Access control techniques

21 slides
0.13 MB

Similar Presentations

Presentation Transcript


Access control techniques1.User possessions : Tokens Memory Tokens : Storing information ATM Protection of pin code Smart Tokens : more powerful than memory tokens. Extension of Memory Tokens. More Integrated circuits into Memory Tokens


Access control techniques 2. Biometric Techniques Possession based Knowledge based Physiological based Behavioral biometric Multi biometric


Possession based : token which the user possesses . Eg smart cards Problem :Token lost Knowledge based : token which user knows . Password and pin


Physiological based Kind of biometric uses physical traits such as Fingerprint ,hand and face etc for authentication. Face Recognition: facial features of human being Fingerprint Recognition :reliable biometric characteristics. Iris Recognition: colored part of eyeball surrounding the pupil. Vein Recognition: like fingerprint ,veins. Ear Recognition: like face recognition. Shape not change with age. ECG (Electrocardiogram):test which perform to capture the electrical activity of the heart .


Behavioral Biometric : Speech pattern ,signature ,gait and keystrokes . Gait : walking style of person. Keystroke : typing speed Multi –biometric:


Biometrics ApplicationsAuthentication system Network security Combating cybercrimes Biometrics enabled smart cards E-commerce and internet


Intrusion Detection


Two step processActive components Passive components


Intrusion and Intrusion DetectionIntrusion : Attempting to break into or misuse your system. Intruders may be from outside the network or legitimate users of the network. Intrusion can be a physical, system or remote intrusion.


Different ways to intrudeBuffer overflows Unexpected combinations Unhandled input


Intrusion Detection Systems (IDS) Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent.


Intrusion Detection Systems (IDS)Different ways of classifying an IDS IDS based on signature based misuse host based network based


Signature based IDSThis IDS possess an attacked description that can be matched to sensed attack manifestations. The question of what information is relevant to an IDS depends upon what it is trying to detect. E.g DNS, FTP etc.


Signature based IDS (contd.)ID system is programmed to interpret a certain series of packets, or a certain piece of data contained in those packets,as an attack. For example, an IDS that watches web servers might be programmed to look for the string “phf” as an indicator of a CGI program attack. Most signature analysis systems are based off of simple pattern matching algorithms. In most cases, the IDS simply looks for a sub string within a stream of data carried by network packets. When it finds this sub string (for example, the ``phf'' in ``GET /cgi-bin/phf?''), it identifies those network packets as vehicles of an attack.


Drawbacks of Signature based IDSThey are unable to detect novel attacks. Suffer from false alarms Have to programmed again for every new pattern to be detected.


TypesHost based IDS: application logs ,modification Protocol Based :analyses comm protocol Hybrid IDS: combined approach Network Intrusion Detection system:n/w traffic monitoring Application protocol based Intrusion Detection system: Misuse Detection: gather info and detect Network based vs host based :


Host/Applications based IDSThe host operating system or the application logs in the audit information. These audit information includes events like the use of identification and authentication mechanisms (logins etc.) , file opens and program executions, admin activities etc. This audit is then analyzed to detect trails of intrusion.


Drawbacks of the host based IDSThe kind of information needed to be logged in is a matter of experience. Unselective logging of messages may greatly increase the audit and analysis burdens. Selective logging runs the risk that attack manifestations could be missed.


Network based IDSThis IDS looks for attack signatures in network traffic via a promiscuous interface. A filter is usually applied to determine which traffic will be discarded or passed on to an attack recognition module. This helps to filter out known un-malicious traffic.


Strengths of Network based IDSCost of ownership reduced Packet analysis Evidence removal Real time detection and response Malicious intent detection Complement and verification Operating system independence

Browse More Presentations

Last Updated: 8th March 2018

Recommended PPTs