Technical Devices for Security Management
Download
Report
Transcript Technical Devices for Security Management
Technical Devices for
Security Management
Kathryn Hockman
COSC 481
Outline
Introduction
Types of Devices
• Smart Cards
• Cryptographic tokens
• Firewalls
• Biometric Devices
Summery
Introduction
What kinds of technical devices are
there for Security Management?
• Smart Cards
• Cryptographic tokens
Synchronous tokens
Asynchronous tokens
• Firewalls
• Biometric Devices
Smart Cards
A Smart Card is a card with embedded
integrated circuits which can process
information
A Smart Card can receive input which is
processed and then gives output
In comparison to a “Dumb Card”, a Smart
Card is secured so that only people with
the enabling code (PIN) or using an
authorized reader for the card can access
the data stored on it.
Cryptographic Tokens
A Cryptographic Token is a device
that is used to authenticate a user on
a computer system.
Two types:
• Synchronous tokens
• Asynchronous tokens
Synchronous tokens
Synchronous Token is a Cryptographic
Token that is time-based and generates a
value that is used in authentication
The token’s value is valid for a set period
of time before it changes, and is based on
a secret key held by both the token and
the server
Known Problem:
• Mistiming issues
Asynchronous Token
An Asynchronous Token is a device
that uses a challenge-response
mechanism to determine whether
the user is valid.
The server gives users a number, the
user puts number into token to get
response number for authentication
Firewalls
A Firewall is any device that prevents
a specific type of information from
the outside world to the inside world
Types of Firewalls:
• Packet filtering firewalls
• Application-level firewalls
• Stateful inspection firewalls
• Dynamic packet filtering firewalls
Application-level Firewalls
An Application-level Firewall consists
of dedicated computers kept
separate from the first filtering
router, used in conjunction with a
separate or internal filtering router.
• It is also known as a proxy server
Stateful Inspection Firewalls
Stateful Inspection Firewalls keeps
track of each network connection
established between internal and
external system using a "state table“
Known Problem:
• Because of addition processing
requirements of Stateful Inspection
Firewalls, it makes DoS (Denial of
Service) attacks easier
Dynamic Packet Filtering Firewalls
Dynamic Packet Filtering Firewalls
allow only a particular packet with a
specific source, destination, and port
address to pass through the firewall
Other Devices that involve Hybrid
Firewall Systems
Screened-host firewall system
Dual-homed host firewalls
Screened-subnet firewalls (with
DMZ)
Screened-host Firewall System
Screened-host Firewall System is a mix of
a packet filtering router with a dedicated
firewall like a proxy server
Can Include:
• bastion host
A bastion host is a computer on a network that
provides a single entrance and exit point to the
Internet from the internal network and vice versa
• sacrificial host
A computer server placed outside an organization's
Internet Firewall to provide a service that might
otherwise compromise the local net's security
Dual-homed Host Firewalls
A Dual-homed Host Firewall uses
two or more network interfaces. One
connection is an internal network
and the second connection is to the
Internet.
It works as a simple firewall provided
there is no direct IP traffic between
the Internet and the internal
network.
Screened-subnet Firewalls (with
DMZ)
Screened-subnet Firewalls is made
up of one or more screened internal
bastion hosts behind a packet
filtering firewall
Biometric Devices
Certain Security Devices can use
Biometrics to aide in Authentication
Biometrics are comprised of:
• Something you are
• Something you Produce
Biometrics
Something you are:
fingerprints
palm scan
hand geometry
hand topography
ID cards (face representation)
facial recognition
retina scan
iris scan
Biometrics
Something you produce:
signature recognition
voice recognition
keystroke pattern recognition
Biometrics
Problems with Biometrics:
• False Accept Rate
Accepting Someone who should not have
been
• False Reject Rate
Rejecting someone who should not have
been
Crossover Rate
• Place where the number of False
Accepts and False Rejects is equal
Summery
Introduction
Types of Devices
• Smart Cards
• Cryptographic tokens
• Firewalls
• Hybrid Firewall Systems
• Biometric Devices