Authentication

Download Report

Transcript Authentication

Dale Smith
COSC 4010 Computer Security
Authentication &
Security in the .NET
environment
Introduction
• With the growing concern in computer
security today user authentication plays an
important role in keeping a system safe
from hackers and intruders that are
attempting to breach security by means of
breaching a point of authentication to gain
access to a system and others.
Form-based authentication
• can allow a developer or administrator the ability
to limit access for certain users in an application
• if there were a large number of users or if users
have the ability to register themselves, the
user’s registration information such as their
name, username, password, and email can all
be stored in a database structure on the same or
another server
Passport Authentication
• centralized account management service that is
used to allow multiple users access to multiple
web applications using a single user account
• To use Passport Authentication you must
purchase an account and pay for a Passport
SDK from a service that is under the control of
the Microsoft Passport Network
• https://accountservices.passport.net/ppnetworkh
ome.srf?vv=330&lc=1033
Encryption/Decryption
• using types of validation that involve
encrypting and decrypting the values that
are taken in from the web application
interface in terms of usernames and
passwords can be easily accomplished by
incorporating encrypt and decrypt
functions in the code with a combination of
algorithms and storage variables.
Encrypt function
Decrypt function
Intranet .NET Application
• usually used to grant access to employee
users of a system
• When using this type of configuration it is
most appropriate to use the Windows
authentication method where the users are
mapped to a valid Windows account
Intranet .NET configuration
User Authenitcation in .NET
• There are many different options when it comes
to using the .NET framework for user
authentication
• Authentication is a very critical component in
Web development
• Hackers today are constantly on the move in
efforts to gain access to other remote systems
on the Internet today with the purpose of
vandalizing, gaining personally in satisfaction of
knowing they can do it, and or personal gains
referring to finance or software
Security today
• To help in keeping your system up to date there
are security white paper sites out there that give
information regarding threats on the market
(such as the latest spammers), security and
service updates, security support, and other
information relating to system security
• As an example the Watchguard site provides
these types of solutions and they can be found
on the web at: http://www.watchguard.com/
Conclusion
• Poorly configured authentication in web
applications can leave systems prone to
these hackers’ attempts so it is always
good to research the capabilities of the
technology you are developing or
administering in terms of what types of
authentication are available on the market
Questions?