LESSON 5
PRODUCE - This authentication factor depends
ACCESS CONTROL - is the process through
which systems decide when and how a person
can be allowed into an organization's protected
area. Access control is accomplished by a blend
of laws, services, and technologies. Access
controls can be compulsory, nondiscretionary,
or optional.
IDENTIFICATION – is a process through which
unverified entity called supplicant who wants
access to a resource sets out a mark through
which the system recognizes them. Each
supplicant has unique label called ID, which is
used to track one part within the security range.
AUTHENTICATION – is the mechanism by which
a supposed identify of a supplicant is confirmed.
ACCOUNTABILITY – Means that an
authenticated identity can be traced to all
activities on a system whether authorized or
unauthorized. Accountability is most commonly
done by machine reports and database papers,
and the auditing of these documents. Systems
logs document relevant information, such as
failed attempts to login, and system changes.
SOMETHING A SUPPLICANT KNOWS – This
authentication factor is dependent on what
petitioners knows and call recall – for example,
a password, passphrase, or other special
authentication code such PIN.
SOMETHING A SUPPLICANT HAS – this element
of authentication is based on something which a
supplicant has and can produce when
appropriate. For example, card such as ID cards
or ATM with magnetic strips containing the
digital (and sometimes encrypted) user PIN,
compared to the number of user inputs. The
smart card incorporates a computer chip
capable of checking and validating a variety of
pieces of information rather than just a PIN.
SOMETHING A SUPPLICANT IS OR CAN
on individual features such as fingerprints, palm
prints, hand topography, hand anatomy, or
retina and iris scans, or something that a
supplicant may generate on demand, such as
speech patterns, signatures, or kinetic
measurements on the keyboard. Any of those
apps, collectively known as biometrics.
Logical Access Controls - are methods and
procedures used in computer information
systems to define, authenticate, approve and
assume responsibility. Logical access is often
necessary for remote hardware access, and is
often compared with the term "physical
access". Logical access controls implement
mechanisms for access control of systems,
services, procedures, and information. The
controls may be built into operating systems,
software, add-on security products, or
management systems for database and
telecommunication. Solutions for Logical Access
Control may include Biometrics, Tokens,
Passwords, and Single Sign-on.
Biometric Access Controls - is focused over the
use of some observable human characteristic or
attribute to verify the identity of a potential
user (a supplicant) of the systems. Fingerprint
comparison, Palm print comparison, Hand
geometry, Facial recognition, Retinal print
comparison are useful biometric authentication
tools.
Minutiae - are unique point of reference in
one’s biometric that is stored as image to be
verified upon a requested access. Each single
attempt at access results in a calculation that is
compared to the encoded value to decide if the
consumer is who he or she claims to be. A
concern with this approach is that is changes as
our body develops over time. For authentication
during a transaction, retail stores use signature
capture. The customer shall sign a digital tab
with a special pen recording the signature. The
signature will be stored for future reference, or
compared for validation to a signature on a
database. Voice recognition operates in a
similar manner by recording the user 's initial
voiceprint reciting a word. Later, the
authentication mechanism allows the user to
utter the same phrase when the user tries to
access the device so that the algorithm can
match the actual voiceprint to the stored value.
EFFECTIVENESS OF BIOMETRICS - Biometrics
are assessed using parameters such as; the false
rejection rate, which is the rate of supplicants
who are in fact approved users but who are
denied access; False acceptance rate, which is
the percentage of users who are unauthorized
users but are allowed access; and third, the
crossover error rate, which is the amount at
which the number of false dismissals is equal to
the false acceptances.
Authentication Types:
-Knowledge something you know
-Ownership something you have
-Characteristics | Something unique to you
-Location somewhere you are
-Action something you do/ how you do it
AUTHENTICATING WITH KERBEROS AND
SESAME -Kerberos was named after the Greek
mythology which uses symmetric key
encryption to authorize an individual user with
specific network resources. Kerberos maintains
a data repository that contains system’s private
keys. Network services operate on servers in
the Kerberos network registry, as do the clients
using those services. Such private keys are
referred to the Kerberos program and can check
a host to another
KERBEROS INTERACTING SERVICES
AUTHENTICATION SERVER (AS) - Kerberos
server that authenticates clients and servers
KEY DISTRIBUTION CENTER (KDC) - generates
and issues session keys
KERBEROS TICKET GRANTING SERVICES(TGS) -
provides tickets to clients who request services
KERBEROS IS BASED ON THE LOGIC OF THE
FOLLOWING PRINCIPLES;
1. The KDC is aware of the hidden keys of both
network clients and servers. Through using
these hidden keys, the KDC initially shares
information with the client and the server.
2. By providing temporary session keys for
communication between the client and KDC,
the server and KDC, and the client and server,
