MICRO PROJECT REPORT

ON

Case Study On Authentication and Access

Control

In Partial fulfilment of Diploma in IT Engineering

( 6th Semester)

In the subject of COMPUTER AND NETWORK SECURITY

(IF5469)

By

Ms. Aashi Sahu(20IF056)

Ms. Manisha Sarode(20IF058)
Mr. Gaurav Thakre(21IF205)
Ms. Priti Rathod(20IF054)
Mr. Rohan Sambare(20IF057)
Mr. Nilraj chavhan (19IF008)

Submitted To

Government Polytechnic, Amravati

(An Autonomous Institute of Govt. of Maharashtra)

Under the guidance of

Prof. Karuna Ukey

Lecturer in Information Technology,
Department of Information Technology,
Government Polytechnic Amravati,
 Government Polytechnic, Amravati.
(An Autonomous Institute of Govt. of Maharashtra)

Department of Information Technology

Certificate
This is to certify that Ms. Aashi Sahu(20IF056),Ms. Manisha Sarode(20IF058),
Mr. Gaurav Thakre(21IF205), Ms.Priti Rathod(20IF054),Mr. Rohan
Sambare(20IF057) of sixth Semester Diploma in IT Engineering has
satisfactorily completed the micro project entitled '' Case Study On
Authentication and Access Control (IF5469) for the academic year
2022-23 as prescribed in curriculum.

Place : Amravati Prof. Karuna Ukey

Date : / / 2023 Lecturer in Information
Technology
 PART A- Plan (About 1-2 pages)
Format for Micro-Project Proposal

Title of Micro Project : Case Study On Authentication and Access Control.

1.0Brief Introduction

Authentication in computer networks is the process of verifying the identity of a

device or user on a network. This is done to ensure that only authorized devices and
users are able to access network resources. There are many different methods that can
be used for authentication, including passwords, biometric factors such as fingerprints
or facial recognition, and security tokens.
Overall, authentication is an important aspect of computer network security. It helps
to ensure that only authorized devices and users are able to access network resources,
protecting against unauthorized access and potential security breaches.

Access control is a method of limiting access to a system or to physical or virtual

resources. It is a process by which users can access and are granted certain
prerogative to systems, resources or information. Access control is a security
technique that has control over who can view different aspects, what can be viewed
and who can use resources in a computing environment. It is a fundamental concept in
security that reduces risk to the business or organization.

2.0Aim of the Micro-Project

This Micro-Project aims at:

3.0Action Plan (Sequence and time required for major activities for 8 weeks)

S.N. Details of activity Planned start Planned I. Code &Name of Team

date Finish date Members

1 Basic planning for All members

project.

2 Collection of Ms. Aashi Sahu(20IF056)

information and images.
Ms. Manisha
Sarode(20IF058)
Ms. Priti Rathod(20IF054)
3 Preparing and editing (20IF057) Rohan Sambare
report for project. (21IF205) gaurav thakre
(19IF008) Nilraj chavhan

4.0Resources Required (major resources such as raw material, some machining

facility, software etc)

S.N. Name of Specifications Qty Remarks

Resource/material
1 Internet Google 1
2 Microsoft Word 1

Guideline for Assessment of Micro-Project

Evaluation as per suggested Rubric for Assessment of Micro-

Project
Assessment Characteristic to be assessed Average Good Excellent
Parameter (1 mark) (1.5 (2 mark)
mark)
Process Relevance of the courses &
Assessment proposals
(06) Literature survey/market
survey/information collection
Analysis of data & completion of the
target as per proposal/
Product Report Preparation/Quality of
Assessment Prototype/model
(04) Presentation / Viva
 PART B- (Outcomes after Execution)
Format for Micro-Project Report

Title of Micro Project: Case study of the cyber fraud / cyber crime

1.0Brief Introduction
Access control is a method of limiting access to a system or to physical or virtual
resources. It is a process by which users can access and are granted certain
prerogative to systems, resources or information. Access control is a security
technique that has control over who can view different aspects, what can be viewed
and who can use resources in a computing environment. It is a fundamental concept
in security that reduces risk to the business or organization.

Authentication in computer networks is the process of verifying the identity of a

device or user on a network. This is done to ensure that only authorized devices and
users are able to access network resources. There are many different methods that
can be used for authentication, including passwords, biometric factors such as
fingerprints or facial recognition, and security tokens.
Overall, authentication is an important aspect of computer network security. It helps
to ensure that only authorized devices and users are able to access network
resources, protecting against unauthorized access and potential security breaches..

