Cancel

<Bac Frlsh

Fig. 2.14 (b) Steps to Deploy Registry Settings

any one of the computer which is located
login into
6. That'sall, now you can linked and see the created new registry
policu is
under the OU where this group command GP update/force to
logged-in, just run the
settings. lIfyou already
registry settings.
refresh GPO settings and see the newly created

2.7 AUTHENTICATION SERVICE SECURITY

someone's identity byassuring that the
Authentication is the procedure of recoanising
similar as what it is claiming for, It can be used byboth server and client.
person is the server
server uses authentication when someone needs to access the data and the
Ihe
The client uses it when it is need
required to understand who is accessing the data.
The authentication by the
to understand that it is the same server that it claims to be.
There are some
server is completed mostly by utilising the usernamne and password.
another method of authentication by the server can also be completed using cards,
retina scans, voice identification and fingerprints. Authentication primarily establishes
the identity of a person or system, rather than specifying the actions or documents they
canaccess or manipulate within a given process. User authentication is the main line
of defence for mobileand handheld devices such as Personal Digital Assistants (PDAs).
Traditional authentication architecture based on providing a centralised database of
user identities, creatingit complex to authenticate users in a different management
 Cyber Crime 97
domainas depicted. This structure for providingg security in mobile device is a problem
for
oach system providing safe acaccess to precious, private information and personalised
each.

services.
The authentication mechanism must be distributed and the variqus elements
ofthe authenticator required to connect with each other to authenticate a user. The
authentication service is concerned with assuring that a communication is accurate. In
method of an individual message, including a
the warning or alarm signal, the function
of the. authentication service is to satisfytherecipientthatthe message is from the source
declares to be from.
thatit
authentication service is a mechanism, analogous to the use of passwords
An
on
time-sharing.systems, for the secure authentication of the identity of network clients
by servers
and vice versa, without presuming the operating
system integrity of either
(e.g., Kerberos).

There are different types of authentication systems which are:

