Operating Systems Security: User Authentication
|
|
- Audra Johns
- 8 years ago
- Views:
Transcription
1 Operating Systems Security: User Authentication Ozalp Babaoglu ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA
2 The Internet Dog Babaoglu Sicurezza 2
3 Introduction When you first make contact with a computer service (login, , web access, etc.) you need to identify yourself and then authenticate this identity to prove who you claim to be Authentication is the basis for performing Authorization Authentication of human principles rather different from authentication of messages or machines Humans are not good at remembering or at computing Babaoglu Sicurezza 3
4 User Authentication Authenticating humans can be based on 1. Something you know (password, PIN) 2. Something you have (token) 3. Something you do 4. Something you are (biometrics) 5. Where you are Options 2, 3 and 4 usually require special hardware support Option 1 is by far the most common Babaoglu Sicurezza 4
5 Password-based authentication Leaves no trace of security breaches Impossible to prove your innocence if someone misuses your account Possibilità che la password venga indovinata Scarsa cultura della sicurezza Password banali Post-it con la password attaccata allo schermo Possibilità che la password venga carpita un intruso può sbirciare chi sta digitando la password login spoofing sniffing di rete Possibility of on-line or off-line attacks Babaoglu Sicurezza 5
6 Password-based authentication An attacker can always try to guess a password Let P be the probability of successfully guessing a password during T units of time Let G be the guess rate (guesses per unit of time) and N be the password space P ( G T ) / N General strategies for reducing P: ReduceT limit validity of passwords Increase N enforce long, complex passwords Reduce G Babaoglu Sicurezza 6
7 Password-based authentication On-line attack: the system itself is used to verify the correctness of guesses Unavoidable Defenses: Slow down rate of guesses (decreases G) Limit number of incorrect attempts (3 wrong PINs, the phone blocks, Bancomat eats your card) Report date/time/location of last successful login at the next login Babaoglu Sicurezza 7
8 Password-based authentication Off-line attacks: verify the correctness of password guesses on a system different from the one being targeted Based on pre-constructed lists of potential passwords Need access to passwords in some stored form Babaoglu Sicurezza 8
9 Password-based authentication How to save passwords as clear text in a file protected by the operating system s access control mechanisms subject to abuse by privileged users, administrators Password encryption based on a one-way hash function f() the password file contains fingerprints of the passwords and not the clear text at login, compute the fingerprint of the password supplied by the user and compare it to the value stored in the file Password file in Unix/Linux: /etc/passwd Babaoglu Sicurezza 9
10 Dictionary Attack Obtain a copy of the file containing encrypted passwords Obtain file containing lists of common words (dictionary) For each word w in the dictionary, compute its hash value using f(w) and compare it to the encrypted passwords in the password file All matching entries correspond to users who have set their password to w Can be much more sophisticated by transforming w in common ways (backwards, 2-letter permutations, etc.) Can be mechanized through easily-available programs such as crack Babaoglu Sicurezza 10
11 Dictionary Attack List of common words Achille Adriano Africa Afrodite Agnese Agrigento Alberto Aldo Alessandro Alessio Ambrogio America Amilcare Anastasia Ancona Andrea Anna Annibale Anselmo Antonino Antonio Aosta... Password file root:ikgjioe9043jb:0:0:... rossi:wsfl4i4gjio:500:500:... bianchi:sdiweo38d:501:501:... franchi:bwjk2lks4df:502:502:... neri:osdtrkl9dfb:503:503:... orsi:gi5ikwsdvo:504:504:... tamburini:lkqweoibve4s:505:505:... gallo:osdtrkl9dfb:506:506:... f(anna) = osdtrkl9dfb Babaoglu Sicurezza 11
12 Dictionary Attack Defenses: Artificially slow down the performance of the one-way hash function (Unix applies DES 25 times to a all-zero block with the password as the key) Limit access to the password file through OS Shadow passwords: separate encrypted passwords from all the other information contained in the password file (real name of user, office location, telephone number, etc.) Salting of passwords to prevent global attacks Babaoglu Sicurezza 12
13 Salting Before encrypting (hashing) a password, some random data are added to the string being encrypted The same password has different encrypted forms Salting of passwords prevents global attacks exploiting the fact that many users use the same password on multiple sites (systems) In Unix, the salt (12 bits long) is used to slightly change the DES internal function (E-Box) and stored as 2- characters string in the password file Babaoglu Sicurezza 13