Kerberos authenticates a client through a
requested service on a server via TGS.
Communications between the client and the
server are then made using these temporary
session keys.
LESSON 5.2
SECURITY AUDIT - is a comprehensive
assessment of a business's information system
security by evaluating how well it follows a set
of defined requirements. A comprehensive
audit usually reviews the protection of the
physical configuration and environment,
applications, processes of information
processing, and user practices in the system.
Security assessments are also used to assess
regulatory enforcement despite legislation
outlining how information needs to be treated
by organizations.
Security audits assess efficiency of an
information system against a set of criteria. On
the other hand, a vulnerability evaluation
requires a systematic analysis of a whole
information system, searching for possible
security vulnerabilities.
Penetration testing is a secret activity in which
a security specialist attempts a variety of attacks
to determine whether or not a device will
survive a malicious hacker's same types of
attacks. Each of the approaches has inherent
strengths, and using two or more of them in
conjunction may be the most effective approach
of all.
SECURITY CYCLE
SECURITY MONITORING FOR COMPUTER
SYSTEMS SECURITY MONITORING FOR
COMPUTER SYSTEMS MAY BE IDENTIFIED
BASED TO THE INFORMATION IT CAPTURES
NAMELY;
1. Real-time Monitoring- this focuses on the
Host IDS, System Integrity Monitoring and Data
Loss Prevention.
2. non-real-time Monitoring- it checks
application and system logging.
3. Log Activities- this monitor host-based
activities and networks and its devices. With
regards to Log Activities, Event Logs, Access
Logs, Security Logs, Audit Logs are basically
involved.
CRYPTOPOLOGY - is characterized as the
method of having communications inaccessible
to all individuals excluding those who have the
ability to read and interpret it. There are two
portions that is being studied in Cryptology.
First the CRYPTOPGRAPHY that involves the
confidentiality program and its structure itself,
and second CRYPTANALYSIS which is associated
with breaking the above-mentioned system of
anonymity.
CODE - A compilation of knowledge enabling
terms to be transferred to symbols or other
phrases. Banana can be a code for gun.
However, this isn't some kind of cryptography
that can be evaluated. The only means a
message can be decrypted is by having the
terms set and their codes.
PLAINTEXT is the meaning you wish to convey
in a coded form. Plain text is generally written
without spaces in any lower-case letter. There
are figures printed out, and the punctuation is
overlooked. It is also referred to as clear.
KEY refers to data that enables us to encode the
plaintext and decode the ciphertext as well.
Monoalphabetic and Polyalphabetic Cipher
Monoalphabetic cipher is a substitution cipher
in which for a given key, the cipher alphabet for
each plain alphabet is fixed throughout the
encryption process. For example, if ‘A’ is
encrypted as ‘D', for any number of occurrences
in that plaintext, ‘A’ will always get encrypted to
‘D’. All of the ciphers above are
monoalphabetic; these ciphers are highly
susceptible to cryptanalysis. Polyalphabetic
Cipher is a substitution cipher in which the
cipher alphabet for the plain alphabet may be
different at different places during the
encryption process.
THE ADDITIVE (OR SHIFT) CIPHER SYSTEM
Increasing plaintext character is substituted in
the Additive Cipher method by another
character whose location in the alphabet is a
certain number of units apart. In reality we
move a certain number of places over each
letter. One of the first additive ciphers was used
by Julius Caesar around 50 B.C. Each letter of
the alphabet was replaced by the third letter
following it. So, ais replaced by D, bis replaced
by E, c is replaced by F, and so on. The problem
comes when we get to x. x is the 24th letter of
the alphabet. If we add 3 to 24, we get 27. So,
we go back to the beginning of the alphabet and
replace x with A, y with B, and z with c. So, once
we ad, if the number is greater than 26, we
subtract 26 from it. The chart shows each letter
in plaintext and its corresponding letter in
cipher text.
LESSON 6
FIREWALL is defined by Khandal, et al (2018) as
a program or network devices that filters the
information coming through the internet
connection into your private network or
computer system.
These are often categorized as either “network-
based firewalls or host-based firewalls
Network firewalls run on network hardware
and filter traffic between two or more
networks.
Host-based firewalls, on the other hand, run on
host computers and control network traffic
coming in and out of those machines.
DIFFERENCE BETWEEN NETWORK-BASED AND
HOST-BASED FIREWALL
A host-based firewall is installed on the
individual computer to protect it from activity
occurring on its network.
A network-based firewall is implemented at a
specific point in the network path and protects
all computers on the “internal” side of the
firewall from all computers on the external side
of the firewall.
ADVANTAGES OF FIREWALLS
Concentration of security - All modified
software and logging is located on the firewall
system as opposed to being distributed to
multiple hosts.
Protocol filtering - where the firewalls filters
protocols and services that are either not
necessary or that cannot be adequately secured
from exploitation.
Information hiding - n which a firewall can hide
names of internal systems (or) electronic mail
addresses, thereby revealing less information to
outside hosts.
