Securing and Protecting Information
Connectivity and accessibility is a top priority, most electronics in our daily lives are connected to the internet, therefore it is extremely important to maintain devices connected to the internet secure from risks and threats. Remote access enables users outside a network access and provides privileges based on the security settings. Users are able to access resources through an internet service provider or ISP which is connecting remotely to the resources online. Secure connectivity is able to be done due to an authentication process, this process establishes a user’s identification to enable access and grant permissions. There are several ways to ...view middle of the document...
Accounting is the collection of billing and other detail records. Network access is often a billable function, and a log of how much time, bandwidth, file transfer space, or other resources were used needs to be maintained.
Authentication is the process of binding a specific ID to a specific computer connection. Two items need to be presented to cause this binding to occur: the user ID, and some “secret” to prove that the user is the valid possessor of the credentials. Historically, three categories of secrets are used to authenticate the identity of a user: what users know, what users have, and what users are. It is the job of authentication mechanisms to ensure that only valid users are admitted.
Potential attackers are constantly searching for ways to get past the system’s authentication mechanism. Consequently, security professionals are constantly devising new methods, building on these three basic approaches, to provide authentication mechanisms for computer systems and networks. There are several other authentications processes and mechanisms to try to deter unauthorized users from getting access.
Kerberos is a network authentication protocol designed for a client/server environment. Kerberos securely passes a symmetric key over an insecure network using the Needham-Schroeder symmetric key protocol.
Kerberos is built around the idea of a trusted third party, termed a key distribution center KDC, which consists of two logically separate parts: an authentication server AS and a ticket-granting server TGS. Kerberos communicates via “tickets” that serve to prove the identity of users.
Certificates are a method of establishing authenticity of specific objects such as an individual’s public key or downloaded software. A digital certificate is a digital file that is sent as an attachment to a message and is used to verify that the message did indeed come from the entity it claims to have come from. To verify the authenticity of an item, the public key of the signer is needed, and the digital certificate contains this information. A special form of authentication is the digital signature, which is an encrypted hash of an item that enables the recipient, using the public key, to verify that the original contents are not changed. The digital certificate can also contain a key that can be used to encrypt future communication.
A token is a hardware device that can be used in a challenge/response authentication process. Several variations on this type of device exist, but they all work on the same basic principles. The device has an LCD screen and may not have a numeric keypad; devices without a keypad will display a password (often just a sequence of numbers) that changes at a constant interval, of about every 60 seconds. When an individual attempts to log into a system, he enters his own user ID number and then the number that is showing on the LCD screen. These two numbers are entered...