14 (Lack of) Salting (June 2012) LinkedIn and eharmony don't take the security of their members seriously: both companies' disastrous password breaches of the past two days, which exposed an estimated 8 million passwords. LinkedIn and eharmony encrypted, or "hashed," the passwords of registered users, but neither salted the hashes with extra data that would have made them much more difficult to decrypt. Without salting, it's very easy to crack password hashes by running through lists of common passwords and using dictionary words Babaoglu Sicurezza 14
15 (Lack of) Salting Why you should always salt your password hashes? It's very difficult to reverse a hash, such as by running "5baa61e4c9b93f3f b6cf8331b7ee68fd8" through some sort of formula to produce "password." But no one needs to. If you know that "password" will always result in the SHA-1 hash "5baa61e4c9b93f3f b6cf8331b7ee68fd8," all you have to do is look for the latter in a list of password hashes to know that "password" is there. Babaoglu Sicurezza 15
16 Shadow Passwords Shadow password file Il file /etc/passwd è leggibile a tutti perché contiene informazioni che vanno al di là della password Ma questo rende(va) la vita facile agli attaccanti Il meccanismo delle shadow password memorizza le password in un file separato /etc/shadow, leggibile solo a root Esempio di /etc/passwd con shadow password mezzina:x:501:501:leonardo Mezzina:/home/mezzina:/bin/bash trotter:x:502:503:guido Trotter:/home/trotter:/bin/bash hughes:x:503:504:dino Hughes:/home/hughes:/bin/bash acerbett:x:504:505:stefano Acerbetti:/home/acerbett:/bin/bash Babaoglu Sicurezza 16
17 Password-based authentication Consigli per gli amministratori di sistemi Always set passwords explicitly and never leave default values Educare gli utenti sull'importanza di utilizzare password non deboli Eseguire periodicamente programmi di cracking per verificare la sicurezza delle password attuali Require remote users to use one-shot passwords or other secure techniques (disable telnet, ftp) Babaoglu Sicurezza 17
18 Password-based authentication Consigli per gli amministratori di sistemi Implementare meccanismi per evitare che password banali siano utilizzate Impose a minimum length (at least 8 characters) Require mixed format (at least some non-alpha characters) Reject passwords that can be obtained from simple transformations of common words (dictionary) Use password aging (must be used within reason) Babaoglu Sicurezza 18
19 Password-based authentication Consigli per gli amministratori di sistemi Babaoglu Sicurezza 19
20 Login spoofing L'attaccante scrive un programma (testuale o grafico) che presenta una finta schermata di login Attende che la vittima inserisca login/password Memorizza o spedisce la coppia login/password Visualizza un messaggio di Login incorrect Fa partire il vero programma di login per esempio terminando la shell attuale La vittima crede di aver digitato male la password, questa volta entrando senza problemi nel sistema Babaoglu Sicurezza 20
21 Login spoofing Windows Permette il login tramite la sequenza Ctrl-Alt-Del La schermata iniziale di Windows XP con la lista degli utenti non dovrebbe essere utilizzata Notion of trusted path from the keyboard to the operating system kernel The sequence Ctrl-Alt-Del establishes this path How can I be sure that indeed Windows running on my machine? Reboot How can I be sure that the image of the operating system on disk is indeed Windows? Reinstall from CD Babaoglu Sicurezza 21
22 Login spoofing General defenses against login spoofing based on mutual authentication: The user authenticates himself to the host The host authenticates itself to the user Based on cryptographic techniques such as digital signatures and certificates Babaoglu Sicurezza 22
23 Phishing Modern incarnation of login spoofing Phishers attempt to fraudulently acquire sensitive information such as passwords and credit card details by masquerading as a trustworthy person or business Typically carried out using or instant messaging, but phone contact has been used as well Social engineering Babaoglu Sicurezza 23
24 Phishing Babaoglu Sicurezza 24
25 Spear-Phishing Phishing attack targeted to specific individuals Babaoglu Sicurezza 25
26 Phishing Babaoglu Sicurezza 26
27 Keyloggers Keyloggers are usually designed as spyware and come in the form of a Trojan horse, can record your passwords, can detect when you type digits checking to see if it s a credit card, bank accounts or information you consider private and personal Spyware Keyloggers are also used to track your surfing habits Keyloggers are usually software but hardware versions also exist Babaoglu Sicurezza 27
28 Keyloggers Babaoglu Sicurezza 28
29 Keylogger Defenses Spyware detection/removal programs Firewall for blocking outgoing network traffic Virtual keyboards Babaoglu Sicurezza 29
30 Packet sniffing Packet sniffing un packet sniffer è un software che analizza il traffico di rete su cui il host è collegato cerca di individuare pacchetti contenenti coppie login/password spediti in chiaro da meccanismi di comunicazione come telnet, rlogin e ftp memorizza le coppie login/password per uso futuro Babaoglu Sicurezza 30
31 Packet sniffing General defenses are generally based on cryptographic techniques for obfuscating passwords: Require that the password is never sent in the clear over the network Challenge-response schemes based on symmetric/asymmetric cryptography Challenge can be implicit (such as real time) Require that a given password can be used only once One-time password schemes such as SKEY Babaoglu Sicurezza 31
