Access control is what subject can control what objects and what type of commands and operations they can carry out.
Access control categories:
Access control categories:
- Administrative controls (personal controls, Supervisory structure, security awareness training, testing)
- Physical controls ( Network segregation, Perimeter Security, Computer controls, work area separation, cabling, control zones)
- Technical controls (System access, network architecture, Network access, encryption and protocols, auditing)
Access control types
Process of getting access in to the system
- Preventive - keep undesirable events form happening
- Detective - identify undesirable events that have taken place
- Corrective - correct undesirable events that have taken place
- Deterrent - Discourage security violations form taking place (we are serious about security "Beware of dogs")
- Recovery - Restore resources and capabilities after a violation or accident
- Compensation - provide alternatives to other controls (based on cost/benefit analysis)
Process of getting access in to the system
- Identification - publicly known information but shouldn't be descriptive(username, userID)
- Authentication - Something you know(password,pin),something you have(smartcard,token) and something you are(biometrics). Strong authentication is two of authentication components.
- Authorization - ACL
- Accountability
It is important to asses the your passwords by trying to crack the password your self using the tools available. Password can be cracked using dictionary attack and exhaustive attacks.Rainbow table make password cracking easier by machining hash values. As solution for this we can use one time passwords with a authentication server(challenge response authentication).
Smart cards are good method of authentication.There are two types of smart cards, contact and contact(in/out chip) less(small antenna inside). Fault generation is one of the attack against smart card. Fault generation is manipulating the something outside the card(reader) to get into the data in smart card. Then there are software attacks exploiting the software flaws inside the card. Side channel attack means we are not doing anything to the card, just watch and gather information(gathering radiation, time it took to authenticate).Micro probing is connecting to the circuits directing by peeling of the chip on the card.
Smart cards are good method of authentication.There are two types of smart cards, contact and contact(in/out chip) less(small antenna inside). Fault generation is one of the attack against smart card. Fault generation is manipulating the something outside the card(reader) to get into the data in smart card. Then there are software attacks exploiting the software flaws inside the card. Side channel attack means we are not doing anything to the card, just watch and gather information(gathering radiation, time it took to authenticate).Micro probing is connecting to the circuits directing by peeling of the chip on the card.
No comments:
Post a Comment