Introduction to security and ethical hacking-part 3 In this session,we will learn about various security factors like AUTHENTICATION,AUTHORIZATION,A CCESS-CONTROL AND AUDITING... --------------------------------------------- ----------------------------------------- SECURITY FACTORS:- Most of the security system rely on the following four major factors to achieve security goals specified in the CIA triad: [*]AUTHENTICATION [*]ACCESS-CONTROL [*]AUDITING --------------------------------------------- ----------------------------------------- AUTHENTICATION:- It is the process of uniquely identifying particular individual or entity and these authentications are divided into three types... (i)USERNAME/PASSWORD AUTHENTICATION:- The combination of a username and password is one of the most basic authentication.In this type of authentication,a users credentials user name and password are compared against credentials stored in a database on a server.if the username and password match,the user is authenticated.if not,the user is denied access.this method may not be very secure (ii)TOKEN BASED AUTHENTICATION:- Tokens are objects,such as smart card or ID badges that store authentication information.Token can store personal Identification Numbers(PINs) such as user,or password.A smart card is plastic card containing an embedded computer chip that can store different types of electronic information. eg:SMART CARDS (iii)BIO-METRIC AUTHENTICATION:- It involves in FINGER-PRINT SCANNERS,RETINAL SCANNERS,VOICE RECOGNIZATION & FACE RECOGNIZATION these type of authentications are used in SWISS BANK & SOME PRIVATE COMPANIES to secure their data --------------------------------------------- ----------------------------------------- 2.ACCESS CONTROL:- It is the process of determining and assigning privileges to various resource or data and it is the process of controlling and accessing of data from HACKERS --------------------------------------------- ----------------------------------------- 3.AUDITING:- It is the process of tracking and recording system activities and resource access --------------------------------------------- ----------------------------------------- In all the organization data is classified into four types: (I)PUBLIC:-Data that is made available to the public through marketing materials.for instance,a company may distribute pamphlets,brochures,and other publishing material to advertise its products simply user can read and write..... (II)SENSITIVE:-Data that could cause embarrassment but not constitute a security threat if revealed.for instance,data that has sales and marketing figures of a company or its competitors can be termed as sensitive simply the user can Read the data. (III)PRIVATE:-Organizational data that should be kept secret.for Instance,an organization may maintain a database to store the information,such as employee records,their financials,and companys manufacturing secrets may be termed as PRIVATE... (IV)CONFIDENTIAL:-Sensitive organizational data that should be protected with great care.for instance simply protected with a great care such as credit card numbers,contact numbers and other contact information.. come back tomorrow(20-Dec:6pm) to know about cryptographic fundamentals...kindly like share and comment....
Posted on: Sat, 20 Dec 2014 17:41:05 +0000
Trending Topics
Recently Viewed Topics
© 2015