Security Process - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Security Process

Description:

Something you are fingerprint or retinal pattern. User Name/Password ... Type of badge or card that contain information about ID and privileges ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 13
Provided by: widy
Category:

less

Transcript and Presenter's Notes

Title: Security Process


1
Security Process
  • Widyawan

2
Security Process
  • The whole security business as a combination of
    process, procedure and policies
  • The security of information involves both human
    and technical factor
  • The human factor are address by the procedure and
    policies that are enforced in the organization
  • The technology components include the tools that
    we install on the system

3
Security Process
  • Antivirus Software
  • Access Control
  • Authentication
  • Service and Protocols

4
Antivirus and Access Control
  • Antivirus Software
  • Computer viruses are the most annoying trends
    happening today
  • Need virus definition updated on regular basis
  • Access Control
  • Defines how users and systems communicate and in
    what manner
  • Access control protect information from
    unauthorized access
  • Three basic model
  • Mandatory Access Control (MAC)
  • Discretionary Access Control (DAC)
  • Role-Based Access Control (RBAC)

5
  • MAC
  • A Static model that uses a predefined set of
    access privileges to file on the system
  • System administrator establish parameters and
    assign to an account, file or resources and the
    only people who can change it
  • DAC
  • Allows the owner of a resource to establish a
    privileges to the information they own
  • Allow a user to share files

6
  • RBAC
  • Allow a user to act in certain predetermined
    manner based on the role the user holds in the
    organization
  • Very common in administrative role of a network
  • Example backup operator

7
Authentication
  • Authentication
  • Authentication proves that the user or system is
    actually who they say they are
  • Also referred as Identification and
    Authentication (IA)
  • Authentication is accomplished by challenging the
    claim about who is accessing the resource
  • Based on one or more of this factor
  • Something you know a password or pin
  • Something you have - a smart card
  • Something you are fingerprint or retinal
    pattern

8
  • User Name/Password
  • Unique identifiers for a logon process
  • Identifies to the operating system or to the
    network
  • Privileges and permission may be established
    based on stored data on that particular ID
  • Challenge Handshake Authentication Protocol
    (CHAP)
  • A protocol that challenge a system to verify
    identity
  • Does not involve user name and password
  • Usually automatic between systems

9
  • Certificates
  • A Server or certificate authority issue a
    certificate that will be accepted by challenging
    system.
  • Can be physical device or electronic certificates
  • Security Tokens
  • Similar to certificates
  • Contain token contain the rights and access
    privileges of the token bearer as the part of the
    tokens
  • The authentication systems creates a token every
    time a user or a session begin

10
  • Smartcard
  • Type of badge or card that contain information
    about ID and privileges
  • Increase the security because must have physical
    possession
  • Biometrics
  • Use physical characteristic to identify the user
  • Include fingerprint, retinal scanner, face
    scanner and perhaps DNA scanner
  • Practical Matters
  • How if we working in an environment where people
    are not computer savvy ?
  • Smartcard and logging system for careless
    employee

11
  • Kerberos
  • Originally developed by MIT, allows for a single
    sign on to a distributed network
  • Use Key Distribution Centre (KDC)
  • KDC Authenticates the principles (user, program
    or system)
  • Ones ticket is issued, it can be used to
    authenticate against other principles
  • Multifactor
  • When two or more access method are included as a
    part of the authentication process

12
Service and Protocols
  • Many service and Protocols are available for
    computer users to utilize
  • Opened protocols increase vulnerabilities and
    potential security problems
  • Protocols that normally being offered
  • Mail, Web, FTP, NNTP (News), DNS, ICMP
  • Should not be offered
  • NetBios Services
  • UNIX RPC
  • NFS
  • X services and R Services
  • Telnet
  • Netmeeting, SNMP
  • Because unencrypted password, lack of security
    capability, expose the system to vulnerabilities
    because of the very nature of the activities
Write a Comment
User Comments (0)
About PowerShow.com