1. Restricting Access to Network
A. Creating access levels:
Restrictions can be done so that minimize the chance of penetration by authorized users who can not, for example:
• Restrictions login. Login is only allowed:
• In certain terminals.
• There are only certain times and days.
• Restrictions to the call-back (Login can be anyone. If you have successfully logged in, disconnect the system immediately and call the phone number that has been agreed, Intruders can not contact via any phone line, but only on a specific phone line).
• restricted the number of login attempt.
• Log limited to three times and immediately locked and notified to the administrator.
• All logins are recorded and reported an operating system the following information:
Left, ie the user login time.
Terminal, the terminal where the user login.
• The level of permitted access (read / write / execute / all)
B. Access control mechanisms:
Identification problem when the user is logged in the user authentication (user authentication). Most authentication methods based on three ways, namely:
1. Something the user knows, for example:
• Password.
• combination lock.
• First name mother-in-law.
• And so on.
2. Something the user has, for example:
• Badge.
• identity card.
• Keys.
• And so on.
3. Something about (character) users, for example:
• Fingerprints.
• Voice Sidik.
• Photos.
• Signature.
C. Guard against social engineering:
1. As with the executive admitted that does not work access, contact the administrator via phone / fax.
2. Admitted as an administrator who need to diagnose network problems, contact the end user via email / fax / letter.
3. Admitted as a security officer of e-commerce, contact customer transactions that have to repeat the transaction in the form provided by him.
4. theft of mail, password.
5. bribery, violence.
D. Distinguishing internal resources and external:
Utilizing the firewall technology that separates the internal network to external network with a particular rule.
E. User Authentication System:
Def: the process of determining the identity of someone who actually, it is necessary to maintain the integrity (integrity) and security (security) of data, in this process one has to prove who he is before using the access service.
Efforts to better secure password protection, among others:
1. Salting.
Adding a short string to string the user provided password
thus achieving a certain password length.
2. One time password.
• Users must change passwords regularly. This effort to limit opportunities known password or attempted to try another user.
• extreme form of this approach is the one time password, the user received a book containing a list of passwords. Every time the user logged in, users use the following password contained in the list of passwords.
• With a one time password, the user must keep the troubled book should not be stolen password.
3. A long list of questions and answers.
• Variation of the user password is required to give a long list of questions and answers. The questions and answers selected users so that users easily remember and do not need to write on paper.
• The following questions may be used, for example:
• Who Badru-in-law brother-in-law?
• What is taught elementary school when Mr. Aaron?
• In what way was first discovered Simanis?
• At login, the computer choose one of the questions at random, asking the user and check the answers given.
4. Challenge response (chalenge response).
• Users were given the freedom to choose an algorithm, such as x3.
• When users log in, the computer screen to write in the number 3. In this case the user typed the number 27. The algorithm can be different in the morning, afternoon, and day is different, from different terminals, and so on.
Example of User Authentication Products, among others:
1. SecureID ACE (Access Control Encryption)
System hardware tokens such as berdisplay credit card, the user will enter pin number known together, then put him owner pascode that token.
2. S / key (Bellcore)
System software to form one time password (OTP) based on the information loginterkhir with some random rule.
3. Password Authentication Protocol (PAP)
Two-way protocol for the PPP (Point to Point Protocol). Peer partner send the user id and password, authenticator agree.
4. Challenge Handshake Authentication Protocol (CHAP)
S / key to the PAP, protocol 3 directions, authenticator sends a challenge message to the peer, peer then calculates the value sent to the authenticator, authenticator agreed authentication if the answer is the same as this value.
5. Remote Authentication Dial-in User Service (RADIUS)
For dial-up connection, using a network access server, from a host is a RADIUS client, the system merupan one access point.
6. Terminal Access Controller Access Control System (TACACS)
Server-based security protocol from Cisco Systems. Secury \ ity Server centralized view UNIX password file, database authentication, authorization and accounting, digest function (transmitting passwords plain)
A. Creating access levels:
Restrictions can be done so that minimize the chance of penetration by authorized users who can not, for example:
• Restrictions login. Login is only allowed:
• In certain terminals.
