SlideShare a Scribd company logo

Lecture 4

Download as PPT, PDF
E
Education

Computer Network Security PPT

Engineering
1 of 28
Computer Network Security 1 Protection in OS A brief history There were no Operating Systems Programs were entered by users by means of switches Programs were entered by means of inputs devices like keyboards Each user had exclusive access to the computing system Time sharing Required to load libraries, compilers, linkers, assemblers and then clean up for the next user by removing sensitive code or data
Computer Network Security 2 A brief history The first OS were simple utilities called executives Designed to assist programmers and to smooth user to user transition Provided linkers and loaders, compilers and assemblers, and automatic loading of subprograms from libraries Multiprogramming allowed two users to interleave access to resources of a single computing system Researchers developed scheduling, sharing and parallel use
Computer Network Security 3 A brief history Multiprogramming OSs, called monitors oversaw each program’s execution While an executive stayed in the background, waiting to be called into action by the user, a monitor maintained control of the computing system and gave access to a resource only if consistent with good use of the system User Multiprogramming brought complications: one user making a mistake on an executive would feel foolish, but a user could not adversely affect the computation of another user
Computer Network Security 4 User authentication An OS bases much of its protection on knowing who a user of the system is In real-life, you may ask for an ID before cashing a cheque, or issuing a book Over time organizations and systems have developed means of authentication: documents, voice recognition, fingerprint, retina matching etc In computing, the choices are limited and possibilities are less secure. Anyone can attempt to login to a computing system. A computer can not recognize electrical signals as one person being any different from another
Computer Network Security 5 User authentication Most computer authentication systems must be based on something only shared between the user and the computer Authentication mechanism based on: Something the user knows: passwords, PINs, mother’s maiden name Something the user has: identity badges, physical keys, driver’s license Something the user is: biometrics are based on a physical characteristic of the user, such as a fingerprint, the pattern of a person's voice. Two or more forms can be combined for strong security for example, a bank card and a PIN
Computer Network Security 6 Use of passwords The most common authentication mechanism for user to operating system is a password Mutually agreed upon code words, assumed to be known only to the system and the user Seems to offer relatively secure system BUT: human practice sometimes degrades its quality
Computer Network Security 7 Passwords: loose-lipped systems Consider a would-be intruder: Knows nothing of the system Enter a common name as user name • Invalid user name • Password dialog Enter a guessed password Intruder finds out OS, valid user name
Computer Network Security 8 Passwords: additional authentication information Day and time of access Location of access
Computer Network Security 9 Attacks on passwords Passwords are somewhat limited as protection devices due to relatively small number of bits of information they contain. Here are some ways you might be able to determine a user's password. Try all possible passwords Try many probable passwords Try passwords likely for the user Search for the system list of passwords Ask the user
Computer Network Security 10 Exhaustive attack: brute force All possible passwords: usually automated If a system has a maximum password length of 8 alphabets (26 possibilities): 261 one-character 262 two-character 268 eight-character 26+ 262 +…….+ 268 =5 million At one password per milliseconds, it will take only 150 years to try all possibilities At one password per microseconds, only two months
Computer Network Security 11 Probable passwords We prefer smaller passwords that are easy to remember, spell and pronounce At one password per million, it takes only 18.278 seconds for three character passwords Or about 8 minutes for 4 character Or about 3.5 hours for 5 character This analysis assumes that people choose passwords like vxlag and msms as often as they pick enter and boring However, people tend to choose names or words they can remember Programs contain dictionaries of English words It takes only 80 seconds to test all 80,000 words in a dictionary as passwords
Computer Network Security 12 Passwords likely for a user People choose passwords that is meaningful to them Spouse name Child’s name Brother or sister’s name Pet’s name Street name Trying this list takes under a second One can try ten of these by hand in under two minutes
