1

DEPARTMENT OF COMPUTER TECHNOLOGY

V-SEMESTER
COMPUTER SECURITY

CHAPTER NO.2
Identification, Authentication
And
Operational Security

2
 CHAPTER 2:- SYLLABUS

1 User name and password, Managing & choosing password.

.

2 Role of people in Security

3 Access controls:

4 Biometrics

DTEL 3
 CHAPTER-2 SPECIFIC OBJECTIVE / COURSE OUTCOME

The student will be able to:

1 To understand role of people in security

.

2 To study access control methods

3 To understand biometrics and network security

DTEL 4
 LECTURE 1:- Identification….. Password Selection

•Easy to remember
•Contain user_ID
•Name of family member, favorite sports team, etc….
•If we know more about the user then there is a better chance
of discovering their password.
•It is always a combination of uppercase, lowercase, number
and special symbol.
•It is difficult to attack
•Problem with such type of password is difficult to remember.
•Organizational user always change their user id and
Password to make system secure.
•Many user have many accounts & password

DTEL 5
 LECTURE 1:- Identification….. Role of People in Security

•Password selection

•Piggybacking & shoulder Surfing

•Dumpster Diving

•Installing unauthorized software

•Access by Non-Employee

•Security Awareness

•Individual User Responcibilies.

6

DTEL 6
 LECTURE 1:- Identification…..

THANK YOU

DTEL 7
 LECTURE 2:- Identification….. Piggybacking & Shoulder Surfing

Piggybacking
The simple tactic of following closely behind a person who has
just used their own access card or PIN to gain physical access
to the facility without having to know the access code or
having to acquire an access card

Shoulder surfing
Involves the attacker directly observing the individual entering
sensitive information on a form, keypad, or keyboard

DTEL 8
 LECTURE 2:- Identification….. Dumpster Diving

Need amount of information before attack

Attacker go through the trash to find out information.
The process of going through the target trash is called as
Dumpster Diving.
It is used to get the valuable clue.
When dumpster diving, hackers look for:
•Phone lists
•Memos
•Policy manuals
•Calendars of events
•System manuals, packing crates
•Tells the hackers about new systems that they can break into.
•Print outs
•Disks, tapes, CD-ROMs
•Old hard drives 9

DTEL 9
 LECTURE 2:- Identification…..

THANK YOU

DTEL 10
 LECTURE 3:- Identification….. Installing unauthorized software

•Downloaded software also contain the malicious code.

•This malicious code helps the attacker to open the backdoor
those who are accessing the internet.
•Organization do not allow to install software without
permission of administrator

Problems with installing of unauthorized software

Malware
Spyware
Quality and Compatibility
Piracy of Unlicensed software
Unsupported
11

DTEL 11
 LECTURE 3:- Identification….. Access By Non-Employee

Physical access to a facility.

It is an great opportunity to get critical/important information
that left out.
Example : Security Guard

12

DTEL 12
 LECTURE 3:- Identification….. Security Awareness

•Active security awareness program.(used professionals) .

•Provide initial training. (depend on organization environment

and level of security.)

•Through email also remind their responsibility.

•Concentrate in training is which information is sensitive and

which may be attack.

13

DTEL 13
 LECTURE 3:- Identification…..

THANK YOU

DTEL 14
 LECTURE 4:- Identification….. Individual User Responsibility

•The user duties are vary between the organization.

•Common things are
•Lock doors of office and workshop
•Do not leave the sensitive info. Inside the car.
•Secure storage media in secure storage device.
•Before throwing paper that containing organizational
information destroy it .
•Do not expose sensitive information
•Do not discuss sensitive information with family.
•Protect the laptop.
•Be aware of person who is around when discussing
sensitive corporate information.
•Enforce corporate access control procedure.
•Establish different procedure to implement good password
15
securities practice that all employee should follow.
DTEL 15
 LECTURE 4:- Identification…..

THANK YOU

DTEL 16
 LECTURE 5:- Identification….. Securities policies

•Implementing securities policies is an important part of an

organization

•Important part to implement securities are:

 Policies
 Standards
 Guidelines
 Procedures

17

DTEL 17
 LECTURE 5:- Identification….. Securities policies

Policies
These are made by management of an organization on
particular issue
These are high-level, broad statement of what the
organization wants to accomplished.

Standards
These are compulsory element to implement the policy.
This provide the specific details on how to implement the
policy.
Other standard may be set by the organization for its own
goal.

18

DTEL 18
 LECTURE 5:- Identification….. Securities policies

Guidelines
These are recommendation related to the policy.
This is not compulsory steps.

Procedures
These are step-by-step instruction for how to implement
policies in the organization.
These describe exactly how employees are expected to act in
a given situation.

19

DTEL 19
 LECTURE 5:- Identification….. Securities policies

•Network constantly changing its policies, procedures and

guidelines.
•Maintaining the document for evaluation and changed if
necessary .
•This operation process generally consist of four steps:
Plan
Implement
Monitor
evaluate

20

DTEL 20
 LECTURE 5:- Identification…..

