karl
Uploaded by
24 SLIDES
392 VIEWS
240LIKES

Comprehensive Overview of User Authentication Methods and Access Control Mechanisms

DESCRIPTION

This document provides an in-depth overview of user authentication methods, including what individuals know (passwords, PINs), possess (keycards, smart cards), and are (biometrics such as fingerprints and facial recognition). It explores password techniques like hashing and salting, common password attacks, and strategies for creating secure passwords. Additionally, it outlines various access control policies such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC), focusing on their implementation within systems like Windows Active Directory.

1 / 24

Download Presentation

Comprehensive Overview of User Authentication Methods and Access Control Mechanisms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. User Authentication

  2. Overview

  3. Means of Authentication • Something the individual: • Knows • Password, Pin, answer to questions • Possesses • Keycards, smart cards, physical keys • Is (static biometric) • Fingerprints, retina(iris), face • Does (dynamic biometrics) • Voice, handwriting,typing rhythm

  4. Password • ‘Normal ‘ • Hashed password • Using salt • Shadow password file • Token based password • Often combined with cards / PINs etc

  5. Hashed password

  6. Password using salt

  7. Some Password Attacks • Offline dictionary attack • Distr.Password-cracking, OPHcrack • Need the passwordfile (<> access control to file) • Specific account attack • Need a userid (<> # trials) • Popular password attack • Need userID(s) (<> non trivial passwords) • Password guessing against one user • Need knowlegde of a user (<> non trivial passwords) • Computer hijacking • Need physical acces to a foreign computer (<> timeout lockout) • Exploiting user mistakes • Need user mistaks like password on ‘postITs’

  8. Password choices

  9. Control passwords • User education • Computer generated • Reactive password checking • Proactive password checking • Size, Characters, dictionary

  10. Biometrics • Faced problems • Positive, Negative • False Positive, False Negative

  11. Access control

  12. Access Control Policies • Discretionary Access control (DAC) • User <-> ressource (linux/unix) • Mandatory Access control (MAC) • User level <-> ressource level (millitary) • Role-Based Access control (RBAC) • Users role <-> ressource (windows)

  13. DAC

  14. Example Unix classic

  15. RBAC

  16. RBAC cont

  17. Windows Active Directory • The windows X.500 (directory service) • Same information structures as DNS • E.g. tree – laerer.rhs.dk • Integrated with windows domain concepts • Primary doamin server, Backup domain servers • Domain = tree of information • Several domains = forest  • Activating: Normally part of installation • When install windows server – asked to install domain (i.e. also define SoA of DNS (=tree root))

  18. Example Figure 1.10 Distinguished Name for the User Object JSmith Note

  19. Users and groups (for RBAC) • Users are created – lots of attributes / information possible to added • Create groups – less attributes • Mostly members etc. • Consider type of group • Universal group – logical (spanning the forest) • Global group – logical (spanning one domain) • Domain Local group (for physical access control)

  20. User create

  21. Different groups

  22. New user - passwords

  23. Access rights

More Related