SlideShare a Scribd company logo

Security

Download as PPT, PDF
Ganesh Vadulekar
Ganesh Vadulekar

Security Based

Software
1 of 19
SECURITY
Overview 1. Introduction to Security 2. Cryptography 3. Potential Attack 4. Authentication 5. Access Control 6. Authentication & Access Control 7. Digital Signature 8. DCE Security Services 9. Services by DCE 10. Summary
Introduction • Security is one of the most important issues in distributed systems. • When data is distributed across multiple networks or information is transferred via public networks, it becomes vulnerable to attacks by mischievous elements. • Similarly other computing resources like processors, storage devices , networks etc., can also be attacked by hackers.
Cryptography  Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit.  However, in today's computer-centric world, cryptography is most often associated with scrambling plaintext into cipher text (a process called encryption), then back again (known as decryption).  Individuals who practice this field are known as cryptographers.
Cryptography concerns itself with the following four objectives:  Confidentiality the information cannot be understood by anyone for whom it was unintended.  Integrity the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected.  Non-repudiation the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information.
Potential Attacks • There are many Potential Attack to the security of your directory. The most typical threats to directory security fall into the following broad categories: 1. Unauthorized Access 2. Unauthorized Tampering 3. Denial of Service
Potential Threats • Unauthorized Access 1. Unauthorized access to data via data-fetching operations 2 . Unauthorized access to reusable client authentication information by monitoring the access of others 3. Unauthorized access to data by monitoring the access of others • Unauthorized Tampering 1.Unauthorized modification of data 2.Unauthorized modification of configuration information • Denial of Service 1. With a denial of service attack, the attacker's goal is to prevent the directory from providing service to its clients.
Authentication  The process of identifying an individual, usually based on a username and password.  In security systems, authentication is distinct from authorization ,which is the process of giving individuals access to system objects based on their identity.  Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.
There are three methods we can use to authenticate someone: 1.Use something you have, for example, a key or a card. 2.Use something you know. Passwords and PINs (personal ID numbers) 3.Use something you are. This involves biometrics. (a user’s fingerprint or iris pattern).
Access Control  The purpose of access control is to limit the actions or operations that a legitimate user of a computer system can perform.  Access control constrains what a user can do directly, as well as what programs executing on behalf of the users are allowed to do.  In this way access control seeks to prevent activity that could lead to a breach of security.
Authentication & Access Control  It is important to make a clear distinction between authentication and access control.  Correctly establishing the identity of the user is the responsibility of the authentication service.  Access control assumes that the authentication of the user has been successfully verified prior to enforcement of access control via a reference monitor
Digital Signature  A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or documents.  A valid digital signature gives a recipient reason to believe that the message was created by a known sender.  The sender cannot deny having sent the message and that the message was not altered in transit .
 Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature , but not all electronic signatures use digital signatures.  In some countries, including the United States, India, Brazil, Saudi Arabi, European Union and Switzerland has electronic signatures as legal significance.
DCE Security Service  The DCE supplies a framework and toolkit for developing client/server applications.  The framework includes a remote procedure call (RPC) mechanism known as DCE/RPC.  Naming (directory) service, a time service, an authentication service and a distributed file system (DFS) known as DCE/DFS.
Distributed Computing Environment
DCE Services • DCE Security Service provides the mechanisms for writing applications that support secure communications between clients and servers. • Enables processes on different machines to be certain of one another’s identities (authentication). • Allows a server to determine whether a given user is authorized to access a particular resource (authorization).
THANK YOU

Recommended

Security Basics
Security BasicsSecurity Basics
Security BasicsArchitecTerra Ltd.
 
Cryptographic Security
Cryptographic SecurityCryptographic Security
Cryptographic Securityjp tj
 
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKINGIMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKINGInternational Journal of Technical Research & Application
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message SecurityNrapesh Shah
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
Data Security
Data SecurityData Security
Data SecurityMark Waltzer
 
Security services
Security servicesSecurity services
Security servicesGayan Geethanjana
 

Recommended

Security Basics
Security BasicsSecurity Basics
Security BasicsArchitecTerra Ltd.
 
