SlideShare une entreprise Scribd logo

implement authentication mechanisms

Alireza Ghahrood
Alireza Ghahrood

Hardware or software-based mechanisms that force users to prove their identity before accessing data on a device

Technologie
1  sur  16
Télécharger pour lire hors ligne
Single/Multifactor Authentication Single Sign-on Device Authentication What This Module Covers
Identification, Authentication and Authorization Identification Authentication Authorization User claims an identity User proves their identity User is granted access Primary controls used by most access control systems
Something you know Something you have Something you are Single factor Dual/Multi factor Types of Authentication
Simplest type of authentication Least secure method of authentication Attacks: Shoulder surfing, Keylogging, Sniffing Attacks: Brute force and dictionary Attacks: Phishing and Social Something you know - Passwords
Simple passwords easy to exploit Long passwords hard to remember Passphrases may help Use strong and complex passwords Don’t write passwords down Change often – 90 days or less Never give someone your password Consider enforcing a password policy and lockout controls Something you know - Passwords
Password Policy
Account Lockout
Alternative or addition to passwords Requires a physical device and PKI environment Examples: Smart cards, proximity cards, hardware tokens Usually requires an additional factor – Pin # One-Time passwords – key fobs Attack: Steal the card Attack: Hack the authentication server Something you have
Biometrics – measures something unique about your body Impossible to lose or forget Examples: Fingerprints, voice recognition, iris and retina scans, handwriting analysis Attacks: persuasion, collusion or force Attacks: Mimicry Challenge: Potential for errors Something you are
Biometric Accuracy  False Rejection Rate – FRR - Type 1 Error - Percentage system falsely rejects a known user  False Accept Rate – FAR - Type 2 Error - Percentage system falsely identity's unknown user as known  Crossover Error Rate - CER - Point where FAR and FRR are balanced - Lower CER, better performing biometric system - Retina, iris, fingerprint, voice False Accept Rate (FAR) False Reject Rate (FRR) Crossover Error Rate (CER) Sensitivity Errors
The combination of two or more factors Password and smart card – something you know, something you have Password and hardware token – something you know, something you have Pin and smart card – something you know, something you have Password and fingerprint – something you know, something you are Password and signature – something you know, something you are Multifactor Authentication
Single Sign-on  Decentralized Authentication - Hard to manage - Hard to backup  Centralized Authentication - Easy to manage - Easy to backup  Single Sign-on - Requires centralized authentication - Minimizes the number of passwords to remember - Single compromise can affect a lot of systems SSO Resources
Developed at MIT for UNIX realms Windows domains use Kerberos beginning with Windows Server 2000 Supports mutual authentication – Client authenticates Server, Server authenticates Client Requires synchronized clocks – for time stamped symmetric encryption Secure European System for Applications in a Multivendor Environment (SESAME) - is similar Components: Key Distribution Center (KDC) Authentication Server (AS) Ticket Granting Server (TGS) Kerberos
TGS AS Simplified Kerberos Process Client KDC Client presents credentials to Authentication Server (AS) and requests Ticket Granting Ticket (TGT) Sends TGT and session key for TGS Client uses TGT to request Service Ticket for App server App TGS responds with Service Ticket Client uses Service ticket to App server
Federated Access SSO for different networks and operating systems owned and managed by different organizations Radius – Remote Authentication Dial In Service Works with PPP, CHAP,PAP,EAP UDP ports 1812, 1813 Not encrypted, susceptible to sniffing, replay attacks, denial of service Use IPSEC to encrypt and unique secrets TACAS+- Terminal Access Controller Access Control System Authentication,, authorization and accounting Encrypts passwords and entire payload TCP port 49 TACAS and XTACAS– Older – don’t use LDAP – Lightweight Directory Access Protocol Not an authentication service X.500 objects and attributes TCP/UDP port 389 Others
Single/Multifactor Authentication Single Sign-on Device Authentication What This Module Covered

Recommandé

SecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password SolutionSecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password Solution
Rafidah Ariffin
 
Security
SecuritySecurity
Security
majstors
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
Information Security Services SA
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
mmubashirkhan
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
rhassan84
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
rhassan84
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
ynamoto
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
FIDO Alliance
 

Recommandé

SecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password SolutionSecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password Solution
Rafidah Ariffin
 
Security
SecuritySecurity
Security
majstors
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
Information Security Services SA
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
mmubashirkhan
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
rhassan84
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
rhassan84
 
