LESSON 5 SOMETHING A SUPPLICANT IS OR CAN

PRODUCE - This authentication factor depends

ACCESS CONTROL - Access control is the
on individual features such as fingerprints, palm
process through which systems decide when
prints, hand topography, hand anatomy, or
and how a person can be allowed into an
retina and iris scans, or something that a
organization's protected area. Access control is
supplicant may generate on demand, such as
accomplished by a blend of laws, services, and
speech patterns, signatures, or kinetic
technologies. Access controls can be
measurements on the keyboard. Any of those
compulsory, nondiscretionary, or optional.
apps, collectively known as biometrics.
IDENTIFICATION – is a process through which
Logical Access Controls - are methods and
unverified entity called supplicant who wants
procedures used in computer information
access to a resource sets out a mark through
systems to define, authenticate, approve and
which the system recognizes them . Each
assume responsibility. Logical access is often
supplicant has unique label called ID, which is
necessary for remote hardware access, and is
used to track one part within the security range.
often compared with the term "physical
AUTHENTICATION – is the mechanism by which access". Logical access controls implement
a supposed identify of a supplicant is confirmed. mechanisms for access control of systems,
services, procedures, and information. The
ACCOUNTABILITY – Means that an controls may be built into operating systems,
authenticated identity can be traced to all software, add-on security products, or
activities on a system whether authorized or management systems for database and
unauthorized. Accountability is most commonly telecommunication. Solutions for Logical Access
done by machine reports and database papers , Control may include Biometrics, Tokens,
and the auditing of these documents . Systems Passwords, and Single Sign-on.
logs document relevant information, such as
failed attempts to login, and system changes. Biometric Access Controls - is focused over the
use of some observable human characteristic or
SOMETHING A SUPPLICANT KNOWS – This attribute to verify the identity of a potential
authentication factor is dependent on what user (a supplicant) of the systems. Fingerprint
petitioners knows and call recall – for example, comparison, Palm print comparison, Hand
a password, passphrase, or other special geometry, Facial recognition, Retinal print
authentication code such PIN. comparison are useful biometric authentication
SOMETHING A SUPPLICANT HAS – this element tools.
of authentication is based on something which Minutiae - are unique point of reference in
a supplicant has and can produce when one’s biometric that is stored as image to be
appropriate. For example, card such as ID cards verified upon a requested access. Each single
or ATM with magnetic strips containing the attempt at access results in a calculation that is
digital (and sometimes encrypted) user PIN, compared to the encoded value to decide if the
compared to the number of user inputs. The consumer is who he or she claims to be. A
smart card incorporates a computer chips concern with this approach is that is changes as
capable of checking and validating a variety of our body develops over time. For authentication
pieces of information rather than just a PIN. during a transaction, retail stores uses signature
capture. The customer shall sign a digital tab
with a special pen recording the signature. The
signature will stored for future reference, or KERBEROS INTERACTING SERVICES
compared for validation to a signature on a
AUTHENTICATION SERVER (AS) - Kerberos
database. Voice recognition operates in a
server that authenticates clients and servers
similar manner by recording the user 's initial
voiceprint reciting a word. Later, the KEY DISTRIBUTION CENTER (KDC) - generates
authentication mechanism allows the user to and issues session keys
utter the same phrase when the user tries to
access the device so that the algorithm can KERBEROS TICKET GRANTING SERVICES(TGS) -
match the actual voiceprint to the stored value. provides tickets to clients who request services

