OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security Computer...
-
Upload
adrian-parker -
Category
Documents
-
view
216 -
download
0
Transcript of OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security Computer...
OV 11 - 1Copyright © 2011 Element K Content LLC. All rights reserved.
System Security
Computer Security Basics System Security Tools Authentication Methods Encryption Methods
OV 11 - 2Copyright © 2011 Element K Content LLC. All rights reserved.
Security Factors
Authorization
Accountability Auditing
Access control
OV 11 - 3Copyright © 2011 Element K Content LLC. All rights reserved.
Least Privilege
User 1 User 4
User 2 User 3
Data Entry Clerks Financial Coordinators
Perform their jobwith more access
privileges
Perform their jobwith more access
privileges
Perform their jobwith fewer access
privileges
Perform their jobwith fewer access
privileges
OV 11 - 4Copyright © 2011 Element K Content LLC. All rights reserved.
Non-Repudiation
With non-repudiation: Owner or sender of data remains associated with the data Independent verification of sender’s identity Sender is responsible for message and data
OV 11 - 5Copyright © 2011 Element K Content LLC. All rights reserved.
Threats
Information Security Threats
Changes toInformation
Interruption ofServices
Interruption ofAccess
Damage toHardware
Damage toFacilities
Unintentionalor intentionalUnintentionalor intentional
OV 11 - 6Copyright © 2011 Element K Content LLC. All rights reserved.
Vulnerabilities
Vulnerabilities include: Improperly configured or installed hardware or software Bugs in software or operating systems Misuse of software or communication protocols Poorly designed networks Poor physical security Insecure passwords Unchecked user input Design flaws in software or operating systems
Attacker Unsecured router Information system
OV 11 - 7Copyright © 2011 Element K Content LLC. All rights reserved.
Attacks
Physical Security Attacks Software-Based Attacks
Social Engineering Attacks Web Application-Based Attacks
Network-Based Attacks
OV 11 - 8Copyright © 2011 Element K Content LLC. All rights reserved.
Risks
Risks include: System loss Power outage Network failure Physical losses
OV 11 - 9Copyright © 2011 Element K Content LLC. All rights reserved.
Unauthorized Access
Attacker
Intentional orunintentional
misuse
Intentional orunintentional
misuse
Deliberate attackby outsider
Deliberate attackby outsider
OV 11 - 10Copyright © 2011 Element K Content LLC. All rights reserved.
Data Theft
Attacker
Data in transitData in transit
Files on serverFiles on server
OV 11 - 11Copyright © 2011 Element K Content LLC. All rights reserved.
Hackers and Attackers
Possess skills to gain access to computersPossess skills to gain access to computers Always malicious intentAlways malicious intent
Hacker Attacker
OV 11 - 12Copyright © 2011 Element K Content LLC. All rights reserved.
Permissions
Administrators: Full access
User01: Read-only access
Contractors: No access
Marketing documents
OV 11 - 13Copyright © 2011 Element K Content LLC. All rights reserved.
NTFS Permissions
Supports file-level security on Windows operating systems Permissions can be applied either to folders or to individual files. When applied on a folder, these permissions, are applied to the files and
subfolders within it. There are several levels of NTFS permissions, which specify whether users
can: Read files or run applications Write to existing files and Modify, create, or delete files.
OV 11 - 14Copyright © 2011 Element K Content LLC. All rights reserved.
Group Policy
Group policy controls workstation, and security features
Group policy controls workstation, and security features
OV 11 - 15Copyright © 2011 Element K Content LLC. All rights reserved.
Authentication
Validates an individual’s credentials
to access resources
Validates an individual’s credentials
to access resources
OV 11 - 16Copyright © 2011 Element K Content LLC. All rights reserved.
User Name/Password Authentication
Compares user’s credentials against stored credentials
Compares user’s credentials against stored credentials
OV 11 - 17Copyright © 2011 Element K Content LLC. All rights reserved.
Strong Passwords
! P a s s 1 2 3 4
Minimum lengthMinimum length
Special charactersSpecial characters
Uppercase letters
Uppercase letters
Lowercase letters
Lowercase letters
NumbersNumbers
OV 11 - 18Copyright © 2011 Element K Content LLC. All rights reserved.
Tokens
PINPINUnique valueUnique value
User informationUser information PasswordPassword
OV 11 - 19Copyright © 2011 Element K Content LLC. All rights reserved.
Biometrics
Fingerprint scanner Retinal scanner Hand geometry scanner Voice-recognition software Facial-recognition software
Fingerprint Scanner
OV 11 - 20Copyright © 2011 Element K Content LLC. All rights reserved.
Multi-Factor Authentication
PasswordPassword
Requires validation of two authentication factors
Requires validation of two authentication factors
OV 11 - 21Copyright © 2011 Element K Content LLC. All rights reserved.