THANK YOU

DTEL 21
 LECTURE 6:- Identification….. Physical Security

•It is the mechanism used to guarantee that physical access to

the computer system & network is restricted.
•Security for sensitive system like server, router, firewalls,
detection system, etc……

Some physical securities are :

Who has access to the facility?

What type of access control are there ?
Are there any security guards?
Who is allowed unsurprised access to the facility ?
Is there any alarm system or security camera which
covers the main area? 22

DTEL 22
 LECTURE 6:- Identification….. Physical Barrier

•It is used to implement the security

•This type of security is visible to all.

•Some times it is difficult to observe

•Sing plays an important role in security.
•Like police secrete operation
Ex.
Security guard
Walls
Railing

23

DTEL 23
 LECTURE 6:- Identification…..

THANK YOU

DTEL 24
 LECTURE 7:- Identification….. Social Engineering

•The purpose of social engineering is to collect the piece of

information slowly.

•This information is useful for next step.

•This process is repeat till the final goal is not reached.

•Two types of human in social engineering

Help somebody
Avoid help

25

DTEL 25
 LECTURE 7:- Identification….. Social Engineering

•Restriction is social engineering :

Do not provide confidential information to unauthorized
person.
Do not provide access to unauthorized person.

•It is useful to
Train the people .
Educate the people
Provide help to people.
Provide different techniques that avoid the attack.

26

DTEL 26
 LECTURE 7:- Identification…..

THANK YOU

DTEL 27
 LECTURE 8:- Identification….. Biometrics access control.

•Biometric identification systems normally work by obtaining

unique characteristics from you, like a handprint, a retina
pattern etc.

•The biometric system then compares that to the specimen

data stored in the system.

•Biometrics authentication is much better when compared with

other types of authentication methods

28

DTEL 28
 LECTURE 8:- Identification….. Biometrics access control.

29

DTEL 29
 LECTURE 8:- Identification….. Biometrics access control.

Working :
Any biometric access control system will consists of a
biometric access control reader or scanner.
This is the unit which captures the raw data in the form of
fingerprint or information from iris scan, etc. This data is then
analyzed & compared to the person's characteristics against
the previously enrolled record.
If the two records match, the person is authenticated. And if
the time is within the authorized period for entry, the device
will signal & release the electric door lock.
The most common aspect of biometrics being used for
access control is fingerprints.
Though in more secure areas like defense areas and
airports, government areas, etc. iris scanning systems, and
other hi-tech approaches are being used. 30

DTEL 30
 LECTURE 8:- Identification…..

THANK YOU

DTEL 31
 LECTURE 9:- Identification….. Biometrics (Example).

Retina Pattern Biometric Systems

Everybody has a unique retinal vascular pattern. Retina
Pattern Biometric system uses an infrared beam to scan your
retina.
Retina pattern biometric systems examine the unique
characteristics of user’s retina and compare that information
with stored pattern to determine whether user should be
allowed access.
Some other biometric systems also perform iris and pupil
measurements. Retina Pattern Biometric Systems are highly
reliable.
Users are often worried in using retina scanners because
they fear that retina scanners will blind or injure their eyes.

32

DTEL 32
 LECTURE 9:- Identification….. Biometrics (Example).

Iris Scans Biometric Systems

Iris scan verify the identity by scanning the colored part of the
front of the eye.
Iris scan is much easier and very accurate.

33

DTEL 33
 LECTURE 9:- Identification….. Biometrics (Example).

Fingerprints Biometric Systems

Fingerprints are used in forensic and identification for long
time. Fingerprints of each individual are unique. Fingerprint
Biometric Systems examine the unique characteristics of your
fingerprints and use that information to determine whether or
not you should be allowed access.
The theoretical working of the fingerprint scanner is as
described below. The user’s finger is placed on the scanner
surface. Light flashes inside the machine, and the reflection is
captured by a scanner, and it is used for analysis and then
verified against the original specimen stored in the system.
The user is allowed or denied based on the result of this
verification.

34

DTEL 34
 LECTURE 9:- Identification…..

THANK YOU

DTEL 35
LECTURE 10:- Identification….. Biometrics (Example).

Handprints Biometric Systems

As in the case of finger print, everybody has unique
handprints.
A handprint Biometric Systems scans hand and finger sand
the data is compared with the specimen stored for you in the
system.
The user is allowed or denied based on the result of this
verification.

36

DTEL 36
LECTURE 10:- Identification….. Biometrics (Example).

Voice Patterns Biometric Systems

Voice Patterns Biometric Systems can also be used for user
authentication.
Voice Patterns Biometric Systems examine the unique
characteristics of user’s voice.

Keystrokes Biometric Systems

Keystroke Biometric Systems examine the unique
characteristics of user’s keystrokes and use that information
to determine whether the user should be allowed access.

37

DTEL 37
LECTURE 10:- Identification…..

THANK YOU

DTEL 38
 References Books:
cryptography and Network security by atul kahate
Compute security principle and practice by william
stalling

References Web:
http://www.pgpi.org/doc/pgpintro
http://www.emailtrackerpro.com
http://www.kmint21.com
http://www.jjtc.com/Steganography/tools.html

DTEL 39