Cryptographic Security
Cryptographic SecurityCryptographic Security
Cryptographic Securityjp tj
 
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKINGIMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKING
IMPLEMENTATION OF METHODS FOR TRANSACTION IN SECURE ONLINE BANKINGInternational Journal of Technical Research & Application
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message SecurityNrapesh Shah
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
Data Security
Data SecurityData Security
Data SecurityMark Waltzer
 
Security services
Security servicesSecurity services
Security servicesGayan Geethanjana
 
Chapter 01
Chapter 01Chapter 01
Chapter 01nathanurag
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-CommerceHem Pokhrel
 
Ppt
PptPpt
PptNidhi Bansal
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationPeter Choi
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
Unit 5
Unit 5Unit 5
Unit 5KRAMANJANEYULU1
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1osama elfar
 
survey project-1
survey project-1survey project-1
survey project-1NAVIT GAUR
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1JeevananthamArumugam
 
Chapter 3 security principals
Chapter 3 security principalsChapter 3 security principals
Chapter 3 security principalsnewbie2019
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...IJNSA Journal
 
Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Amit Fogla
 
Unit 1
Unit 1Unit 1
Unit 1KRAMANJANEYULU1
 
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression TechniquesIRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression TechniquesIRJET Journal
 
Aspects of Network Security
Aspects of Network SecurityAspects of Network Security
Aspects of Network SecuritySHUBHA CHATURVEDI
 
Document security & firewall
Document security & firewallDocument security & firewall
Document security & firewallSanjay Singh
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
security IDS
security IDSsecurity IDS
security IDSGregory Hanis
 
cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptxBisharSuleiman
 

More Related Content

What's hot

Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-CommerceHem Pokhrel
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationPeter Choi
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & EncryptionBiroja
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1osama elfar
 
survey project-1
survey project-1survey project-1
survey project-1NAVIT GAUR
 
Chapter 3 security principals
Chapter 3 security principalsChapter 3 security principals
Chapter 3 security principalsnewbie2019
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...IJNSA Journal
 
Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Amit Fogla
 
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression TechniquesIRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression TechniquesIRJET Journal
 
Document security & firewall
Document security & firewallDocument security & firewall
Document security & firewallSanjay Singh
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 

What's hot (20)

Chapter 01
Chapter 01Chapter 01
Chapter 01
 
Network security for E-Commerce
Network security for E-CommerceNetwork security for E-Commerce
Network security for E-Commerce
 
Ppt
PptPpt
Ppt
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
 
E-commerce- Security & Encryption
E-commerce- Security & EncryptionE-commerce- Security & Encryption
E-commerce- Security & Encryption
 
Unit 5
Unit 5Unit 5
Unit 5
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1
 
survey project-1
survey project-1survey project-1
survey project-1
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1
 
Chapter 3 security principals
Chapter 3 security principalsChapter 3 security principals
Chapter 3 security principals
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
 
Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Mis jaiswal-chapter-11
Mis jaiswal-chapter-11
 
Unit 1
Unit 1Unit 1
Unit 1
 
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression TechniquesIRJET- A Survey on Cryptography, Encryption and Compression Techniques
IRJET- A Survey on Cryptography, Encryption and Compression Techniques
 
Aspects of Network Security
Aspects of Network SecurityAspects of Network Security
Aspects of Network Security
 
Document security & firewall
Document security & firewallDocument security & firewall
Document security & firewall
 
Security and management
Security and managementSecurity and management
Security and management
 

Similar to Security

cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptxBisharSuleiman
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network securitysneha padhiar
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
cyber secuirty.pptx
cyber secuirty.pptxcyber secuirty.pptx
cyber secuirty.pptxGodwin585235
 
CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxRizwanBasha12
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Brianna Johnson
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...IJCSIS Research Publications
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Network Security-Module_1.pdf
Network Security-Module_1.pdfNetwork Security-Module_1.pdf
Network Security-Module_1.pdfDr. Shivashankar
 
A Review Study on Secure Authentication in Mobile System
A Review Study on Secure Authentication in Mobile SystemA Review Study on Secure Authentication in Mobile System
A Review Study on Secure Authentication in Mobile SystemEditor IJCATR
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfannaielectronicsvill
 

Similar to Security (20)

security IDS
security IDSsecurity IDS
security IDS
 
cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptx
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network security
 
