NETWORK TECHNOLOGIES

Availability
 Accountability
• The term
accountability
refers to the
acceptance of
responsibility for
honest and ethical
conduct towards
others.
Accountability
• The accountability service does not protect against
attacks by itself. It must be used in conjunction
with other services to make them more effective.
• Accountability by itself is the worst part of
security; it adds complications without adding
value.
• Accountability adds cost and it reduces the
usability of a system.
• However, without the accountability service, both
integrity and confidentiality mechanisms would
fail.
Identification and Authentication
• Identification and authentication (I&A)
serves two purposes.
• First, the I&A function identifies the
individual who is attempting to perform a
function.
• Second, the I&A function proves that the
individual is who he or she claims to be.
Identification and Authentication
Authentication can be accomplished by using any
combination of three things:

• Something you know (like a password or PIN)

• Something you have (like a smart card or a badge)
• Something you are (like fingerprints or a retina scan)
Two-factor authentication
• While any single item can be used, it is better to use
combinations of factors such as a password and a
smart card. This is usually referred to as two-factor
authentication.
• The reason that two-factor authentication is deemed to
be better than single-factor authentication is that each
factor has inherent weaknesses.
• For example, passwords can be guessed and smart
cards can be stolen. Biometric authentication is much
harder to fake, but individuals can be compelled to
place their hand on a handprint scanner.
Physical world authentication
• In the physical world authentication may be
accomplished by a picture ID that is shown to a guard.
This may provide sufficient authentication to allow an
employee to enter a facility.
• Hand geometry scanners are also often used to
authenticate individuals who wish to enter certain
parts of facilities. The authentication mechanism is
directly tied to the physical presence and identity of
the individual.
Electronic world authentication
• The authentication mechanism that has been used for
computers is the password. The identity of the individual
is linked via a user ID that was established by a system
administrator. It is assumed that the administrator had
some proof that the individual receiving the user ID was
in fact the individual being identified.
• Passwords alone are a single factor of authentication and
• thus inherently weak.
• Unlike in the physical world, there is no guarantee of the
physical presence of the individual. That is why two-
factor authentication is advocated for use with computer
systems. It provides a stronger authentication
mechanism.
Audit
• Audits provide a record of past events. Audit records
link an individual to actions taken on a system or in
the physical world.
• Without proper I&A, the audit record is useless as no
one can guarantee that the recorded events were
actually performed by the individual in question.
• Audits in the physical world may take the form of
entrance logs, sign-out sheets, or even video
recordings.
• The purpose of these physical records is to provide a
record of actions performed.
Audit
• The integrity service must guarantee that the audit
records were not modified. Otherwise, the information
in the audit log becomes suspect as well.
• In the electronic world, the computer systems provide
the logs that record actions by user IDs.
• If the I&A function is working properly, these events
can be traced back to individuals.
• As with paper records, the audit logs on a computer
system must be protected from unauthorized
modification.
• In fact, audit logs must be protected from any
modification whatsoever.