Authothication types

Describe three authentication types and give an example of each. If you were designing a small to medium-sized business network, what authentication types would you use and why?

Your post should be at least 350 words.

Don't use plagiarized sources. Get Your Custom Essay on

Just from $13/Page

Order Essay

two daysnot urgent

Fundamentals of Information Systems Security

Lesson

Access Controls

8 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

Page ‹#›

Fundamentals of Information Systems Security

www.jblearning.com
All rights reserved.
1

Learning Objective(s)

Explain the role of access controls in an IT infrastructure.

Key Concepts

Access control concepts and technologies

Formal models of access control

How identity is managed by access control

Developing and maintaining system access controls

Defining Access Control

The process of protecting a resource so that it is used only by those allowed to

Prevents unauthorized use

Mitigations put into place to protect a resource from a threat

Access controls are methods used to restrict and allow access to certain items, such as automobiles, homes, and computers, even cell phones. Your first experience with access control might have been when you locked a sibling out of your room or used a combination lock to secure your valuables at the gym. When you purchased your first car, the keys fit only your car, so only you could unlock and start your car.

Just as the lock and key systems on your house or car are access controls, so are the personal identification numbers (PIN numbers) on your bank or credit cards.

9/3/2019

Four Parts of Access Control

Access Control
Component Description Identification Who is asking to access the asset? Authentication Can their identities be verified?

Authorization

What, exactly, can the requestor access? And what can they do? Accountability How are actions traced to an individual to ensure the person who makes data or system changes can be identified?

For businesses, access controls are used to manage what employees can and can’t do. Access controls specify who users (people or computer processes) are, what users can do, which resources they can reach, and what operations they can perform. Access control systems use several technologies, including passwords, hardware tokens, biometrics, and certificates. Access can be granted to physical assets, such as buildings or rooms.

9/3/2019
(c) ITT Educational Services, Inc.
5

Policy Definition and Policy Enforcement Phases

Policy definition phase—Who has access and what systems or resources they can use

Tied to the authorization phase

Policy enforcement phase—Grants or rejects requests for access based on the authorizations defined in the first phase

Tied to identification, authentication, and accountability phases

The four parts of access control can be categorized into two parts: policy definition phase and policy enforcement phase.

Two Types of Access Controls

Physical

Controls entry into buildings, parking lots, and protected areas

Logical

Controls access to a computer system or network

Physical Access Control

Smart card

s are an example

Programmed with ID number

Used at parking lots, elevators, office doors

Shared office buildings may require an additional after hours card

Cards control access to physical resources

Logical Access Control

Deciding which users can get into a system

Monitoring what each user does on that system

Restraining or influencing a user’s behavior on that system

The Security Kernel

Enforces access control for computer systems

Central point of access control

Implements the reference monitor concept

Enforcing Access Control

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The subject requests access to an object. The security kernel intercepts the request.
The security kernel refers to its rules base, also known as the security kernel database. It uses these rules to determine access rights. Access rights are set according to the policies an organization has defined.
The kernel allows or denies access based on the defined access rules. All access requests handled by the system are logged for later tracking and analysis.
9/3/2019
(c) ITT Educational Services, Inc.
11

Access Control Policies
Four central components of access control:

Users

: People who use the system or processes that perform some service for other people or processes. A more general term for users is subjects.

Resources

Protected objects in the system

. Resources can be accessed only by authorized subjects. Resources can be used only in authorized ways.

Action

Activities that authorized users can perform on resources

Relationships

Optional conditions that exist between users and resources

. Relationships are permissions granted to an authorized user, such as read , write , execute.
9/3/2019
(c) ITT Educational Services, Inc.
12

Users

Actions

Resources

People who use the system or processes (subjects)

Protected objects in the system

Relationships

Activities that authorized users can perform on resources

Optional conditions that exist between users and resources

Logical Access Control Solutions
Logical Controls Solutions

Biometrics

Static: Fingerprints, iris granularity, retina blood vessels, facial features, and hand geometry
Dynamic: Voice inflections, keyboard strokes, and signature motions
Tokens Synchronous or asynchronous
Smart cards and memory cards
Passwords
Stringent password controls for users
Account lockout policies
Auditing logon events
Single sign-on Kerberos process
Secure European System for Applications in a Multi-Vendor Environment (SESAME)

9/3/2019
(c) ITT Educational Services, Inc.
13

Authorization Policies

9/3/2019
14

Authorization

User-assigned privileges

Group membership policy

Authority-level policy

Methods

and

Guidelines

for Identification

Username

Smart card

Biometrics

Guidelines

Actions

Accounting

Authentication Types

Knowledge

: A password, passphrase, or personal identification number (PIN).