Application gateways - where the firewalls
require inside or outside users to connect first
to the firewall before connecting further,
thereby are filtering the protocol.
DISADVANTAGES OF FIREWALLS
The most obvious being that certain types of
network access maybe hampered or even
blocked for some hosts, including telnet, FTP,
NFS, etc. A second disadvantages with a firewall
system is that it concentrates security in one
spot as opposed to distributing it among
systems, thus a compromised of the firewall
could be disastrous to other less protected
systems on the subnet. Example: If someone
attacks the security guard, the organization
faces more risks.
THE ROLE OF FIREWALLS - A firewall is a term
used for a barrier between a network of
machines and users that operate under a
common security policy and generally trust
each other and the outside world. There are
two basic reasons for using a firewall at present.
(1) to save money in concentrating your security
on a small number of components, and
(2) to simplify the architecture of a system by
restricting access only to machines that trust
each other.
Three (3) Design Goals of FIREWALLS - The first
design goal for a firewall is that collectively the
sum of the entire network from internal to
external must go through the firewall physically
cutting off all access to the local network except
via firewall.
AUTHENTICATION is the process of reliably
verifying the identity of someone (or
something)
THERE are lots of examples of authentication
in human interaction.
1. We recognize each other’s' faces when we
meet.
2. We recognize each other’s voices on the
telephone.
3. We are authenticated by the customs official
who checks us against the picture on our
passport.
4. a guard might authenticate you by comparing
you with the picture on your badge.
5. A mail order company might accept as
authentication the fact that you know the
expiration date on your credit card
CREATING A GOOD QUALITY PASSWORD
POLICY The security provided by a password
system depends on the ability of the users to
keep their password or pass code unique and
secured at all time Thus, according to Gupta
(2018), “…a password is vulnerable to
compromise whenever it is used, stored, or
even known.”
•The system must initially assign a password to
its users.
• Periodic update of users’ password.
• The system must maintain a “password
database”.
• Users must remember their passwords.
• During authentication time, users must enter
their passwords into the system.
• Employees should “…not disclose their
passwords to anyone including the
administrators and IT managers.”
AUTHENTICATION IDENTIFICATION Computers
also verify the identity of its users, based on
three (3) methods:
• What you know (e.g., passwords)
• What you have (e.g., keycards)
• What you are (e.g., biometric information)
VERIFICATION VALIDATION OF INFORMATION
SUPPLIED AGAINST A TABLE OF POSSIBLE
VALUES BASED ON USERS CLAIMED IDENTITY,
VERIFY IDENTITY BASED ON YOUR PHYSICAL
CHARACTERISTICS, KNOWN AS BIOMETRICS.
CHARACTERISTICS USED INCLUDE:
 Signature
 Fingerprint, hand geometry face or body
profile
 Speech, retina patter
HOW AUTHENTICATION IS DONE DEPENDS ON
CAPABILITIES OF ENTITY BEING
AUTHENTICATED. TWO MOST IMPORTANT
CAPABILITIES:
• Ability to store a high-quality key.
• Ability to perform cryptographic operations
TYPES OF AUTHENTICATION • If a user can be induced to run a Trojan horse
which mimics the login program then, the
1. Password-based authentication
Trojan can capture the user’s password.
• Authenticating oneself by showing a secret
• The password can then be sent to the author
password to the remote peer (and to the
of the Trojan
network).
3. On-Line Guessing
• Always vulnerable to eaves dropping attack.
• I can impersonate you if I can guess your
-Usual protection: limit frequency of incorrect
password.
password entries.
• Some systems enforce easily guessable
2. Address-based authentication
passwords.
• Authenticating oneself, can be done “by using
• Some people use easily guessable passwords.
a physically-secured terminal/computer.”
Conceptually similar to password-based • With enough guesses even obscure passwords
authentication. can be guessed.

3. Cryptography-based authentication • Executing users who get their password wrong

would probably be unacceptable. Can make
• Authenticating oneself by showing evidence
sure that guesses have to be typed
of a secret key to the remote peer (and to the
network) but without exposing the secret to the 4. Locking Accounts
peer (or to the network).Secret key can be
• Can lock accounts after too many failed
obtained from a password.
attempts.
PROBLEMS WITH PASSWORDS
• But then easy for someone to deny access.
1. Eavesdropping
• Can cut-off connection after a number of
• Passwords must be uttered to be used. failed attempts and require it to be re-
established.
• Most people don't watch.  But they are not
the people you are worried about. • Can have system response be very slow.

• Wire tapping is a more sophisticated problem. 5. Offline Password Guessing

• If the password is sent from across a network
• Passwords are more vulnerable if off-line
then eavesdropping is possible.
guessing is possible.
• For example, a traditional telnet connection is
• Offline attack- an intruder captures a quantity
unsecured
that is derived from password.
• no cryptography; so an attacker who can
• Attacker then takes their time trying to
eavesdrop, e.g., on the port in use, simply gets
compute password.
to see the password

2. Trojan Horses - is a useful, or apparently

useful, program, which also performs
unwanted/ harmful functions. 79