32 User Authentication based on something you are Biometrics Finger print Voice print Retinal patterns Facial features (distance between eyes, shape of lips, nose, leftright symmetry, etc.) Typically require hardware support to acquire Chosen biometric should minimize both false negatives and false positives Babaoglu Sicurezza 32
33 Biometrics Desirable properties for a chosen biometric: Universality: Every person must posses them Uniqueness: Two different persons must not have the same characteristics Permanence: Characteristic should not be alterable or change over time Acquirability: Characteristic easy to acquire and quantify Babaoglu Sicurezza 33
34 Biometrics Touch ID Babaoglu Sicurezza 34
35 Biometrics RFID Tattoos Babaoglu Sicurezza 35
36 Biometrics RFID Tattoos Babaoglu Sicurezza 36
37 User Authentication based on something you do Certain human actions can serve to uniquely identify them Keystrokes authentication: keystroke intervals, pressure, duration, stroke position (where the key is struck) Velocity, acceleration, pressure of pen when writing Babaoglu Sicurezza 37
38 Picture Passwords (Windows 8) Graphical equivalents of passwords Babaoglu Sicurezza 38
39 Picture Passwords (Windows 8) Babaoglu Sicurezza 39
40 Picture Passwords (ios) Babaoglu Sicurezza 40
CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationAuthentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques
Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)
More informationCryptographic Key Infrastructure
Cryptographic Key Infrastructure Goal: bind identity to key Classical: not possible as all keys are shared Use protocols to agree on a shared key (see earlier) Public key: bind identity to public key Crucial
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on
More informationIntroduction to Computer Security
Introduction to Computer Security Authentication and Access Control Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests
More informationCertificates, Certification Authorities and Public-Key Infrastructures
Certificati digitali Certificates, Certification Authorities and Public-Key Infrastructures Ozalp Babaoglu La chiave pubblica con la quale stiamo cifrando deve appartenere realmente al destinatario del
More informationCertificates, Certification Authorities and Public-Key Infrastructures
Certificati digitali Certificates, Certification Authorities and Public-Key Infrastructures Ozalp Babaoglu Problema: la chiave pubblica con la quale stiamo cifrando deve appartenere realmente al destinatario
More informationUser Identification and Authentication Concepts
Chapter 1 User Identification and Authentication Concepts The modern world needs people with a complex identity who are intellectually autonomous and prepared to cope with uncertainty; who are able to
More informationCertificates, Certification Authorities and Public-Key Infrastructures
Certificati digitali Certificates, Certification Authorities and Public-Key Infrastructures La chiave pubblica con la quale stiamo cifrando deve appartenere realmente al destinatario del messaggio Si pone
More informationWhite Paper. Options for Two Factor Authentication. Authors: Andrew Kemshall Phil Underwood. Date: July 2007
White Paper Options for Two Factor Authentication Authors: Andrew Kemshall Phil Underwood Date: July 2007 Page 1 Table of Contents 1. Problems with passwords 2 2. Issues with Certificates (without Smartcards)
More informationSecurity and Operating Systems It s the Application
What is Security? Internal Roles Protecting Whom? Operating Systems 1 / 38 What is Security? Internal Roles Protecting Whom? What is operating system security? How do operating systems contribute to system
More information86-10-15 The Self-Hack Audit Stephen James Payoff
86-10-15 The Self-Hack Audit Stephen James Payoff As organizations continue to link their internal networks to the Internet, system managers and administrators are becoming increasingly aware of the need
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control
More informationInternet Security Firewalls
Overview Internet Security Firewalls Ozalp Babaoglu! Exo-structures " Firewalls " Virtual Private Networks! Cryptography-based technologies " IPSec " Secure Socket Layer ALMA MATER STUDIORUM UNIVERSITA
More informationSCP - Strategic Infrastructure Security
SCP - Strategic Infrastructure Security Lesson 1 - Cryptogaphy and Data Security Cryptogaphy and Data Security History of Cryptography The number lock analogy Cryptography Terminology Caesar and Character
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationADVANCE AUTHENTICATION TECHNIQUES
ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,
More informationCase for Strong User Authentication By Mark Lobel, Manager, TRS, PricewaterhouseCoopers
Case for Strong User Authentication By Mark Lobel, Manager, TRS, PricewaterhouseCoopers In 1994, Citibank learned a ten million dollar lesson in user authentication. A 34-year-old Russian and his accomplices
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationA Security Survey of Strong Authentication Technologies