Computer Network Security 13 Weak passwords Several web sites post dictionaries of phrases, science fiction characters, places, mythological names, Chinese words, Yiddish words, and other specialized lists These help admins identify weak passwords but the same dictionaries can also be used by attackers of sites that do not have such attentive administrators. Tools such as COPS, Crack, and Satan allow an admin to scan a system for weak passwords People think they can be clever by picking a simple password and replacing certain characters such as 0 for o, 1 for I or l, 3 for E, or @ for a
Computer Network Security 14 Steps an attacker would take Here are attackers some password guessing steps: No password Same as user id User name or derived from it Common: password, secret, private, asdfg, aaaaa Short college dictionary Complete English word list Common non-English dictionary
Computer Network Security 15 Steps an attacker would take Short college dictionary with capitalizations: PaSsWoRd and substitutions of 0 for o etc Complete English with capitalization and substitutions Common non-English dictionary with capitalization and substitutions Brute force, lowercase alphabetic Brute force, full character set
Computer Network Security 16 Plaintext system password list To validate passwords, a system must have a way of comparing entries with actual passwords Rather than trying to guess the password why not target the password file Two column: user ID, password Too obvious: Don’t leave out in the open Have to protect it
Computer Network Security 17 Protecting plaintext password file Various security approaches are used to conceal the password table from those who should not see it. Strong access controls Only OS can access it Not every OS module needs access, e.g. the operating system scheduler, accounting routines, or storage manager have no need to know the table's contents. Avoid dumping of memory An attacker may carefully time the dump of memory Protect system backups
Computer Network Security 18 Encrypted password file Conventional encryption One-way hash
Computer Network Security 19 Conventional encryption Receive user password, decrypt stored password and compare But plain text password is available in memory for a while That is, the password is available to anyone who could obtain access to all of memory. Safer to use one-way hash
Computer Network Security 20 One-way hash The password table's entries are encrypted by a one-way encryption and then stored. When the user enters a password, it is also encrypted and then compared with the table. If the two values are equal, the authentication succeeds. Unix password file can be read by anyone, unless special access controls have been installed. What if two people choose the same password? I notice that another user’s hashed password is the same as mine in the file
Computer Network Security 21 One-way hash - salt Unix circumvents this vulnerability by using a password extension, called the salt. Salt is a 12-bit number derived from the current system time and the process id Likely to be unique for every user Concatenate salt and plaintext password, then hash it Store hash with salt User enters password, fetch salt from file, hash and compare
Computer Network Security 22 Indiscreet users Tape to the monitor Card inside the top desk Give away for sharing files
Computer Network Security 23 Password selection criteria Use characters other than alphabets Choose long passwords Avoid actual names or words Choose an unlikely password: 2BrnB Change password regularly Don’t write down Don’t tell anyone else
Computer Network Security 24 Good password choices Some systems help users by providing meaningless but choices of pronounceable passwords. e.g. VAX VMS Easy to forget and misspell: bliptab Some systems encourage users to change passwords frequently Warn a few days ahead of expiry Leave no choice on day of expiry
Computer Network Security 25 One-time passwords Changes every time it is used Assign a static mathematical function, the system provides an argument to the function, and the user computes and returns the function value. Such systems are also called challenge-response systems f(x)=x+1, f(x)=3x2 -9x+2, f(x)=px, px is the xth prime number f(x)=r(x) use x as seed to a random number generator, or the xth random numbers f(a1a2a3a4a5a6)=a3a1a1a4 f(E(x))=E(D(E(x))+1) System provides encrypted value, decrypt, perform arithmetic, re-encrypt One-time passwords are very effective because intercepted passwords are useless
Computer Network Security 26 Authentication process Even a terrible typist should be able to type password correctly in a few tries A legitimate user will not complain on a delay of 5 to 10 seconds A penetrator’s job would be made unfeasible Repeated failure = not authorized user
Computer Network Security 27 Fixing flaws Trojan horse: a program displays standard prompt e.g. SYSTEM ERROR, DISCONNECTED Make sure system is reinitialized Turn terminal off and then on Pressing break key Ctrl+alt+del System could display something only the user and the system know, such as last login time
Computer Network Security 28 ANY QUESTIONS ?