2.0 Aim of the Micro-Project (in about 4 to 5 sentences)

This Micro-Project aims at :.
.

3.0 Course Outcomes Integrated (Add to the earlier list if more Cos are
addressed)

1) Identify risk related to computer security

2) Apply user identification and authentication methods
4.0 Actual Procedure Followed
Write step wise the work was done, including which team member did
what work and how the data was analyzed (if any)

S.N. Details of activity Planned start Planned I. Code &Name of Team

date Finish date Members

1 Basic planning for All members

project.

2 Collection of Ms. Priti Rathod(20IF054)

information and images. Ms. Aashi Sahu(20IF056
Ms. Manisha Sarode

3 Preparing and editing Mr. Rohan

report for project. Sambare(20IF057)
Mr. Gaurav
Thakre(21IF205)
Mr.Nilraj chavhan
(19IF008)

5.0Actual Resources used (Mention the actual resources used)

S.N. Name of Specifications Qty Remarks
Resource/material
1 Internet Google 1

2 Microsoft Word 1

6.0 Outputs of the Micro-Projects

(Drawings of the prototype, drawings of survey, presentation of collected
data, Findings, answers, application, small model etc.)
7.0 Skills Developed/learning out of this Micro-Project
We have learnt that how to manage project work in group with good co
- ordination. We learn how to express our ideas using soft skills also
presenting our work on official level with good manner. We developed
programming logics and skills like file editing .

8.0 Assessment by Faculty as per Rubrics

Process Product Total Marks Signature of Faculty

Assessment Assessment (10)
(06) (04)
 Authentication
Authentication is the process of verifying the identity of a user or information.
User authentication is the process of verifying the identity of a user when the
user logs in to a computer system.
Authentication is used by a client when the client needs to know that the server
is system it claims to be. In authentication, the user or computer has to prove its
identity to the server or client. Usually, authentication by a server entails the use
of a user name and password.
In other words, authentication means confirming that a user is who they say
they are. This ensures only those with authorized credentials gain access to
secure systems. When a user attempts to access information on a network, they
must provide secret credentials to prove their identity. Authentication allows
you to grant access to the right user at the right time with confidence. But this
doesn’t occur in isolation.
Authentication is part of a three-step process for gaining access to digital
resources:
Identification—Who are you?
Authentication—Prove it.
Authorization—Do you have permission?
 Importance Of Authentication
Cyberattacks are a critical threat to organizations today. As more people work
remotely and cloud computing becomes the norm across industries, the threat
landscape has expanded exponentially in recent years. As a result, 94% of
enterprise organizations have experienced a data breach—and 79% were
breached in the last two years, according to a recent study by the Identity
Defined Security Alliance (IDSA).
As a result, authentication has become an increasingly important mitigation
strategy to reduce risk and protect sensitive data. Authentication helps
organizations and users protect their data and systems from bad actors seeking
to gain access and steal (or exploit) private information. These systems can
include computer systems, networks, devices, websites, databases, and other
applications and services

Types of Authentication
Single-Factor Authentication

Single-factor authentication (SFA) or one-factor authentication involves

matching one credential to gain access to a system (i.e., a username and a
password). Although this is the most common and well-known form of
authentication, it is considered low-security and the Cybersecurity and
Infrastructure Security Agency (CISA) recently added it to its list of Bad
Practices

The main weakness is that single-factor authentication provides just one barrier.
Hackers only need to steal the credentials to gain access to the system. And
practices such as password reuse, admin password sharing, and relying on
default or otherwise weak passwords make it that much easier for hackers to
guess or obtain them.

Two-Factor Authentication

Two-factor authentication (2FA) adds a second layer of protection to your

access points. Instead of just one authentication factor, 2FA requires two factors
of authentication out of the three categories:

Something you know (i.e., username and password)

Something you have (e.g., a security token or smart card)

Something you are (e.g., TouchID or other biometric credentials)

Keep in mind that although a username and password are two pieces of
information, they are both knowledge factors, so they are considered one factor.