A Security Survey of Strong Authentication Technologies WHITEPAPER Contents Introduction... 1 Authentication Methods... 2 Classes of Attacks on Authentication Mechanisms... 5 Security Analysis of Authentication
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationCompTIA Security+ Certification SY0-301
CompTIA Security+ Certification SY0-301 Centro Latino, Inc. Computer Technology Program Prof: Nestor Uribe, nuribe@centrolatino.org www.centrolatino.org 267 Broadway, Chelsea, MA 02150 Tel. (617) 884-3238
More informationInternet Security Firewalls
Internet Security Firewalls Ozalp Babaoglu ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA Overview Exo-structures Firewalls Virtual Private Networks Cryptography-based technologies IPSec Secure Socket Layer
More informationPenetration Testing Report Client: Business Solutions June 15 th 2015
Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com
More informationCent ralized Out -Of-Band Aut hent ic at ion Syst em. Authentication Security for the 21 st Century
Cent ralized Out -Of-Band Aut hent ic at ion Syst em Security for the 21 st Century Presented by: Southeast Europe Cybersecurity Conference Sophia, Bulgaria September 8-9, 2003 Introduction Organizations
More informationCyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014
Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer
More informationDashlane Security Whitepaper
Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.
More informationa) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
More informationSecurity. Definitions
Security While protection has been discussed throughout the class kernel vs. user mode, protected memory, file permissions these mechanisms have generally been focused on protection from accidental misuse
More informationLoophole+ with Ethical Hacking and Penetration Testing
Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said,
More informationAuthenticating Humans
29 Oct 2015 CSCD27 Computer and Network Security Authenticating Humans CSCD27 Computer and Network Security 1 Authenticating Computers and Programs Computers and programs need to authenticate one another:
More informationDesigning a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology
Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology FREDRIK ANDERSSON Department of Computer Science and Engineering CHALMERS UNIVERSITY
More informationTELE 301 Network Management. Lecture 16: Remote Terminal Services
TELE 301 Network Management Lecture 16: Remote Terminal Services Haibo Zhang Computer Science, University of Otago TELE301 Lecture 16: Remote Terminal Services 1 Today s Focus Remote Terminal Services
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationPkBox Technical Overview. Ver. 1.0.7
PkBox Technical Overview Ver. 1.0.7 14 September 2015 All the information in this document is and can t be used entirely or in part without a written permission from Intesi Group S.p.A. Le informazioni
More informationSecure Remote Password (SRP) Authentication
Secure Remote Password (SRP) Authentication Tom Wu Stanford University tjw@cs.stanford.edu Authentication in General What you are Fingerprints, retinal scans, voiceprints What you have Token cards, smart
More informationFraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank
Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are
More informationTOPIC HIERARCHY. Distributed Environment. Security. Kerberos
KERBEROS TOPIC HIERARCHY Distributed Environment Security Privacy Authentication Authorization Non Repudiation Kerberos ORIGIN MIT developed Kerberos to protect network services. Developed under the Project
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 9 Nov 16, 2010 Authentication, Identity Vulnerability Analysis 1 Objectives Understand/explain the issues related
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationFirewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08
Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08 What is a firewall? Firewalls are programs that were designed to protect computers from unwanted attacks and intrusions. Wikipedia
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationIntroduction to Computer Security
Introduction to Computer Security Identification and Authentication Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests
More informationE- Encryption in Unix
UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 537 A. Arpaci-Dusseau Intro to Operating Systems Spring 2000 Security Solutions and Encryption Questions answered in these notes: How does
More informationFORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
More informationP Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis
Agenda Richard Baskerville P Principles of P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Principles Kim, et al (2004) A fuzzy expert system for
More informationNetwork Security: Introduction
Network Security: Introduction 1. Network security models 2. Vulnerabilities, threats and attacks 3. Basic types of attacks 4. Managing network security 1. Network security models Security Security has
More informationThreat Events: Software Attacks (cont.)
ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to
More informationSecurity: Attack and Defense
Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing
More informationSource code security testing
Source code security testing Simone Riccetti EMEA PSS Security Services All information represents IBM's current intent, is subject to change or withdrawal without notice, and represents only IBM ISS goals
More informationVASCO Data Security. The Authentication Company. Richard Zoni Channel Manager Italy
VASCO Data Security The Authentication Company Richard Zoni Channel Manager Italy 05/05/2010 Le password... più utilizzate 1. password 2. 123456 3. Qwerty 4. Abc123 5. pippo 6. 696969 7. Myspace1 8. Password1
More informationSimplifying Your Approach. Password Guidance
Simplifying Your Approach Password Guidance Page 2 Password Guidance Simplifying Your Approach Contents Foreword... 3 Introduction: the problems with passwords... 4 Tip 1: Change all default passwords...
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationOnline Cash Management Security: Beyond the User Login
Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud
More informationServer Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4
Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Aliases 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical Access
More informationπωχ Notes on Domino Black Hat Las Vegas 2003 Aldora Louw PricewaterhouseCoopers
Notes on Domino Black Hat Las Vegas 2003 Aldora Louw PricewaterhouseCoopers Lotus Domino is inherently secure...a Misconception!!! Security is Not Automatic!!!! Slide #2 Security Requires Planning Design
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationAuthentication systems. Authentication methodologies. User authentication. Authentication systems (auth - april 2012)
Authentication systems Diana Berbecaru < diana.berbecaru @ polito.it > Politecnico di Torino Dip. Automatica e Informatica Authentication methodologies can be based on different factors ( 1/2/3-factors
More informationHögskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :
Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)
More informationTwo-Factor Authentication and Swivel
Two-Factor Authentication and Swivel Abstract This document looks at why the username and password are no longer sufficient for authentication and how the Swivel Secure authentication platform can provide
More informationWEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project
WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure
More information1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
More informationSSO MetaFrame Password Manager
SSO MetaFrame Password Manager SSO METAFRAME PASSWORD MANAGER White Paper 1 What is Citrix MetaFrame Password Manager? The MetaFrame Password Manager is a component of the MetaFrame Access Suite from Citrix
More informationResearch Article. Research of network payment system based on multi-factor authentication
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationTutta la formazione che cerchi, su misura per te.
Implementing and Administering Internet Information Services (IIS) 6.0 MOC2576-3 Giorni - 1.190.000 + iva Prerequisiti Almeno due anni di esperienza nell amministrazione di sistemi basati su Windows Servers:
More informationBiometric Recognition s Role in Identity Management
Biometric Recognition s Role in Identity Management Elisa Bertino CS Department CERIAS Purdue University bertino@cs.purdue.edu Dr. Elisa Bertino 1 What is Digital Identity? Digital Identity: Digital identity
More informationUsing Remote Desktop Clients
CYBER SECURITY OPERATIONS CENTRE December 2011 Using Remote Desktop Clients INTRODUCTION 1. Remote access solutions are increasingly being used to access sensitive or classified systems from homes and
More informationWindows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours
Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours Introduction The following lab allows the trainee to obtain a more in depth knowledge of network security and
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationComputer Security CS 426. CS426 Fall 2010/Lecture 40 1
Computer Security CS 426 Review for Final Exam CS426 Fall 2010/Lecture 40 1 Basic Concepts Confidentiality Integrity Availability Authenticity Integrity (in communications) Non-repudiation Privacy (general
More informationCS 161 Computer Security Spring 2010 Paxson/Wagner MT2
CS 161 Computer Security Spring 2010 Paxson/Wagner MT2 PRINT your name:, (last) SIGN your name: (first) PRINT your class account login: cs161- Your T s name: Your section time: Name of the person sitting