CNS - Unit - 1 - Introduction
CNS - Unit - 1 - IntroductionCNS - Unit - 1 - Introduction
CNS - Unit - 1 - Introduction
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
cyber secuirty.pptx
cyber secuirty.pptxcyber secuirty.pptx
cyber secuirty.pptx
 
CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptx
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Network Security-Module_1.pdf
Network Security-Module_1.pdfNetwork Security-Module_1.pdf
Network Security-Module_1.pdf
 
A Review Study on Secure Authentication in Mobile System
A Review Study on Secure Authentication in Mobile SystemA Review Study on Secure Authentication in Mobile System
A Review Study on Secure Authentication in Mobile System
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdf
 
Goals of security
Goals of securityGoals of security
Goals of security
 
IT.pptx
IT.pptxIT.pptx
IT.pptx
 

Recently uploaded

Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 

Recently uploaded (20)

Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 

Security

  • 2.
  • 3. Overview 1. Introduction to Security 2. Cryptography 3. Potential Attack 4. Authentication 5. Access Control 6. Authentication & Access Control 7. Digital Signature 8. DCE Security Services 9. Services by DCE 10. Summary
  • 4. Introduction • Security is one of the most important issues in distributed systems. • When data is distributed across multiple networks or information is transferred via public networks, it becomes vulnerable to attacks by mischievous elements. • Similarly other computing resources like processors, storage devices , networks etc., can also be attacked by hackers.
  • 5. Cryptography  Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit.  However, in today's computer-centric world, cryptography is most often associated with scrambling plaintext into cipher text (a process called encryption), then back again (known as decryption).  Individuals who practice this field are known as cryptographers.
  • 6. Cryptography concerns itself with the following four objectives:  Confidentiality the information cannot be understood by anyone for whom it was unintended.  Integrity the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected.  Non-repudiation the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information.
  • 7. Potential Attacks • There are many Potential Attack to the security of your directory. The most typical threats to directory security fall into the following broad categories: 1. Unauthorized Access 2. Unauthorized Tampering 3. Denial of Service
  • 8. Potential Threats • Unauthorized Access 1. Unauthorized access to data via data-fetching operations 2 . Unauthorized access to reusable client authentication information by monitoring the access of others 3. Unauthorized access to data by monitoring the access of others • Unauthorized Tampering 1.Unauthorized modification of data 2.Unauthorized modification of configuration information • Denial of Service 1. With a denial of service attack, the attacker's goal is to prevent the directory from providing service to its clients.
  • 9. Authentication  The process of identifying an individual, usually based on a username and password.  In security systems, authentication is distinct from authorization ,which is the process of giving individuals access to system objects based on their identity.  Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.
  • 10. There are three methods we can use to authenticate someone: 1.Use something you have, for example, a key or a card. 2.Use something you know. Passwords and PINs (personal ID numbers) 3.Use something you are. This involves biometrics. (a user’s fingerprint or iris pattern).
  • 11. Access Control  The purpose of access control is to limit the actions or operations that a legitimate user of a computer system can perform.  Access control constrains what a user can do directly, as well as what programs executing on behalf of the users are allowed to do.  In this way access control seeks to prevent activity that could lead to a breach of security.
  • 12. Authentication & Access Control  It is important to make a clear distinction between authentication and access control.  Correctly establishing the identity of the user is the responsibility of the authentication service.  Access control assumes that the authentication of the user has been successfully verified prior to enforcement of access control via a reference monitor
  • 13. Digital Signature  A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or documents.  A valid digital signature gives a recipient reason to believe that the message was created by a known sender.  The sender cannot deny having sent the message and that the message was not altered in transit .
  • 14.  Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature , but not all electronic signatures use digital signatures.  In some countries, including the United States, India, Brazil, Saudi Arabi, European Union and Switzerland has electronic signatures as legal significance.
  • 15. DCE Security Service  The DCE supplies a framework and toolkit for developing client/server applications.  The framework includes a remote procedure call (RPC) mechanism known as DCE/RPC.  Naming (directory) service, a time service, an authentication service and a distributed file system (DFS) known as DCE/DFS.
  • 17. DCE Services • DCE Security Service provides the mechanisms for writing applications that support secure communications between clients and servers. • Enables processes on different machines to be certain of one another’s identities (authentication). • Allows a server to determine whether a given user is authorized to access a particular resource (authorization).
  • 18.