Ynamono Hs Lecture
Ynamono Hs LectureYnamono Hs Lecture
Ynamono Hs Lecture
ynamoto
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
FIDO Alliance
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
Abdulaziz Mohd
 
Password Problem - Solved!
Password Problem - Solved!Password Problem - Solved!
Password Problem - Solved!
Cyber Security Summit
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
centralohioissa
 
Network security
Network securityNetwork security
Network security
Ali Kamil
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
Precisely
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
vimal kumar
 
120 i143
120 i143120 i143
120 i143
Hai Nguyen
 
Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.
SecureAuth
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Sylvain Maret
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
Mark Diodati
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
RushikeshChikane2
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
Information Technology
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
SecureAuth
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4
skimil
 
Iss lecture 5
Iss lecture 5Iss lecture 5
Iss lecture 5
Ali Habeeb
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
FumikageTokoyami4
 
sso_on_new system with security is more concern
sso_on_new system with security is more concernsso_on_new system with security is more concern
sso_on_new system with security is more concern
2022mt93375
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
MarketingArrowECS_CZ
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docx
gilpinleeanna
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methods
lapao2014
 
Manipulating Social Media to Undermine Democracy 2017 Final
Manipulating Social Media to Undermine Democracy 2017 Final Manipulating Social Media to Undermine Democracy 2017 Final
Manipulating Social Media to Undermine Democracy 2017 Final
Alireza Ghahrood
 
Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...
Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...
Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...
Alireza Ghahrood
 

Contenu connexe

Similaire à implement authentication mechanisms

Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
Abdulaziz Mohd
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
centralohioissa
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
Precisely
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
Information Technology
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docx
gilpinleeanna
 

Similaire à implement authentication mechanisms (20)

Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
 
Password Problem - Solved!
Password Problem - Solved!Password Problem - Solved!
Password Problem - Solved!
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
 
Network security
Network securityNetwork security
Network security
 
Security 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM iSecurity 101: Multi-Factor Authentication for IBM i
Security 101: Multi-Factor Authentication for IBM i
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
120 i143
120 i143120 i143
120 i143
 
Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.Webinar: Goodbye RSA. Hello Modern Authentication.
Webinar: Goodbye RSA. Hello Modern Authentication.
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4
 
Iss lecture 5
Iss lecture 5Iss lecture 5
Iss lecture 5
 
IS - User Authentication
IS - User AuthenticationIS - User Authentication
IS - User Authentication
 
sso_on_new system with security is more concern
sso_on_new system with security is more concernsso_on_new system with security is more concern
sso_on_new system with security is more concern
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
 
Multifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docxMultifactor authenticationMultifactor authentication or MFA .docx
Multifactor authenticationMultifactor authentication or MFA .docx
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methods
 

Plus de Alireza Ghahrood

Manipulating Social Media to Undermine Democracy 2017 Final
Manipulating Social Media to Undermine Democracy 2017 Final Manipulating Social Media to Undermine Democracy 2017 Final
Manipulating Social Media to Undermine Democracy 2017 Final
Alireza Ghahrood
 
Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...
Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...
Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...
Alireza Ghahrood
 
Fighting in the “Grey Zone”: Lessons from Russian Influence Operations in Ukr...
Fighting in the “Grey Zone”: Lessons from Russian Influence Operations in Ukr...Fighting in the “Grey Zone”: Lessons from Russian Influence Operations in Ukr...
Fighting in the “Grey Zone”: Lessons from Russian Influence Operations in Ukr...
Alireza Ghahrood
 
NATO - Robotrolling Report.NATO Strategic Communications Centre of Excellence
NATO - Robotrolling Report.NATO Strategic Communications Centre of ExcellenceNATO - Robotrolling Report.NATO Strategic Communications Centre of Excellence
NATO - Robotrolling Report.NATO Strategic Communications Centre of Excellence
Alireza Ghahrood
 
DIGITAL HYDRA: SECURITY IMPLICATIONS OF FALSE INFORMATION ONLINE
DIGITAL HYDRA: SECURITY IMPLICATIONS OF FALSE INFORMATION ONLINEDIGITAL HYDRA: SECURITY IMPLICATIONS OF FALSE INFORMATION ONLINE
DIGITAL HYDRA: SECURITY IMPLICATIONS OF FALSE INFORMATION ONLINE
Alireza Ghahrood
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet Dossier
Alireza Ghahrood
 