Ownership

: A smart card, key, badge, or token.

Characteristics

: Some attribute that is unique to you, such as your fingerprints, retina, or signature. Since the characteristics involved are often physical, this type of authentication is sometimes defined as something you are.

Location

: Your physical location when you attempt to access a resource.
Action: The way you type on a keyboard.
9/3/2019
(c) ITT Educational Services, Inc.
16

Knowledge

Ownership

Characteristics

Location

Action

Something unique to you

Somewhere you are

Something you do/how you do it

Something you have

Something you know

Authentication by Knowledge
Password
Weak passwords easily cracked by brute-force or dictionary attack
Password best practices
Passphrase
Stronger than a password
Account lockout policies
Audit logon events

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Authentication by Ownership
Synchronous token—Calculates a number at both the authentication server and the device
Time-based synchronization system
Event-based synchronization system
Continuous authentication
Asynchronous token
USB token
Smart card
Memory cards (magnetic stripe)

9/3/2019
18

Asynchronous Token Challenge-Response

9/3/2019
(c) ITT Educational Services, Inc.
19

Authentication by Characteristics/Biometrics

What you are

Dynamic (behavioral) measures

What you do

Concerns Surrounding Biometrics

Acceptability

Reaction time

Types of Biometrics

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Privacy Issues: Biometric technologies don’t just involve collecting data about a person.
Biometrics collects information intrinsic to people. Every person must submit to an examination,
and that examination must be digitally recorded and stored. Unauthorized access to
this data could lead to misuse.
9/3/2019
(c) ITT Educational Services, Inc.
22

Fingerprint

Palm print

Hand geometry

Retina scan

Iris scan

Facial recognition

Voice pattern

Keystroke dynamics

Signature dynamics

Authentication by Location and Action
Location
Strong indicator of authenticity
Additional information to suggest granting or denying access to a resource
Action
Stores the patterns or nuances of how you do something
Record typing patterns

9/3/2019
(c) ITT Educational Services, Inc.
25

Kerberos

Secure European System for Applications in a Multi-Vendor Environment (SESAME)

Lightweight Directory Access Protocol (LDAP)

Policies and Procedures for Accountability

Monitoring and reviews

Data retention

Media disposal

Compliance requirements

Formal Models of Access Control

9/3/2019
27

Discretionary access control (DAC)

Mandatory access control (MAC)

Nondiscretionary access control

Rule-based access control

Discretionary Access Control
Operating systems-based DAC policy considerations
Access control method
New user registration
Periodic review
Application-based DAC
Permission levels

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Nondiscretionary Access Control
Access rules are closely managed by security administrator, not system owner or ordinary users
Sensitive files are write-protected for integrity and readable only by authorized users
More secure than discretionary access control
Ensures that system security is enforced and tamperproof

Permissions

Read, write, execute

Applied to

File owners, groups, global users

Access Control Lists (cont.)

Share permissions

Full, change, read, deny

Security permissions

Full, modify, list folder contents, read-execute, read, write, special, deny

An Access Control List

Menus

Database views

Physically constrained user interfaces

Encryption

Other Access Control Models

Biba integrity model

Clark and Wilson integrity model

Brewer and Nash integrity model

Brewer and Nash Integrity Model

Corruption of data

Loss of business intelligence

Danger to facilities, staff, and systems

Damage to equipment

Failure of systems and business processes

Threats to Access Controls
Gaining physical access
Eavesdropping by observation
Bypassing security
Exploiting hardware and software
Reusing or discarding media
Electronic eavesdropping
Intercepting communication
Accessing networks
Exploiting applications

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
In 2003, California passed a mandatory disclosure law that affects all companies that do business in California or with that state’s residents.
The law protects its residents from disclosure of their personally identifiable information (PII). PII is often the information that bad guys use to steal identities.
9/3/2019
(c) ITT Educational Services, Inc.
42