Recommended

Steganography
Steganography Steganography
Steganography Uttam Jain
 
Image Encryption in java ppt.
Image Encryption in java ppt.Image Encryption in java ppt.
Image Encryption in java ppt.Pradeep Vishwakarma
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Image Security
Image SecurityImage Security
Image SecuritySatyendra Rajput
 
Processor allocation in Distributed Systems
Processor allocation in Distributed SystemsProcessor allocation in Distributed Systems
Processor allocation in Distributed SystemsRitu Ranjan Shrivastwa
 
3. challenges
3. challenges3. challenges
3. challengesAbDul ThaYyal
 
File models and file accessing models
File models and file accessing modelsFile models and file accessing models
File models and file accessing modelsishmecse13
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacytmather
 

Recommended

Steganography
Steganography Steganography
Steganography Uttam Jain
 
Image Encryption in java ppt.
Image Encryption in java ppt.Image Encryption in java ppt.
Image Encryption in java ppt.Pradeep Vishwakarma
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Image Security
Image SecurityImage Security
Image SecuritySatyendra Rajput
 
Processor allocation in Distributed Systems
Processor allocation in Distributed SystemsProcessor allocation in Distributed Systems
Processor allocation in Distributed SystemsRitu Ranjan Shrivastwa
 
3. challenges
3. challenges3. challenges
3. challengesAbDul ThaYyal
 
File models and file accessing models
File models and file accessing modelsFile models and file accessing models
File models and file accessing modelsishmecse13
 
Cloud Security And Privacy
Cloud Security And PrivacyCloud Security And Privacy
Cloud Security And Privacytmather
 
Steganography
SteganographySteganography
SteganographySwapnil Bangera
 
Multimedia system, Architecture & Databases
Multimedia system, Architecture & DatabasesMultimedia system, Architecture & Databases
Multimedia system, Architecture & DatabasesHarshita Ved
 
4. system models
4. system models4. system models
4. system modelsAbDul ThaYyal
 
03 backup-and-recovery
03 backup-and-recovery03 backup-and-recovery
03 backup-and-recoveryhunny garg
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentationAshwin Prasad
 
Image compression
Image compression Image compression
Image compression GARIMA SHAKYA
 
Process migration
Process migrationProcess migration
Process migrationrafi_brz1
 
Multimedia database
Multimedia databaseMultimedia database
Multimedia databaseSumitKeshri10
 
Steganography Project
Steganography Project Steganography Project
Steganography Project Jitu Choudhary
 
Seminar on Chaos Based Cryptography
Seminar on Chaos Based CryptographySeminar on Chaos Based Cryptography
Seminar on Chaos Based CryptographyMuhammad Hamid
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 
Fault tolerance in distributed systems
Fault tolerance in distributed systemsFault tolerance in distributed systems
Fault tolerance in distributed systemssumitjain2013
 
Steganography final report
Steganography final reportSteganography final report
Steganography final reportABHIJEET KHIRE
 
Market oriented Cloud Computing
Market oriented Cloud ComputingMarket oriented Cloud Computing
Market oriented Cloud ComputingJithin Parakka
 
Multimedia synchronization
Multimedia synchronizationMultimedia synchronization
Multimedia synchronizationI World Tech
 
Data compression
Data compressionData compression
Data compressionVIKAS SINGH BHADOURIA
 
Structure of shared memory space
Structure of shared memory spaceStructure of shared memory space
Structure of shared memory spaceCoder Tech
 
Chapter 8 - Multimedia Storage and Retrieval
Chapter 8 - Multimedia Storage and RetrievalChapter 8 - Multimedia Storage and Retrieval
Chapter 8 - Multimedia Storage and RetrievalPratik Pradhan
 
Image Steganography
Image SteganographyImage Steganography
Image SteganographyHushen Savani
 
Street involved youth
Street involved youthStreet involved youth
Street involved youthAIDSCalgary
 
Alpha Harmreduction 2
Alpha Harmreduction 2Alpha Harmreduction 2
Alpha Harmreduction 2AIDSCalgary
 

More Related Content

What's hot

Multimedia system, Architecture & Databases
Multimedia system, Architecture & DatabasesMultimedia system, Architecture & Databases
Multimedia system, Architecture & DatabasesHarshita Ved
 
03 backup-and-recovery
03 backup-and-recovery03 backup-and-recovery
03 backup-and-recoveryhunny garg
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentationAshwin Prasad
 
Process migration
Process migrationProcess migration
Process migrationrafi_brz1
 
Steganography Project
Steganography Project Steganography Project
Steganography Project Jitu Choudhary
 
Seminar on Chaos Based Cryptography
Seminar on Chaos Based CryptographySeminar on Chaos Based Cryptography
Seminar on Chaos Based CryptographyMuhammad Hamid
 
