Friday, February 10, 2012

Chapter 10

This chapter covered account management and authentication. The first part of te chapter dealt with credentials as they apply to passwords. Passwords can be compromised by several methods including social engineering, dictionary attacks, guessing, and attempts to crack them offline. Rainbow tables make password cracking easier by creating an archive of passwords to help crack passwords the hacker is trying to break. Passwords can be hard to crack if the user creates one that is complex. This means using complex characters and through the use of password management systems in order to keep track of them. Tokens and cards can be used to authenticate a user as well. Tokens randomly generate passwords that only last a few minutes and are tied to an authentication system. Smart cards have a chip inside them that physically authenticate a user when interfaced into a system. Biometrics are used as well, and these are tied to something, like a fingerprint or retina scan, that are literally unique to the user. Voice recognition can be used in this manner, as can behavioral biometrics (people do things like access a system at fairly regular time periods). Single-sign on systems were covered next. The first was Windows Live is a central sign-on scheme invented by Windows to interface with its products and services, but only works with Windows products. Open ID was another and it is not specific to a single product or company, though it has security weaknesses due to its URL-specific setup. Open authorization is another and relies on a token security authentication system. Account management was covered next, and deals with setting password policies so that a certain number of times a user fails to enter a valid password, it disables the login until the admin resets it. This interrupts password guessing. Trusted operating systems were covered last, and these are OS's that segregate their applications and have heavy security-access protection on their kernels and system files.

No comments:

Post a Comment