 - Trung tâm Athena

55 46 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 55
Dung lượng 0,92 MB

Nội dung

Chapter 2 - Authentication. After studying this chapter you will be able to: Understand AAA (3A),create strong passwords and store them securely, understand the Kerberos authentication process, understand how CHAP works, understand what mutual authentication is and why it is necessary, understand how digital certificates are created and why they are used,...

Chapter 2:Authentication Objectives in this chapter ATHENA  Understand AAA (3A)  Create strong passwords and store them securely  Understand the Kerberos authentication process  Understand how CHAP works  Understand what mutual authentication is and why it is necessary  Understand how digital certificates are created and why they are used Learning Objectives ATHENA  Understand what tokens are and how they function  Understand biometric authentication processes and their strengths and weaknesses  Understand the benefits of multifactor authentication Security of System Resources  Three-step process (AAA) • Authentication – Positive identification of person/system seeking access to secured information/services (verifying that a person requesting access to a system is who he claims to be) • Authorization – Predetermined level of access to resources (regulating what a subject can with an object) • Accounting – Logging use of each asset (review of the security settings) ATHENA Security of System Resources Identifying who is responsible for Information security ATHENA Authentication  Positive identification of person/system seeking access to secured information/services  Based on: • • • • ATHENA Something you know (password) Something you have (smartcard) Something you are (biometrics) Or a combination (multi-factor) Authentication Techniques ATHENA  Usernames and passwords  Kerberos  Challenge Handshake Authentication Protocol (CHAP)  Mutual authentication  Digital certificates  Tokens  Biometrics  Multifactor authentication Authentication: The Big Issue  ATHENA The central problem to be solved in all cases is how to send something securely across the network to the authenticator such that the something can’t be read or decrypted,etc and can’t be successfully replayed later from captured packets Usernames and Passwords  Username • Unique alphanumeric identifier used to identify an individual when logging onto a computer/network  Password • Secret combination of keystrokes that, when combined with a username, authenticates a user to a computer/network ATHENA Username + Password ATHENA  Most common form of authentication  Username/password validated against Access Server Different Kinds of Biometrics  Physical characteristics • Fingerprints • Hand geometry • Retinal scanning • Iris scanning • Facial scanning  Behavioral characteristics • Handwritten signatures • Voice ATHENA Fingerprint Biometrics ATHENA Hand Geometry Authentication ATHENA Retinal Scanning ATHENA Iris Scanning ATHENA Signature Verification ATHENA General Trends in Biometrics ATHENA  Authenticating large numbers of people over a short period of time (eg, smart cards)  Gaining remote access to controlled areas Multifactor Authentication  Identity of individual is verified using at least two of the three factors of authentication • Something you know (eg, password) • Something you have (eg, smart card) • Something about you (eg, biometrics) ATHENA Authentication techniques Summary • Usernames and passwords • Kerberos • CHAP • Mutual authentication • Digital certificates • Tokens • Biometrics • Multifactor authentication ATHENA Authorization  Controlling Access to Computer Systems • Restrictions to user access are stored in an access control list (ACL) • An ACL is a table in the operating system that contains the access rights each subject (a user or device) has to a particular system object (a folder or file) ATHENA Mandatory Access Control (MAC) ATHENA  A more restrictive model  The subject is not allowed to give access to another subject to use an object Role Based Access Control (RBAC) ATHENA  Instead of setting permissions for each user or group, you can assign permissions to a position or role and then assign users and other objects to that role  Users and objects inherit all of the permissions for the role Discretionary Access Control (DAC) ATHENA  Least restrictive model  One subject can adjust the permissions for other subjects over objects  Type of access most users associate with their personal computers Auditing Information Security Schemes  Two ways to audit a security system • Logging records which user performed a specific activity and when • System scanning to check permissions assigned to a user or role; these results are compared to what is expected to detect any differences ATHENA Summary  Authentication • Usernames and passwords • Kerberos • CHAP • Mutual authentication • Digital certificates • Tokens • Biometrics • Multifactor authentication  Authorization • MAC, RBAC, DAC  ATHENA Accounting ... • Voice ATHENA Fingerprint Biometrics ATHENA Hand Geometry Authentication ATHENA Retinal Scanning ATHENA Iris Scanning ATHENA Signature Verification ATHENA General Trends in Biometrics ATHENA. .. part of a Kerberos system ATHENA Security Weaknesses of Kerberos ATHENA  Does not solve password-guessing attacks  Must keep password secret  Does not prevent denial-of-service attacks  Internal... (encrypts data) ATHENA Challenge Handshake Authentication Protocol (CHAP) ATHENA  PPP mechanism used by an authenticator to authenticate a peer  Uses an encrypted challenge-and-response sequence

Ngày đăng: 30/01/2020, 11:57