Loss of customer confidence

Loss of business opportunities

New regulations imposed on the organization

Bad publicity

More oversight

Financial penalties

Credential and Permissions Management
Systems that provide the ability to collect, manage, and use the information associated with access control
Microsoft offers Group Policy and Group Policy Objects (GPOs) to help administrators manage access controls

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Centralized and Decentralized Access Control
Centralized authentication, authorization, and accounting (AAA) servers
RADIUS: Most popular; two configuration files
TACACS+: Internet Engineering Task Force (IETF) standard; one configuration file
DIAMETER: Base protocol and extensions
SAML: Open standard based on XML for exchanging both authentication and authorization data

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Decentralized Access Control
Access control is in the hands of the people closest to the system users
Password Authentication Protocol (PAP)
Challenge-Handshake Authentication Protocol (CHAP)
Mobile device authentication, Initiative for Open Authentication (OATH)
HMAC-based one-time password (HOTP)
Time-based one-time password (TOTP)

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Privacy
Communicate expectations for privacy in acceptable use policies (AUPs) and logon banners
Monitoring in the workplace includes:
Opening mail or email
Using automated software to check email
Checking phone logs or recording phone calls
Checking logs of web sites visited
Getting information from credit-reference agencies
Collecting information through point-of-sale (PoS) terminals
Recording activities on closed-circuit television (CCTV)

Category Description
Private All components are managed for a single organization. May be managed by the organization or by a third-party provider.
Community Components are shared by several organizations and managed by one of the participating organizations or by a third party.
Public Available for public use and managed by third-party providers.
Hybrid Contains components of more than one type of cloud, including private, community, and public clouds.

Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page ‹#›
Fundamentals of Information Systems Security
© 2018 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Cloud computing is the practice of using computing services that are delivered over a network. The computing services may be located within the organization’s network or provided by servers that belong to some other network. There are several cloud models to meet the needs of a diverse user environment. Cloud services generally fall into one of the categories shown in the table.
9/3/2019
(c) ITT Educational Services, Inc.
47

Advantages/Disadvantages of Cloud Computing
No need to maintain a data center
No need to maintain a disaster recovery site
Outsourced responsibility for performance and connectivity
On-demand provisioning
More difficult to keep private data secure
Greater danger of private data leakage
Demand for constant network access
Client needs to trust the outside vendor
Advantages
Disadvantages

Summary
Access control concepts and technologies
Formal models of access control
How identity is managed by access control
Developing and maintaining system access controls

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

Order Now Talk to Us

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

Most Qualified Writer $10FREE
Plagiarism Scan Report $10FREE
Unlimited Revisions $08FREE
Paper Formatting $05FREE
Cover Page $05FREE
Referencing & Bibliography $10FREE
Dedicated User Area $08FREE
24/7 Order Tracking $05FREE
Periodic Email Alerts $05FREE

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

On-time Delivery
24/7 Order Tracking
Access to Authentic Sources

Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

Call Us +1 (877) 657-8180 Discuss Order Details Now

See How We Helped 9000+ Students Achieve Success

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

Clear elicitation of your requirements.
Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

Proactive analysis of your writing.
Active communication to understand requirements.

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

Thorough research and analysis for every order.
Deliverance of reliable writing service to improve your grades.

Place an Order Start Chat Now

Authothication types

What Will You Get?

Premium Quality

Experienced Writers

On-Time Delivery

24/7 Customer Support

Complete Confidentiality

Authentic Sources

Moneyback Guarantee

Order Tracking

Areas of Expertise

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Areas of Expertise

Essay

Thesis

Presentation

Dissertation

Term Paper

Research Paper

Book Review

Assignment

Report

Case Study

Letter

Article

Coursework

Speech

Q & A

Critical Thinking

Trusted Partner of 9650+ Students for Writing

Preferred Writer

Grammar Check Report

One Page Summary

Plagiarism Report

Free Features $66FREE

Our Services

Academic Writing

Professional Editing

Thorough Proofreading

Thorough Proofreading

Delegate Your Challenging Writing Tasks to Experienced Professionals

Check Out Our Sample Work

It May Not Be Much, but It’s Honest Work!

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate

Process as Fine as Brewed Coffee

Share Your Requirements

Place Order & Deposit Funds

Release Payment to Your Writer

See How We Helped 9000+ Students Achieve Success

We Analyze Your Problem and Offer Customized Writing

We Mirror Your Guidelines to Deliver Quality Services

We Handle Your Writing Tasks to Ensure Excellent Grades