• Tidak ada hasil yang ditemukan

Accountability and Access Control Slide ke-1 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2018

Membagikan "Accountability and Access Control Slide ke-1 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki"

Copied!
37
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 37 Halaman )

Teks penuh

(1)

Accountability and

Access Control

Slide ke-1 Mata Kuliah: Keamanan Jaringan

(2)

Course Objectives

• Access Control

– Identification and Authentication – Techniques

(3)

Access Controls

• Access controls are security features that control how people can interact with

systems, and resources.

• Goal is to protect from un-authorized access.

• Access is the data flow between subject and resources. Subject is a person,

(4)

Access Control’s Types

• Access controls are necessary to protect the confidentiality, integrity, and availability of objects.

– That is commonly called by CIA.

– It is sound silly, but still represent the idea 

• In fact, no single access control mechanism is deployed in such environment.

(5)

Access Control’s Types (2)

• Access Control Types

– Preventive – Deterrent – Detectives – Correctives – Recovery

– Compensation – Administrative

(6)

Preventive Access Control

• Sometimes called a preventative access control.

• This access control is deployed to stop unwanted or unauthorized activity form occurring.

• Fences, locks, biometric, lighting, alarm system, encryption, auditing, CCTV,

(7)

Deterrent Access Control

• To discourage a violation of security

policy, where prevention control leaves off. • It doesn’t stop with trying to prevent an

action, instead, it goes further to exact consequences in the event of an

attempted or successful violation.

(8)

Detective Access Control

• Detective access controls is deployed to discover unwanted or unauthorized

activities.

• Detective access control include security guards, motion detector, reviewing an

(9)

Corrective Access Control

• Deployed to restore system to normal after unwanted or unauthorized activities have occurred.

• Corrective control have only minimal capabilities to respond to access

violations.

(10)

Recovery Access Control

• Deployed to repair resource, function, and capabilities after violation of security

policies.

• Recovery control have more advance

capabilities to response to access violation than corrective control.

(11)

Compensation Access Control

• Deployed to provided various options to aid in enforcement and support of security policy.

• Include security policy requirement,

(12)

Administrative Access Control

• Policies and procedures defined by

organization to implement overall access control.

• Administrative control focus on 2 areas:

personnel and business practices. • Include policies, procedures, hiring

practices, data classification, security training, vacation history, work

(13)

Logical and Physical

Access Control

• Logical access controls are hardware and

software mechanism used to manage access to resources or systems.

– Password, encryption, firewall, access control list, etc

• Physical access control is physical barrier deployed to prevent direct contact to

systems.

(14)

The Process of Accountability

• Several steps lead up to the ability to hold the people accountable:

(15)

Identification

• User provided user name, logon ID,

personal identification number (PIN) or a smart card to represent identification

process.

(16)

Authentication

• Process of verifying or testing that claimed identity is valid.

– Type 1 Authentication (something you know)

• Passwords • PIN

• Lock Combination, etc

– Type 2 Authentication (something you have)

(17)

Authentication

• Process of verifying or testing that claimed identity is valid.

– Type 3 Authentication (something you are)

• Fingerprint • Voiceprint

• Retina pattern

• Face shape recognition • Hand geometry

(18)

Authorization

• Once subject is authenticated, its access must be authorized.

(19)

Auditing

• Auditing is process by which online

activities of user accounts and processes are tracked and recorded.

• Auditing produces audit trails/path, which can be used to reconstruct events and to verify whether a security policy or

(20)

NIST-

based

Minimum Security

Requirement

• Audit data recording must comply with:

– Create, protect, and retain information system audit record to the extend needed to enable the monitoring, analysis, investigation,

unlawful/illegal reporting, unauthorized, inappropriate information system activity.

– Ensure that the action of individual

(21)

Recap

Answer and give an explanation for the questions below:

Identification – what is it?

Authentication – how is this different from identification?

Authorization – what does this mean?

(22)

Identification and Authentication

Technique

• Authentication verify the identity of the

subject (user) by comparing one or more factor in database of valid identities.

(23)

Identification and Authentication

Technique (2)

• Password • Biometrics • Tokens

• Tickets

(24)

Password

• The common authentication technique, but consider the weakest form of protection.

• Password are poor security mechanism for several reasons:

– Easy to guest or crack. – Many users, write it down

– Easy shared, write down, and forgotten – Transmitted password often easy to broke

(25)

Biometric

• Biometric fall into Type 3 authentication category, “something you are”.

A biometric factors are behavioral or

physiological characteristic that is unique to every single subject.

