Your SlideShare is downloading. ×
0
WEB AUTHENTICATION &AUTHORIZATION
INTRODUCTION
INTRODUCTION   The nature of today’s web threats is changing, current attacks    are much more covert than they were in t...
INTRODUCTION   Authentication is a direct need of each and every    organization and so it is becoming paramount for    a...
INTRODUCTION In networked environment, users are granted  access to the network only when they provide their  access info...
AUTHENTICATION TECHNOLOGIES
AUTHENTICATION TECHNOLOGIES   Computer industry has created an array of    identification and authentication technologies...
AUTHENTICATION ATTACKS
BRUTE FORCE ATTACK It is an automated process of trial and error used to  guess a person’s user name, password, credit ca...
INSUFFICIENT AUTHENTICATION   This type of attack occurs when a website permits    an attacker to access sensitive conten...
WEAK PASSWORD RECOVERYVALIDATION   A website is considered to have Password    Recovery Validation when an attacker is ab...
WEAK PASSWORD RECOVERYVALIDATION   Weak methods of Password Recovery:     Password Hints: Password hint aids Brute Force...
AUTHENTICATION TECHNIQUES          AND    INFRASTRUCTURES
PLUGGABLE AUTHENTICATION MODULES(PAM) Instead of having applications handle authentication  on their own, they can use th...
SECURE SOCKETS LAYER (SSL) It provides cryptographically assured privacy  (encryption), integrity, optional client authen...
WEB AUTHENTICATION    STANDARDS
SINGLE SIGN-ON Single sign-on allows a user to enter a username  and password only once and have access to  multiple appl...
OAUTH Open Authentication (OAuth ) aims at creating an  environment where information is shared securely  across networks...
OPENID OpenID is a standard that simplifies signing in. With OpenID you only use one username and one  password to log i...
Upcoming SlideShare
Loading in...5
×

Web authentication & authorization

479

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
479
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Web authentication & authorization"

  1. 1. WEB AUTHENTICATION &AUTHORIZATION
  2. 2. INTRODUCTION
  3. 3. INTRODUCTION The nature of today’s web threats is changing, current attacks are much more covert than they were in the past. Despite the growing array of threats, many organizations are not taking appropriate steps to safeguard their corporate networks, applications or data. As the number of online services are increasing day by day, their usage is also increasing in the same ratio. Users of online services have to register separately to each application and the overhead of remembering many ID/Password pairs has led to the problem of memorability.
  4. 4. INTRODUCTION Authentication is a direct need of each and every organization and so it is becoming paramount for an organization not because it copes with security threats only but for the reason it deals with and develops policies, procedures and mechanisms that provide administrative, physical and logical security. Whenever an individual requests an access to a pool of resources, to use them or update them as desired, then to authenticate such an individual is referred to as authentication.
  5. 5. INTRODUCTION In networked environment, users are granted access to the network only when they provide their access information (e.g. user name & password) securely to check and validate their identity. If a person can prove that who he is, also knows something that only he could knows, it is reasonable to think that a person is he who claims to be.
  6. 6. AUTHENTICATION TECHNOLOGIES
  7. 7. AUTHENTICATION TECHNOLOGIES Computer industry has created an array of identification and authentication technologies:  userID/Passwords  One Time Password  Kerberos  Secure Socket Layer  Lightweight Directory Access Protocol  Security Assertion Markup Language(SAML)  OpenID. * The technologies are detailed on blog articles!
  8. 8. AUTHENTICATION ATTACKS
  9. 9. BRUTE FORCE ATTACK It is an automated process of trial and error used to guess a person’s user name, password, credit card number or cryptographic key. Examples:  Usernames: John, Admin;  Passwords: 12345, password, letmein, admin, (pet names);
  10. 10. INSUFFICIENT AUTHENTICATION This type of attack occurs when a website permits an attacker to access sensitive content or functionality without having to properly authenticate. Web based administration tools are a good example of web site providing access to sensitive functionality.
  11. 11. WEAK PASSWORD RECOVERYVALIDATION A website is considered to have Password Recovery Validation when an attacker is able to foil the recovery mechanism being used. Password recovery systems may be compromised through the use of brute force attacks, inherent system weaknesses or easily guessed secret questions.
  12. 12. WEAK PASSWORD RECOVERYVALIDATION Weak methods of Password Recovery:  Password Hints: Password hint aids Brute Force attacks. An attacker can glean about user’s password from the hint provided.  Secret Question and Answer: A secret question like “Where were you born?” helps an attacker to limit a secret answer Brute Force Attack to city names.
  13. 13. AUTHENTICATION TECHNIQUES AND INFRASTRUCTURES
  14. 14. PLUGGABLE AUTHENTICATION MODULES(PAM) Instead of having applications handle authentication on their own, they can use the PAM API and libraries to take care of the details. Consistency is achieved when many applications perform the same authentication by referencing the same PAM module. Additionally, applications needn’t be recompiled to change their authentication behavior: just edit a PAM configuration file(transparent to the application) and you’re done.
  15. 15. SECURE SOCKETS LAYER (SSL) It provides cryptographically assured privacy (encryption), integrity, optional client authentication, and mandatory server authentication. Linux includes a popular implementation of SSL, called OpenSSL.
  16. 16. WEB AUTHENTICATION STANDARDS
  17. 17. SINGLE SIGN-ON Single sign-on allows a user to enter a username and password only once and have access to multiple applications and environments within a session. Single sign-on uses centralized authentication servers which all applications and systems use for authentication.
  18. 18. OAUTH Open Authentication (OAuth ) aims at creating an environment where information is shared securely across networks. Each thread, which includes devices, applications and users, is constantly authenticated and is all- pervasive. OAuth is a service that is complementary to, but distinct from, OpenID.
  19. 19. OPENID OpenID is a standard that simplifies signing in. With OpenID you only use one username and one password to log in to all websites where you have an account. It offers a secure way of identifying yourself on the Internet. Used by: Google, Flickr, Yahoo, MySpace,WordPress
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×