Fault tolerance in distributed systems
Fault tolerance in distributed systemsFault tolerance in distributed systems
Fault tolerance in distributed systemssumitjain2013
 
Steganography final report
Steganography final reportSteganography final report
Steganography final reportABHIJEET KHIRE
 
Market oriented Cloud Computing
Market oriented Cloud ComputingMarket oriented Cloud Computing
Market oriented Cloud ComputingJithin Parakka
 
Multimedia synchronization
Multimedia synchronizationMultimedia synchronization
Multimedia synchronizationI World Tech
 
Structure of shared memory space
Structure of shared memory spaceStructure of shared memory space
Structure of shared memory spaceCoder Tech
 
Chapter 8 - Multimedia Storage and Retrieval
Chapter 8 - Multimedia Storage and RetrievalChapter 8 - Multimedia Storage and Retrieval
Chapter 8 - Multimedia Storage and RetrievalPratik Pradhan
 

What's hot (20)

Steganography
SteganographySteganography
Steganography
 
Multimedia system, Architecture & Databases
Multimedia system, Architecture & DatabasesMultimedia system, Architecture & Databases
Multimedia system, Architecture & Databases
 
4. system models
4. system models4. system models
4. system models
 
03 backup-and-recovery
03 backup-and-recovery03 backup-and-recovery
03 backup-and-recovery
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentation
 
Image compression
Image compression Image compression
Image compression
 
Process migration
Process migrationProcess migration
Process migration
 
Multimedia database
Multimedia databaseMultimedia database
Multimedia database
 
Steganography Project
Steganography Project Steganography Project
Steganography Project
 
Seminar on Chaos Based Cryptography
Seminar on Chaos Based CryptographySeminar on Chaos Based Cryptography
Seminar on Chaos Based Cryptography
 
Database security
Database securityDatabase security
Database security
 
Fault tolerance in distributed systems
Fault tolerance in distributed systemsFault tolerance in distributed systems
Fault tolerance in distributed systems
 
Steganography final report
Steganography final reportSteganography final report
Steganography final report
 
Market oriented Cloud Computing
Market oriented Cloud ComputingMarket oriented Cloud Computing
Market oriented Cloud Computing
 
Multimedia synchronization
Multimedia synchronizationMultimedia synchronization
Multimedia synchronization
 
Data compression
Data compressionData compression
Data compression
 
Structure of shared memory space
Structure of shared memory spaceStructure of shared memory space
Structure of shared memory space
 
Chapter 8 - Multimedia Storage and Retrieval
Chapter 8 - Multimedia Storage and RetrievalChapter 8 - Multimedia Storage and Retrieval
Chapter 8 - Multimedia Storage and Retrieval
 
Image Steganography
Image SteganographyImage Steganography
Image Steganography
 

Viewers also liked

Street involved youth
Street involved youthStreet involved youth
Street involved youthAIDSCalgary
 
Alpha Harmreduction 2
Alpha Harmreduction 2Alpha Harmreduction 2
Alpha Harmreduction 2AIDSCalgary
 
Community impact of the towards patient centered addiction care project
Community impact of the towards patient centered addiction care projectCommunity impact of the towards patient centered addiction care project
Community impact of the towards patient centered addiction care projectAIDSCalgary
 
Working with street involved pregnant women
Working with street involved pregnant womenWorking with street involved pregnant women
Working with street involved pregnant womenAIDSCalgary
 
Street involved pregnant women part 2
Street involved pregnant women part 2Street involved pregnant women part 2
Street involved pregnant women part 2AIDSCalgary
 
Understanding operating systems 5th ed ch01
Understanding operating systems 5th ed ch01Understanding operating systems 5th ed ch01
Understanding operating systems 5th ed ch01BarrBoy
 
Os Swapping, Paging, Segmentation and Virtual Memory
Os Swapping, Paging, Segmentation and Virtual MemoryOs Swapping, Paging, Segmentation and Virtual Memory
Os Swapping, Paging, Segmentation and Virtual Memorysgpraju
 

Viewers also liked (8)

Street involved youth
Street involved youthStreet involved youth
Street involved youth
 
