A hash is a simple number created by applying an algorithm to a file. By comparing hash, you can verify the integrity of the file has been maintain.
Digital Signatures can verify the integrity of emails and files. Digital Signatures require certificates (PKI manages the certificates) and also provide authentication and non-repudiation (you can not deny it later)
Availability ensures that systems stay available when needed and often address single point of failure or SPF. You can increase availability by adding fault tolerance and redundacies, such as RAID, Failover Cluster, backups ang generators. HVAC cooling systems also increase availability.
Redundancy is to add a second server just in case the first one fails, which provides fault tolerance. If the server is down, the second kicks in to provide fault tolerance. Safety is anothe common goal of security. For Example: adding fences and lighting.
Layered security, or defense in depth, combines multiple layers of security, such as a firewall, an IDS, content filtering, and antivirus software.
Risk is the likelihood that a threat will exploit a vulnerability. Risk mitigation reduces the chances that a threat will exploit a vulnerability, or reduces the impact of the risk, by implementing security protocols. Reducing risk is known as Risk mitigation.
Identification occurs when a user claims an identity such as with username or email address. Authentication occurs when the user proves the claimed identity (such as with a password) and the credentials are verified. Access control system authorize access to resources based on permissions granted to the proven identity.
Authentication Factors:
Something you know, such as password or PIN
Something you have, such as a smart card or USB Token
Something you are, such as fingerprint
Somewhere you are, location using GPS.
Something you do, such as gesture on touch screen.
The first factor of authentication (something you know, such as password or PIN) is the weakest factor. Passwords should be strong, changed regularly, never shared, with another person, and stored in a safe place if written down. Technical methods (such as a technical password policy) ensures that users regularly change their passwords and don't reuse the same password.
Passwords
Complex passwords use a mix of characters types. Strong Passwords use a mix of character types and have a minimum password length of eight characters. Users should change passwords every 45 to 90 days.
Before resetting passwords for users, it is important to verify the user's identity. When resetting passwords manually, it is better to create a temporary password that expires upon first use. You can combine password history with a minimum password age to prevent users from reusing the same password. A password history of 24 remembers the last 24 passwords.
Biometrics or Something You are
Smart Cards are often used with dual-factor authentication where users have something (the smart card) and know something (such as password or PIN). Smart Cards include embedded certificates used with digital signatures and encryption. CACs and PIV's are specialized smart cards that include photo identification. They are used to gain access into secure locations and to log on to computers systems.
Biometrics Error:
False acceptance: This is when a biometric system incorrectly identifies an unauthorized user as an authorized user.
False Rejection: This is when a biometric system incorrectly rejects an authorized user.
Two or more methods in the same factor of authentication (such as PIN and password) is single-factor authentication. Dual-factor (or two factor) authentication uses two different factors such as a USB token and a PIN. Multifactor authentication uses two or more factors.
HTOP vs TOTP
HTOP and TOTP are both open source standards used to create one-time use passwords. HTOP creates a one-time use password that does not expire until you log in. TOTP creates a one-time Password that expires after 30 seconds.
Something you are is the strongest individual method of authentication because it is the most difficult for an attacker to falsify. Biometric methods include finger print, retina scans, and palm scanners.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.