• Types biometric factors:

– Fingerprint

– Face, iris, retina, palm scan – Hand geometry

(26)

Biometric Factor Rating

• Biometric devices are rated for

performance in producing false negative and false positive authentication.

• Most biometric devices have a sensitivity

adjustment so they can be tuned to be

more or less sensitive.

True positive = correctly identified

True negative = correctly rejected

(27)

Biometric Factor Rating

• The ratio of Type 1 errors to valid authentication known as False Rejection Rate (FRR).

• The ratio of Type 2 errors to valid authentication known as False Acceptance Rate (FAR).

• The point at which FRR and FAR is equal known as

(28)

Appropriate Biometric Usage

Zephyr Chart is often used to compare different types of biometric solution, before choose the suitable one at your specific

(29)

Biometric Factors

Retina scan

Fingerprint Iris scan

(30)

Token (Smart Token)

• Smart Tokens are password-generating devices which is an example of Type 2 factor, “something you have”.

• Token can be a static password, like an ATM card (or others), and users have to supply the ATM card and users’ PIN.

• Otherwise, the Token can also be one-time or dynamic password which look like a small

calculator.

(31)

Token Types

• There are 4 types of Token:

– Static

– Synchronous dynamic password

(32)

Token Types (Cont.)

– Can be a smart card, a floppy disk, USB RAM, or even something as simple as a key for physical lock. – Static Token often require

an additional factor like password or biometric factor.

– Commonly use a

cryptographic key provided an authentication

mechanism.

(33)

Token Types (Cont.)

– Generating password at fix time intervals.

– Time interval token require synchronizing the clock on an authentication server with the clock on a token device.

– Subject enters generated

password into the system as an identification mechanism, and PIN/password as an

authentication mechanism.

(34)

Token Types (Cont.)

• Auth sends a challenge (a random value called a

nonce)*

• User enters nonce into token, along with PIN

• Token encrypts nonce and returns value

• Users inputs value into workstation

• If server can decrypt then you are good.

(35)

Ticket Authentication

• Ticket Authentication is mechanism that

employs a third party to prove identification and authentication.

(36)

Single Sign On

• With Single Sign On (SSO), once a subject is authenticated, it can roam the network freely and access resource and services without further authenticating challenges.

• SSO disadvantages:

– Once an account is compromised, a malicious subject gains unrestricted access.

(37)

Single Sign On

Single Sign On: A mechanism to solve difficulties in managing disparate accounts.

Referensi

Unduh sekarang ( PPT - 37 Halaman - 837.50 KB )

Dokumen terkait

Penentuan Prioritas Penanganan Ruas Jalan Nasional Panton Labu Simpang – Langsa – Batas Sumut

Biaya tidak tetap merupakan biaya operasi kendaraan yang dibutuhkan untuk menjalankan kendaraan pada suatu kondisi lalu lintas dan jalan untuk suatu jenis kendaraan

Reformasi administrasi pelayanan publik di KPPM (kantor perizinan dan penanaman modal) kabupaten Boyolali

Kantor Perizinan dan Penanaman Modal (KPPM) Kabupaten Boyolali diharapkan dapat memberikan pelayanan yang prima kepada pemohon (masyarakat) dalam pelaksanaan reformasi

IPBA Skala Tata Surya dan Ukuran Alam Se

Kita tinjau sebagian kecilnya saja dari alam semesta, seperti tata surya yang memiliki satu buah bintang yaitu matahari dan delapan buah planet termasuk bumi yang

BAB II GAMBARAN UMUM KPP PRATAMA MEDAN BELAWAN A. Sejarah Singkat Kantor Pelayanan Pajak Pratama (KPP) Medan Belawan - Penerapan Sistem Administrasi Perpajakan Modern pada Proses Pemberian Surat Keterangan Bebas Pajak Pertambahan Nilai (PPN) Impor yang Be

Wilayah kerja Kantor Pelayanan Pajak Pratama Medan Belawan terdiri dari 4.. kecamatan

IPTEK DAN PERAN KEKHALIFAHAN ALAM SEMEST (1)

Dengan akal pikiran yang telah diberikan oleh Allah SWT, islam sejatinya menuntut manusia untuk mengembangan ilmu pengetahuan dan teknologi yang

v14 no3 a 4 ngudi 18 21

[r]

PENGURANGAN PECAHAN Modul Pembelajaran Matematika Realistik untuk SMP oleh Marsigit

Seperti pada penjumlahan dua pecahan campuran, maka pengurangan pecahan campuran dapat dilakukan dengan cara mengurangkan bagian bilangan cacah terpisah dari bagian

Pedoman Tata Perilaku Kehidupan Kampus IMG_20150603_0005

[r]

Image