MIT Open Access Articles Why Employees (Still) Click on Phishing Links: An In...
MIT Open Access Articles Why Employees (Still) Click on Phishing Links: An In...MIT Open Access Articles Why Employees (Still) Click on Phishing Links: An In...
MIT Open Access Articles Why Employees (Still) Click on Phishing Links: An In...
Alireza Ghahrood
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
Alireza Ghahrood
 
Effectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and ComplianceEffectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Alireza Ghahrood
 
BancoEstado Accelerates Digital Transformation with Cloud-based MFA & Card Is...
BancoEstado Accelerates Digital Transformation with Cloud-based MFA & Card Is...BancoEstado Accelerates Digital Transformation with Cloud-based MFA & Card Is...
BancoEstado Accelerates Digital Transformation with Cloud-based MFA & Card Is...
Alireza Ghahrood
 
Identity and Access Management Solutions for Financial Institutions
Identity and Access Management Solutions for Financial InstitutionsIdentity and Access Management Solutions for Financial Institutions
Identity and Access Management Solutions for Financial Institutions
Alireza Ghahrood
 

Plus de Alireza Ghahrood (20)

Manipulating Social Media to Undermine Democracy 2017 Final
Manipulating Social Media to Undermine Democracy 2017 Final Manipulating Social Media to Undermine Democracy 2017 Final
Manipulating Social Media to Undermine Democracy 2017 Final
 
Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...
Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...
Countering Terrorism, Preventing Radicalization and Protecting Cultural Herit...
 
Fighting in the “Grey Zone”: Lessons from Russian Influence Operations in Ukr...
Fighting in the “Grey Zone”: Lessons from Russian Influence Operations in Ukr...Fighting in the “Grey Zone”: Lessons from Russian Influence Operations in Ukr...
Fighting in the “Grey Zone”: Lessons from Russian Influence Operations in Ukr...
 
NATO - Robotrolling Report.NATO Strategic Communications Centre of Excellence
NATO - Robotrolling Report.NATO Strategic Communications Centre of ExcellenceNATO - Robotrolling Report.NATO Strategic Communications Centre of Excellence
NATO - Robotrolling Report.NATO Strategic Communications Centre of Excellence
 
DIGITAL HYDRA: SECURITY IMPLICATIONS OF FALSE INFORMATION ONLINE
DIGITAL HYDRA: SECURITY IMPLICATIONS OF FALSE INFORMATION ONLINEDIGITAL HYDRA: SECURITY IMPLICATIONS OF FALSE INFORMATION ONLINE
DIGITAL HYDRA: SECURITY IMPLICATIONS OF FALSE INFORMATION ONLINE
 
ANT Catalog
ANT CatalogANT Catalog
ANT Catalog
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet Dossier
 
MIT Open Access Articles Why Employees (Still) Click on Phishing Links: An In...
MIT Open Access Articles Why Employees (Still) Click on Phishing Links: An In...MIT Open Access Articles Why Employees (Still) Click on Phishing Links: An In...
MIT Open Access Articles Why Employees (Still) Click on Phishing Links: An In...
 
http://www.neetuchoudhary.com/
http://www.neetuchoudhary.com/http://www.neetuchoudhary.com/
http://www.neetuchoudhary.com/
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
 
Effectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and ComplianceEffectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
Effectively Manage and Continuously Monitor Tech and Cyber Risk and Compliance
 
participatea in the identity management lifecycle
participatea in the identity management lifecycleparticipatea in the identity management lifecycle
participatea in the identity management lifecycle
 
implement access controls
implement access controlsimplement access controls
implement access controls
 
BancoEstado Accelerates Digital Transformation with Cloud-based MFA & Card Is...
BancoEstado Accelerates Digital Transformation with Cloud-based MFA & Card Is...BancoEstado Accelerates Digital Transformation with Cloud-based MFA & Card Is...
BancoEstado Accelerates Digital Transformation with Cloud-based MFA & Card Is...
 