1.Single-Factor authentication: This was the first method of security that was
developed. On this authentication System, the user must enter the username and the
password to confirm whether that user is logging in or not. Now if the username or
passwordis WIong, then the user will not be allowed to log in or access the system.
Advantage of the Single-Factor Authentication System:
. t is a very simple to use and straightforward system.
It is not at all costly.
The user does not need any huge technical skills.
The disadvantage of the Single-Factor Authentication
. It is not at all password secure. It will depend on the strength of the password
entered bythe user.
The protection level inSingle-Factor Authentication is much low.
2. Two-factor Authentication: Inthis authentication system, the user must give a
username, password and other information. There are various types of authentication
systems that are used by the user for securing the system. Some of them are: -wireless
tokens and virtual tokens. OTP and more.
Advantages of the Two-Factor Authentication
The Two-Factor Authentication System provides better security than the Single
factor Authentication system.
The productivity and flexibility increase in the two-factor authentication system.
" Two-Factor Authentication prevents the loss of trust.
 98
Cyber Security
Disadvantages
3.
of Two-Factor Authentication: It is time-consuming.
Multi-factor authentication system: In this type ot authentication
one factor of
of keylogger orauthentication is needed. This gives better security to the more than
System. This assuresphishing attack will not be possible in a Multi-Factor user. Any type
the user, that the information will not get stolen
The advantage of the Multi-Factor
Authentication System are:
Authentication
from them.
No risk of security.
No information could get
stolen.
C
No risk of any key-logger
activity.
No risk of any data getting
Thedisadvantage of the captured.
Multi-Factor Authentication System are:
It is time-consuming.
It can rely on third
parties.
The main objective of
computer and to deny access authentication is to allow authorised users to
to unauthorised users. access fho
identifylauthenticates users using the following 3 ways: Operating Systems generaly
and Biometrics. Passwords, Physical identificaion
These are explained as following
1.
below.
PasSwords: Password verification is the
authentication technique. A password is amost popular and commonly used
known only to a user. In a secret text that is supposed to be
valid username and passwordpassword-based system, each
by the system administrator. user is assigned a
usernames and Passwords.When a user The system stores al
are verified by comparing them logs in, their user's name and password
with the stored login name
Contents are the same then the user is and password. It the
is rejected. allowed to access the sustem
otherwise 1
2. Physical
ldentification: This technique includes
badges(symbols), cards, or smart cards. In some machine-readable
for employees to gain companies, badges are irequired
access to the organisation's
identification is combined with the use of a gate. In many systen)
the card and then supply his password i.e. the user must Is
/her password. This kind authentication is
commonly used with ATMs. Smart cards of
the user password within the card itself. can enhance this scheme by keeping
This allows withoutthe
storage of passwords in
in the computer authentication
system. The loss of such a card can be
dangerous.
 Cyber Crime 99
3. Biometrics: This method of
authentication is based on the
characteristics of each user such as fingerprints, voice or unique biologcal
face recognition
signatures and eyes.
4. A scanner or other devices to
gather the necessarydata about the user.
5. Software to convert the data into a form
that can be compared and stored.
6. A database that stores information
for all authorised users.
7. Facial Characteristics: Humans are differentiated
based on facial characteristics
such as eyes, nose, lips, eyebrows and chin shape.
8. Fingerprints: Fingerprints are believed to be unique across the
population.
entire human
9. Hand Geometry: Hand geometry systems identify features of the
includes the shape, length and width of fingers. hand that
10. Retinal pattern: It is concerned with the detailed structure of
the eye.
11. Signature: Every individual has a unique style of handwriting and this feature
is reflected in the signaturesof a person.
12. Voice: Thismethod records the frequency pattern of the voice of an individual
speaker
2.7.1 Types of Authentication Protocols
User authentication is the first most priority while responding to the request made
by the user to the software application. There are several mechanisns made which are
required to authenticate the access while providing access to the data. In this blog, we
willexplore the most common authentication protocols and will try to explore their
merits and demerits.
1. Kerberos: Kerberos is a network authentication protocol that To see
Kerberos
provides secure authentication for users and services over a non in Acion
secure network,such as the internet. lt was developed by MIT as part
of Project Athena and is now a standard protocol used in various
operating systems, including Windows and Unix-like systems. Scan QR Code
Kerberos is designed to prevent eavesdropping and replay attacks,
ensuring secure communication and authentication. This is used for validating cients/
servers during a network employing a cryptographic key. It is designed for executing
strong authentication while reporting to applications. The overall implementation of
the Kerberos protocol is openly available by MIT and is used in many mass-produced
products.
100 Cyber Security
computer systems, facilitati
security protocol in
KerberOs serves as a network trusted hosts over an
multiple
authentication of service requests between cryptography and relying, on inaseCuite
Utilising secret-key
network, such as the internet. client-server trusted
third party, it verifies the identities of users and
authenticates
applications,
Kerberos operates through a centralised
authentication server
that
tauthenticates users
authentication process,
the Authentication Server and
to servers and vice versa. In this Kerberos operates as atrusted
authenticating clients.
its database play a crucial role in Every user and
Kev Distribution Center(KDC). service
third-party server known as the
onthe network is recognised as a principal.
include:
Key components of Kerberos handles initial authentication and issues
The AS
Authentication Server(AS):
a ticket for the Ticket Granting Service. users' access
Authentication Server cross-checks rights using
Database: The
the database. tickets
responsible for issuing
(TGS):The TGS is
" Ticket Granting Server
access specific servers.
Kerberos Overview:
requests services from the host, initiating a reauest
Step 1: The user logs in
and
for the ticket-granting service. by consulting
Server confirms the user's access rights
Step 2: TheAuthentication session key. This
ticket-granting-ticket along with a
the database and then issues
a
information is encrypted using the
user's password.
sent to the Ticket
decryption using the user's password, the ticket is
Step 3: Upon authenticators like usernames and
network
includes
GrantingServer. The ticket
addresses.
Server decrypts the received ticket and verifies the
Step 4: The Ticket Granting for therequested
authenticator. Subsequently, it generates a ticket
request using the
Server.
services from the
Server.
5: The user forwards the ticket and authenticator to the
Step accesstothe
granting
6: The server validates the ticket and authenticators,
Step services.
requested service. Following this, the user can utilise the
 Windows server

1.
Request
TGT

k e y

Session Auth

+
+ ticket
TGT k e y

2. Request session
+
3. Ticket
4.

User
5. Request service+
Auth

6. Server
authentication

Resource server
Kerberos