In order to qualify as two-factor authentication, the other authentication method

must come from one of the other two categories.
Three-Factor Authentication

Three-factor authentication (3FA) requires identity-confirming credentials from

three separate authentication factors (i.e., one from something you know, one
from something you have, and one from something you are). Like 2FA, three-
factor authentication is a more secure authentication process and adds a third
layer of access protection to your accounts.
Multi-Factor Authentication

Multi-factor authentication (MFA) refers to any process that requires two or

more factors of authentication. Two-factor and three-factor authentication are
both considered multi-factor authentication.

Certificate-Based Authentication

Certificate-based authentication (CBA) uses a digital certificate to identify and

authenticate a user, device, or machine. A digital certificate, also known as a
public-key certificate, is an electronic document that stores the public key data,
including information about the key, its owner, and the digital signature
verifying the identity. CBA is often used as part of a two-factor or multi-factor
authentication process.
 Access control
What is access control?

Access control is a fundamental component of data security that dictates who’s

allowed to access and use company information and resources. Through
authentication and authorization, access control policies make sure users are
who they say they are and that they have appropriate access to company data.
access.control is a data security process that enables organizations to manage
who is authorized to access corporate data and resources. Secure access control
uses policies that verify users are who they claim to be and ensures appropriate
control access levels are granted to users. Access control is a method of
restricting access to sensitive data. Only those that have had their identity
verified can access company data through an access control gateway.
What are the Components of Access Control?

At a high level, access control is about restricting access to a resource. Any

access control system, whether physical or logical, has five main components:

Authentication: The act of proving an assertion, such as the identity of a person

or computer user. It might involve validating personal identity documents,
verifying the authenticity of a website with a digital certificate, or checking
login credentials against stored details.

Authorization: The function of specifying access rights or privileges to

resources. For example, human resources staff are normally authorized to access
employee records and this policy is usually formalized as access control rules in
a computer system.

Access: Once authenticated and authorized, the person or computer can access
the resource.

Manage: Managing an access control system includes adding and removing

authentication and authorization of users or systems. Some systems will sync
with G Suite or Azure Active Directory, streamlining the management process.

Audit: Frequently used as part of access control to enforce the principle of least
privilege. Over time, users can end up with access they no longer need, e.g.
when they change roles. Regular audits minimize this risk.
 Types of access control
There are various types of access controls that organizations
can implement to safeguard their data and users. These
include:

 Mandatory Access Control

 Role Based Access Control
 Discretionary Access Control
Mandatory Access Control (MAC)

Mandatory Access Control is more commonly utilized in

organizations that require an elevated
emphasis on the confidentiality and classification of data (i.e.
military institutions). MAC doesn't permit owners to have a
say in the entities having access in a unit or facility, instead,
only the owner and custodian have the management of the
access controls. MAC will typically classify all end users and
provide them with labels which permit them to gain access
through security with established security guidelines.
Role-Based Access Control (RBAC)
RBAC is the most demanded in regard to access control
systems. Not only is it in high demand among households,
RBAC has also become highly sought-after in the business
world. In RBAC systems, access is assigned by the system
administrator and is stringently based on the subject's role
within the household or organization and most privileges are
based on the limitations defined by their job responsibilities.
So, rather than assigning an individual as a security manager,
the security manager position already has access control
permissions assigned to it. RBAC makes life much easier
because rather than assigning multiple individuals particular
access,
the system administrator only has to assign access to specific
job titles.
Discretionary Access Control (DAC)
Discretionary Access Control (DAC) is a type of access
control system that holds the business owner responsible for
deciding which people are allowed in a specific location,
physically or digitally. DAC is the least restrictive compared
to the other systems, as it essentially allows an individual
complete control over any objects they own, as well as the
programs associated with those objects.
DAC models allow the data owner to decide access control by
assigning access rights to rules that users specify. When a user
is granted access to a system, they can then provide access to
other users as they see fit.
What Are the Benefits of Access
Control Systems?

Increase Ease of Access for Employees.

Get Rid of Traditional Keys.

 Save Money and Energy

 Keep Track of Who Comes and Goes.
 Protect Against Unwanted Visitors.
 Give Employees the Freedom to Work When They
Need too
 Prevent Against Data Breaches.
 Create a Safe Work Environment

Conclusion :
Thus we have learnt about Authentication & Access Control and their types ,&
understood why access control is important in computer security. Access
control has streamlined countless routine processes for businesses – it has
modernized security and signaled a change in the way companies monitor their
activities.Authentication and is an important part of modern application
security. Having an effective authentication mechanism can ensure the security
of user data and prevent unauthorized access to the application.