Identity and Access Management Solutions for Financial Institutions
Identity and Access Management Solutions for Financial InstitutionsIdentity and Access Management Solutions for Financial Institutions
Identity and Access Management Solutions for Financial Institutions
 
Cscu module 12 information security and legal compliance
Cscu module 12 information security and legal complianceCscu module 12 information security and legal compliance
Cscu module 12 information security and legal compliance
 
Cscu module 10 social engineering and identity theft
Cscu module 10 social engineering and identity theftCscu module 10 social engineering and identity theft
Cscu module 10 social engineering and identity theft
 
Cscu module 06 internet security
Cscu module 06 internet securityCscu module 06 internet security
Cscu module 06 internet security
 
Cscu module 08 securing online transactions
Cscu module 08 securing online transactionsCscu module 08 securing online transactions
Cscu module 08 securing online transactions
 
Cscu module 07 securing network connections
Cscu module 07 securing network connectionsCscu module 07 securing network connections
Cscu module 07 securing network connections
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Dernier (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

implement authentication mechanisms

  • 1. Single/Multifactor Authentication Single Sign-on Device Authentication What This Module Covers
  • 2. Identification, Authentication and Authorization Identification Authentication Authorization User claims an identity User proves their identity User is granted access Primary controls used by most access control systems
  • 3. Something you know Something you have Something you are Single factor Dual/Multi factor Types of Authentication
  • 4. Simplest type of authentication Least secure method of authentication Attacks: Shoulder surfing, Keylogging, Sniffing Attacks: Brute force and dictionary Attacks: Phishing and Social Something you know - Passwords
  • 5. Simple passwords easy to exploit Long passwords hard to remember Passphrases may help Use strong and complex passwords Don’t write passwords down Change often – 90 days or less Never give someone your password Consider enforcing a password policy and lockout controls Something you know - Passwords
  • 8. Alternative or addition to passwords Requires a physical device and PKI environment Examples: Smart cards, proximity cards, hardware tokens Usually requires an additional factor – Pin # One-Time passwords – key fobs Attack: Steal the card Attack: Hack the authentication server Something you have
  • 9. Biometrics – measures something unique about your body Impossible to lose or forget Examples: Fingerprints, voice recognition, iris and retina scans, handwriting analysis Attacks: persuasion, collusion or force Attacks: Mimicry Challenge: Potential for errors Something you are
  • 10. Biometric Accuracy  False Rejection Rate – FRR - Type 1 Error - Percentage system falsely rejects a known user  False Accept Rate – FAR - Type 2 Error - Percentage system falsely identity's unknown user as known  Crossover Error Rate - CER - Point where FAR and FRR are balanced - Lower CER, better performing biometric system - Retina, iris, fingerprint, voice False Accept Rate (FAR) False Reject Rate (FRR) Crossover Error Rate (CER) Sensitivity Errors
  • 11. The combination of two or more factors Password and smart card – something you know, something you have Password and hardware token – something you know, something you have Pin and smart card – something you know, something you have Password and fingerprint – something you know, something you are Password and signature – something you know, something you are Multifactor Authentication
  • 12. Single Sign-on  Decentralized Authentication - Hard to manage - Hard to backup  Centralized Authentication - Easy to manage - Easy to backup  Single Sign-on - Requires centralized authentication - Minimizes the number of passwords to remember - Single compromise can affect a lot of systems SSO Resources
  • 13. Developed at MIT for UNIX realms Windows domains use Kerberos beginning with Windows Server 2000 Supports mutual authentication – Client authenticates Server, Server authenticates Client Requires synchronized clocks – for time stamped symmetric encryption Secure European System for Applications in a Multivendor Environment (SESAME) - is similar Components: Key Distribution Center (KDC) Authentication Server (AS) Ticket Granting Server (TGS) Kerberos
  • 14. TGS AS Simplified Kerberos Process Client KDC Client presents credentials to Authentication Server (AS) and requests Ticket Granting Ticket (TGT) Sends TGT and session key for TGS Client uses TGT to request Service Ticket for App server App TGS responds with Service Ticket Client uses Service ticket to App server
  • 15. Federated Access SSO for different networks and operating systems owned and managed by different organizations Radius – Remote Authentication Dial In Service Works with PPP, CHAP,PAP,EAP UDP ports 1812, 1813 Not encrypted, susceptible to sniffing, replay attacks, denial of service Use IPSEC to encrypt and unique secrets TACAS+- Terminal Access Controller Access Control System Authentication,, authorization and accounting Encrypts passwords and entire payload TCP port 49 TACAS and XTACAS– Older – don’t use LDAP – Lightweight Directory Access Protocol Not an authentication service X.500 objects and attributes TCP/UDP port 389 Others
  • 16. Single/Multifactor Authentication Single Sign-on Device Authentication What This Module Covered