More information1.2 Using the GPG Gen key Command
Creating Your Personal Key Pair GPG uses public key cryptography for encrypting and signing messages. Public key cryptography involves your public key which is distributed to the public and is used to
More informationSYSTEM ADMINISTRATION MTAT.08.021 LECTURE 8 SECURITY
SYSTEM ADMINISTRATION MTAT.08.021 LECTURE 8 SECURITY Prepared By: Amnir Hadachi and Artjom Lind University of Tartu, Institute of Computer Science amnir.hadachi@ut.ee / artjom.lind@ut.ee 1 OUTLINE 1.Is
More informationTwo-Factor Authentication Making Sense of all the Options
Two-Factor Authentication Making Sense of all the Options The electronic age we live in is under attack by information outlaws who love profiting from the good record of others. Now more than ever, organizations
More informationBYOD AND NEXT- GENERATION MOBILE SECURITY
BYOD AND NEXT- GENERATION MOBILE SECURITY Joseph Gan V-Key Inc Session ID: MBS-W02 Session Classification: General Interest Next-Generation Computing Mobile enterprise apps Mobile payments Mobile authentication
More informationInternet Banking Two-Factor Authentication using Smartphones
Internet Banking Two-Factor Authentication using Smartphones Costin Andrei SOARE IT&C Security Master Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies, Romania
More informationA Comparative Study of Security Features in FreeBSD and OpenBSD
Department of Computer Science Magnus Persson A Comparative Study of Security Features in FreeBSD and OpenBSD Master s Thesis 2006:02 A Comparative Study of Security Features in FreeBSD and OpenBSD Magnus
More informationCSE331: Introduction to Networks and Security. Lecture 18 Fall 2006
CSE331: Introduction to Networks and Security Lecture 18 Fall 2006 Announcements Project 2 is due next Weds. Homework 2 has been assigned: It's due on Monday, November 6th. CSE331 Fall 2004 2 Attacker
More informationCSE331: Introduction to Networks and Security. Lecture 32 Fall 2004
CSE331: Introduction to Networks and Security Lecture 32 Fall 2004 Hackers / Intruders External attacks Typical hacker Exploits carried out remotely Does not have an account on the remote machine Insider
More informationMultifactor Graphical Password Authentication System using Sound Signature and Handheld Device
Multifactor Graphical Password Authentication System using Sound Signature and Handheld Device Jyoti Rao *1,Kishan Mistry #2, Bhumika Mistry #3, Divya Malviya #4, Devesh Gudway #5 # Student & Department
More informationInternational Journal of Software and Web Sciences (IJSWS) www.iasir.net
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) ISSN (Print): 2279-0063 ISSN (Online): 2279-0071 International
More informationIS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS
More informationSkoot Secure File Transfer
Page 1 Skoot Secure File Transfer Sharing information has become fundamental to organizational success. And as the value of that information whether expressed as mission critical or in monetary terms increases,
More informationDigital Signatures on iqmis User Access Request Form
Digital Signatures on iqmis User Access Request Form When a user clicks in the User Signature block on the iqmis Access Form, the following window appears: Click Save a Copy and rename it with your name,
More informationWhite Paper: Multi-Factor Authentication Platform
White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all
More informationHost Security. Host Security: Pro
Host Security 1 Host Security: Pro Maintaining strong security on host avoids the crunchy shell around soft, chewy center problem If perimeter security fails, network is often wide open to attack May rely
More informationWindows servers. NT networks
Windows servers The NT security model NT networks Networked NT machines can be: Primary Domain controller Centralizes user database/authentication Backup Domain controller Domain member Non-domain member
More informationBehavioSec participation in the DARPA AA Phase 2
BehavioSec participation in the DARPA AA Phase 2 A case study of Behaviometrics authentication for mobile devices Distribution Statement A (Approved for Public Release, Distribution Unlimited) 1 This paper
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationPassword Manager with 3-Step Authentication System
Password Manager with 3-Step Authentication System Zhelyazko Petrov, Razvan Ragazan University of Westminster, London z.petrov@my.westminster.ac.uk, razvan.ragazan@my.westminster.ac.uk Abstract: A big
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationSection 12 MUST BE COMPLETED BY: 4/22
Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege
More information