Mutual Authentication
Each party verifies another’s identity
Each party verifies another’s identity
OV 11 - 23Copyright © 2011 Element K Content LLC. All rights reserved.
EAP
EAP: Hardware-based identifiers for authentication:
Fingerprint scanners Smart Card readers
Different EAP type for each authentication scheme Might need password in addition to physical authentication
Fingerprint scanner
OV 11 - 24Copyright © 2011 Element K Content LLC. All rights reserved.
Kerberos
Kerberos server
Ticket
Ticket
User passes credentials to an
authentication server
User passes credentials to an
authentication server
OV 11 - 25Copyright © 2011 Element K Content LLC. All rights reserved.
Wireless Authentication Methods
There are three wireless authentication methods: Open system Shared-key 802.1x and EAP
OV 11 - 26Copyright © 2011 Element K Content LLC. All rights reserved.
Wireless Authentication Methods (Cont.)
OV 11 - 27Copyright © 2011 Element K Content LLC. All rights reserved.
Wireless Authentication Methods (Cont.)
Shared WEP key
OV 11 - 28Copyright © 2011 Element K Content LLC. All rights reserved.
Wireless Authentication Methods (Cont.)
Access point RADIUS server Active directory
Request
Response
OV 11 - 29Copyright © 2011 Element K Content LLC. All rights reserved.
Encryption
Converts data from cleartext to ciphertext
Converts data from cleartext to ciphertext
OV 11 - 30Copyright © 2011 Element K Content LLC. All rights reserved.
Encryption and Security Goals
Encryption supports: Confidentiality Integrity Non-repudiation
OV 11 - 31Copyright © 2011 Element K Content LLC. All rights reserved.
Key-Based Encryption Systems
Shared-Key Encryption
Encrypts dataEncrypts data Decrypts dataDecrypts data
Same key on both sidesSame key on both sides
OV 11 - 32Copyright © 2011 Element K Content LLC. All rights reserved.
Key-Based Encryption Systems (Cont.)
Key-Pair Encryption
Computer A Computer B
Computer A Computer B
Public key B
Computer A Computer B
Public key A
Exchange public keysExchange public keys
Data encrypted using public key BData encrypted using public key B Data decrypted using private key BData decrypted using private key B3322
11
OV 11 - 33Copyright © 2011 Element K Content LLC. All rights reserved.
WEP
Same security as on a wired network without encryption
Same security as on a wired network without encryption
OV 11 - 34Copyright © 2011 Element K Content LLC. All rights reserved.
WPA/WPA2
TKIP EAP
TKIP EAP
TKIP provides improved data encryption.EAP provides stronger user authentication.TKIP provides improved data encryption.
EAP provides stronger user authentication.
OV 11 - 35Copyright © 2011 Element K Content LLC. All rights reserved.
Digital Certificates
User with Certificate Device with Certificate
OV 11 - 36Copyright © 2011 Element K Content LLC. All rights reserved.
Certificate Encryption
11 22
44 33
1. User obtains certificate and keys
2. User shares public key
3. Data encrypted with public key
4. Data decrypted with private key
OV 11 - 37Copyright © 2011 Element K Content LLC. All rights reserved.
PKI
CA
CA
Certificates Software Services Other Cryptographic Components
CA
CA issuing user certificates
CA issuing user certificates
OV 11 - 38Copyright © 2011 Element K Content LLC. All rights reserved.
Certificate Authentication
11
22
44
33
1. Presents certificate
2. Validates and accepts certificate
3. Issues certificate
4. Certificate authentication is successful
Certificate holder Resource
CA
OV 11 - 39Copyright © 2011 Element K Content LLC. All rights reserved.
DES
3 DES keys
Shared DES key
56 bits 8 parity bits
Triple encodingTriple encoding
OV 11 - 40Copyright © 2011 Element K Content LLC. All rights reserved.
Encryption Devices
Encryption device (HSM)
Restricts execution of external programs
Restricts execution of external programs
OV 11 - 41Copyright © 2011 Element K Content LLC. All rights reserved.
SSL
SSL combines: Digital certificates RSA public-key encryption
SSLSSL
OV 11 - 42Copyright © 2011 Element K Content LLC. All rights reserved.
Encryption Using SSL
Request secure connectionRequest secure connection11
Send certificate and public keySend certificate and public key22
Negotiate encryptionNegotiate encryption33
Generates and encrypts a session keyGenerates and encrypts a session key44
Uses session key for data encryptionUses session key for data encryption55
OV 11 - 44Copyright © 2011 Element K Content LLC. All rights reserved.
Reflective Questions
1. Which of the basic security concepts in this lesson were familiar to
you, and which were new?
2. Can you describe some situations in which you have used basic
security techniques such as authentication, access control, and
encryption, or made use of a security policy?