• There are only certain times and days.
• Restrictions to the call-back (Login can be anyone. If you have successfully logged in, disconnect the system immediately and call the phone number that has been agreed, Intruders can not contact via any phone line, but only on a specific phone line).
• restricted the number of login attempt.
• Log limited to three times and immediately locked and notified to the administrator.
• All logins are recorded and reported an operating system the following information:
Left, ie the user login time.
Terminal, the terminal where the user login.
• The level of permitted access (read / write / execute / all)
B. Access control mechanisms:
Identification problem when the user is logged in the user authentication (user authentication). Most authentication methods based on three ways, namely:
1. Something the user knows, for example:
• Password.
• combination lock.
• First name mother-in-law.
• And so on.
2. Something the user has, for example:
• Badge.
• identity card.
• Keys.
• And so on.
3. Something about (character) users, for example:
• Fingerprints.
• Voice Sidik.
• Photos.
• Signature.
C. Guard against social engineering:
1. As with the executive admitted that does not work access, contact the administrator via phone / fax.
2. Admitted as an administrator who need to diagnose network problems, contact the end user via email / fax / letter.
3. Admitted as a security officer of e-commerce, contact customer transactions that have to repeat the transaction in the form provided by him.
4. theft of mail, password.
5. bribery, violence.
D. Distinguishing internal resources and external:
Utilizing the firewall technology that separates the internal network to external network with a particular rule.
E. User Authentication System:
Def: the process of determining the identity of someone who actually, it is necessary to maintain the integrity (integrity) and security (security) of data, in this process one has to prove who he is before using the access service.
Efforts to better secure password protection, among others:
1. Salting.
Adding a short string to string the user provided password
thus achieving a certain password length.
2. One time password.
• Users must change passwords regularly. This effort to limit opportunities known password or attempted to try another user.
• extreme form of this approach is the one time password, the user received a book containing a list of passwords. Every time the user logged in, users use the following password contained in the list of passwords.
• With a one time password, the user must keep the troubled book should not be stolen password.
3. A long list of questions and answers.
• Variation of the user password is required to give a long list of questions and answers. The questions and answers selected users so that users easily remember and do not need to write on paper.
• The following questions may be used, for example:
• Who Badru-in-law brother-in-law?
• What is taught elementary school when Mr. Aaron?
• In what way was first discovered Simanis?
• At login, the computer choose one of the questions at random, asking the user and check the answers given.
4. Challenge response (chalenge response).
• Users were given the freedom to choose an algorithm, such as x3.
• When users log in, the computer screen to write in the number 3. In this case the user typed the number 27. The algorithm can be different in the morning, afternoon, and day is different, from different terminals, and so on.
Example of User Authentication Products, among others:
1. SecureID ACE (Access Control Encryption)
System hardware tokens such as berdisplay credit card, the user will enter pin number known together, then put him owner pascode that token.
2. S / key (Bellcore)
System software to form one time password (OTP) based on the information loginterkhir with some random rule.
3. Password Authentication Protocol (PAP)
Two-way protocol for the PPP (Point to Point Protocol). Peer partner send the user id and password, authenticator agree.
4. Challenge Handshake Authentication Protocol (CHAP)
S / key to the PAP, protocol 3 directions, authenticator sends a challenge message to the peer, peer then calculates the value sent to the authenticator, authenticator agreed authentication if the answer is the same as this value.
5. Remote Authentication Dial-in User Service (RADIUS)
For dial-up connection, using a network access server, from a host is a RADIUS client, the system merupan one access point.
6. Terminal Access Controller Access Control System (TACACS)
Server-based security protocol from Cisco Systems. Secury \ ity Server centralized view UNIX password file, database authentication, authorization and accounting, digest function (transmitting passwords plain)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.