Authentication And Threats and Attacks to information security, polices and laws includes about Definition, Some basic authentication methods, Authentication Protocols, Kerberos-An security protocols in the real world. | AUTHENTICATION AND THREATS AND ATTACKS TO INFORMATION SECURITY, POLICES AND LAWS Lê Quốc Thắng Nguyễn Minh Tân AUTHENTICATION OUTLINE Definition Some basic authentication methods Authentication Protocols Kerberos-An security protocols in the real world DEFINITION Access control is concern with access system resources includes: Authentication :deal with the problem of determining whether a user should be allowed access to particular system or resource Authorization restrict the action of authenticated user Authentication raise many issue relate to the protocol binary decision : access is granted or not answer for : Who goes there Authorization find-granted restriction and limitions on access to various system resources answer for : Are you allowd to do that? AUTHENTICATION METHODS Base on any combination of the following: Something you know Something you have Something you are password: some thing you know , the computer can verify that | AUTHENTICATION AND THREATS AND ATTACKS TO INFORMATION SECURITY, POLICES AND LAWS Lê Quốc Thắng Nguyễn Minh Tân AUTHENTICATION OUTLINE Definition Some basic authentication methods Authentication Protocols Kerberos-An security protocols in the real world DEFINITION Access control is concern with access system resources includes: Authentication :deal with the problem of determining whether a user should be allowed access to particular system or resource Authorization restrict the action of authenticated user Authentication raise many issue relate to the protocol binary decision : access is granted or not answer for : Who goes there Authorization find-granted restriction and limitions on access to various system resources answer for : Are you allowd to do that? AUTHENTICATION METHODS Base on any combination of the following: Something you know Something you have Something you are password: some thing you know , the computer can verify that you know and somthing nobody else can guess if you forgot you real pass, a friendly website may authenticate you base on your social security number ,your birthday. all like pass user often use weak pass one solu is use randomly generated cryptographic keys in place of passwords but people must remember those pass Why password is more popular primarily is cost , secondarily is convenience key VS pass: 64-bit crytographic key then will have 2^64 possible key average try 2^63 times to find out the key 8-char pass with 256 choice each char =256^8 =2^64 but user didn't select random pass nonrandomness is the most problem of all kind of pass a good dictionary can reduce the number of try is 2^20 chossing password: weak: Frank 10251960 beter: jfkl(Emily_l : diff to remember 0932546334634545 :diff to remember P0kem0n :more diff but if trudy know that user like pokemon. FSa7Yago :For score and seven year ago passphrases : provide best oftion for password