EFFECTIVENESS OF BIOMETRICS - Biometrics KERBEROS IS BASED ON THE LOGIC OF THE

are assessed using parameters such as; the false FOLLOWING PRINCIPLES;
rejection rate, which is the rate of supplicants 1. The KDC is aware of the hidden keys of both
who are in fact approved users but who are network clients and servers. Through using
denied access; False acceptance rate, which is these hidden keys, the KDC initially shares
the percentage of users who are unauthorized information with the client and the server.
users but are allowed access; and third, the
crossover error rate, which is the amount at 2. By providing temporary session keys for
which the number of false dismissals is equal to communication between the client and KDC,
the false acceptances. the server and KDC, and the client and server,
Kerberos authenticates a client through a
Authentication Types: requested service on a server via TGS.
-Knowledge something you know Communications between the client and the
server are then made using these temporary
-Ownership something you have session keys.
-Characteristics | Something unique to you LESSON 5.2
-Location somewhere you are SECURITY AUDIT - is a comprehensive
assessment of a business's information system
-Action something you do/ how you do it
security by evaluating how well it follows a set
AUTHENTICATING WITH KERBEROS AND of defined requirements. A comprehensive
SESAME -Kerberos was named after the Greek audit usually reviews the protection of the
mythology which uses symmetric key physical configuration and environment,
encryption to authorize an individual user with applications, processes of information
specific network resources. Kerberos maintains processing, and user practices in the system.
a data repository that contains system’s private Security assessments are also used to assess
keys. Network services operate on servers in regulatory enforcement despite legislation
the Kerberos network registry, as do the clients outlining how information needs to be treated
using those services. Such private keys are by organizations.
referred to the Kerberos program and can check
Security audits assess efficiency of an
a host to another
information system against a set of criteria. On
the other hand, a vulnerability evaluation
requires a systematic analysis of a whole
information system, searching for possible
security vulnerabilities. Penetration testing is a First the CRYPTOPGRAPHY that involves the
secret activity in which a security specialist confidentiality program and its structure itself,
attempts a variety of attacks to determine and second CRYPTANALYSIS which is associated
whether or not a device will survive a malicious with breaking the above-mentioned system of
hacker's same types of attacks. Each of the anonymity.
approaches has inherent strengths, and using
CODE - A compilation of knowledge enabling
two or more of them in conjunction may be the
terms to be transferred to symbols or other
most effective approach of all.
phrases. Banana can be a code for gun.
However, This isn't some kind of cryptography
that can be evaluated. The only means a
SECURITY CYCLE
message can be decrypted is by having the
terms set and their codes.

PLAINTEXT is the meaning you wish to convey

in a coded form. Plain text is generally written
without spaces in any lower case letter. There
are figures printed out, and the punctuation is
overlooked. It is also referred to as clear.

KEY refers to data that enables us to encode the

plaintext and decode the ciphertext as well.

Monoalphabetic and Polyalphabetic Cipher

SECURITY MONITORING FOR COMPUTER
Monoalphabetic cipher is a substitution cipher
SYSTEMS SECURITY MONITORING FOR
in which for a given key, the cipher alphabet for
COMPUTER SYSTEMS MAY BE IDENTIFIED
each plain alphabet is fixed throughout the
BASED TO THE INFORMATION IT CAPTURES
encryption process. For example, if ‘A’ is
NAMELY;
encrypted as ‘D', for any number of occurrences
1. Real-time Monitoring- this focuses on the in that plaintext, ‘A’ will always get encrypted to
Host IDS, System Integrity Monitoring and Data ‘D’. All of the ciphers above are
Loss Prevention. monoalphabetic; these ciphers are highly
susceptible to cryptanalysis. Polyalphabetic
2. Non-real-time Monitoring- it checks
Cipher is a substitution cipher in which the
application and system logging.
cipher alphabet for the plain alphabet may be
3. Log Activities- this monitor host-based different at different places during the
activities and networks and its devices. With encryption process.
regards to Log Activities, Event Logs, Access
THE ADDITIVE (OR SHIFT) CIPHER SYSTEM
Logs, Security Logs, Audit Logs are basically
involved. Increasing plaintext character is substituted in
the Additive Cipher method by another
CRYPTOPOLOGY - is characterized as the
character whose location in the alphabet is a
method of having communications inaccessible
certain number of units apart. In reality we
to all individuals excluding those who have the
move a certain number of places over each
ability to read and interpret it. There are two
letter. One of the first additive ciphers was used
portions that is being studied in Cryptology.
by Julius Caesar around 50 B.C. Each letter of
the alphabet was replaced by the third letter
following it. So, ais replaced by D, bis replaced
by E, c is replaced by F, and so on. The problem
comes when we get to x. x is the 24th letter of
the alphabet. If we add 3 to 24, we get 27. So
we go back to the beginning of the alphabet and
replace x with A, y with B, and z with c. So once
we ad, if the number is greater than 26, we
subtract 26 from it. The chart shows each letter
in plaintext and its corresponding letter in
cipher text.