In this COMPTIA Security+ Tutorial, you will understand how the system will need to know who you are. It will then ask for the ID and credentials post which it will check the database. If access is permitted, the system will allow you to connect with the network, but if the access is denied, the system will prevent access to the resources on the system.
If you login to the local machine, authentication takes place in Security Account Manager and if you log on to the system on the domain, the authentication takes place to the Domain Manager. When you authenticate the system, we check for the factors that facilitates the authentication.
Authentication Factors:
The users are authenticated in various ways using the information or something that they know, something that they have or may be something that they are. Information like somewhere you are and something you do can also verify or authenticate the users. To start with, one is you already know, the passwords/PIN/Passphrase. When you try to log on to the system, you need to provide information of something that you already know. Passphrase is the strongest so far.
Another authentication factor is the Token. It is the physical device in your possession, you press the button and it generates the number. The key number when entered in, you will be allowed access to the system. It is under your possession and it can also be a USB device. One of the examples could be a token, ATM cards, etc. Using these attributes to allow after identifying the physical attributes of the person is called as Biometrics. It includes fingerprints, retina pattern, DNA, pupil pattern, hand geometry, etc. It will always be unique and differ from one person and the other.
The location based authentication to allow the access to the regular system and not the strategic system. It will also be based on the IP address to determine where do you log on to the system from. You could work from home or in the office, but you may have authentication to work only from office and not from home.
Dynamics for the authentication includes Signature Dynamics and Keywords Dynamics. The signature dynamics can judge the users based on the pressure and the speed of doing the signature. We use special pressure sensitive plates to judge the signature dynamics.
On the other hand, the Keyword Dynamics, we measure the properties on the keywords i.e. Flight Time (the time you move between each key) and Dwell Time (the time you spend on each key). The systems have sensitive keyboards to judge the users and authenticate them.
For the Single Factor Authentication we can have either of A, B or C.
For the Two Factor Authentication (Multi Factor Authentication) we can have either AB or BC or CA. But AA/BB/CC does not make for the Two Factor Authentication.
For the Strong Factor Authentication we can have ABC, all three together from different lines.
Authorization takes place before we finally have the access to the system. It deals with checking into what permissions are granted to the users and what access is denied. To put it correctly, it deals with the specifying the access rights to the resources related to the information security.
It gives users the idea what could they do and what they could not do with the system.
Common Access Card is a DOD, Department of Defense issued card which allows you to have your ID, pictures, your information,your permissions are also stored on the chip. You can use this as Token, or use it to log on to the system. The card authenticates the user to access the network system.
Personal Identification Card is used to verify your identity and authenticates the users to access the system. It carries your picture and identification details. The perfect example is that of the driving license.
A Smart Card looks almost like an ATM card, but a smart card has a chip on it. It gives details of your identity, picture of yourself, and other information can be stored on the chip. After the card is inserted into the machine, the information is scanned to either allow or deny access to the system.
The Principle of Least Privilege is important in the security operations. It works on the principle that the users should be allowed for a defined access that would solve their purpose, nothing more or less than that. If you give insufficient permissions, they will lead to low productivity of the work. We should not provide more permissions as then the security can be abused.
Separation of Duties dictates that the critical job processes can be broken down into multiple job functions. This way we have multiple individuals responsible for a particular job function. It allows us to prevent one person starting one critical job function from the beginning to the end.
We must take care of the collisions that would take place amongst the individuals to defeat the law of separation of duties.
Single Sign- On states that within the organization, you require passwords to log on. Some require complex, long passwords to different systems. Each system requires a new password. At the end of the day, we need to learn different passwords for different computers. With the Single Sign-On, we need only one password to delete the use of multiple passwords.
But the malicious users who would know your log in details, can use the information to attack different systems and leak the important information. This may damage your image in the organization and hence, it is advisable that you should not share your details with the users.
Job Rotation is to help ensure availability. If the person is not available due to illness or termination, another individual should be available to do their work. Periodically over time we should ensure cross training. Where individual “A” can do what another person “B” can do.
Mandatory Vacations governs require that the staff periodically goes on a vacation. It will prevent fraud and allows the opportunity to audit the job function of the individuals at work. This would evaluate the malicious within the network. These employees are always in the office, stay late for work and do not take an off. Any malicious activity can be identified during the period when they are away from work.
Time of Day Restrictions possibly limit access to the network resources based on their settings during any time of the day and day of the week. It would limit access to network printers, and other facilities. By putting in proper control which can be done on the systems locally or from the server, we can limit the settings any day of the week and the time of the day.
We can put time of day restrictions to limit access to the printers, work stations, etc.
Implicit Denial bar every entry until it is explicitly allowed.