Alpha Harmreduction 2
Alpha Harmreduction 2Alpha Harmreduction 2
Alpha Harmreduction 2
 
Community impact of the towards patient centered addiction care project
Community impact of the towards patient centered addiction care projectCommunity impact of the towards patient centered addiction care project
Community impact of the towards patient centered addiction care project
 
Working with street involved pregnant women
Working with street involved pregnant womenWorking with street involved pregnant women
Working with street involved pregnant women
 
Street involved pregnant women part 2
Street involved pregnant women part 2Street involved pregnant women part 2
Street involved pregnant women part 2
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
Understanding operating systems 5th ed ch01
Understanding operating systems 5th ed ch01Understanding operating systems 5th ed ch01
Understanding operating systems 5th ed ch01
 
Os Swapping, Paging, Segmentation and Virtual Memory
Os Swapping, Paging, Segmentation and Virtual MemoryOs Swapping, Paging, Segmentation and Virtual Memory
Os Swapping, Paging, Segmentation and Virtual Memory
 

Similar to Lecture 4

CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnMaximaSheffield592
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
System security by Amin Pathan
System security by Amin PathanSystem security by Amin Pathan
System security by Amin Pathanaminpathan11
 
8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurityricharddxd
 
Security and protection
Security and protectionSecurity and protection
Security and protectionNital Shingala
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingTop 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hackingleminhvuong
 
Ch04 Footprinting and Social Engineering
Ch04 Footprinting and Social EngineeringCh04 Footprinting and Social Engineering
Ch04 Footprinting and Social Engineeringphanleson
 
2600 v03 n02 (february 1986)
2600 v03 n02 (february 1986)2600 v03 n02 (february 1986)
2600 v03 n02 (february 1986)Felipe Prado
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10blusmurfydot1
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
Microsoft Operating System Vulnerabilities
Microsoft Operating System VulnerabilitiesMicrosoft Operating System Vulnerabilities
Microsoft Operating System VulnerabilitiesInformation Technology
 
Microsoft OS Vulnerabilities
Microsoft OS VulnerabilitiesMicrosoft OS Vulnerabilities
Microsoft OS VulnerabilitiesSecurityTube.Net
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...IJNSA Journal
 

Similar to Lecture 4 (20)

Ch10 system administration
Ch10 system administration Ch10 system administration
Ch10 system administration
 
Ch10
Ch10Ch10
Ch10
 
Ch11
Ch11Ch11
Ch11
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 
CHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization OnCHAPTER 7 Authentication and Authorization On
CHAPTER 7 Authentication and Authorization On
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
System security by Amin Pathan
System security by Amin PathanSystem security by Amin Pathan
System security by Amin Pathan
 
8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurity
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 
Security and protection
Security and protectionSecurity and protection
Security and protection
 
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth takingTop 10 ways to make hackers excited: All about the shortcuts not worth taking
Top 10 ways to make hackers excited: All about the shortcuts not worth taking
 
Module 8 System Hacking
Module 8 System HackingModule 8 System Hacking
Module 8 System Hacking
 
Ch04 Footprinting and Social Engineering
Ch04 Footprinting and Social EngineeringCh04 Footprinting and Social Engineering
Ch04 Footprinting and Social Engineering
 
2600 v03 n02 (february 1986)
2600 v03 n02 (february 1986)2600 v03 n02 (february 1986)
2600 v03 n02 (february 1986)
 
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
IT109 Microsoft Windows 7 Operating Systems Unit 07 lesson 10
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
 
Microsoft Operating System Vulnerabilities
Microsoft Operating System VulnerabilitiesMicrosoft Operating System Vulnerabilities
Microsoft Operating System Vulnerabilities
 
Microsoft OS Vulnerabilities
Microsoft OS VulnerabilitiesMicrosoft OS Vulnerabilities
Microsoft OS Vulnerabilities
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 

More from Education

A friendly introduction to differential equations
A friendly introduction to differential equationsA friendly introduction to differential equations
A friendly introduction to differential equationsEducation
 
High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)Education
 
assembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUassembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUEducation
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3Education
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2Education
 
Data warehousing labs maunal
Data warehousing labs maunalData warehousing labs maunal
Data warehousing labs maunalEducation
 

More from Education (11)

A friendly introduction to differential equations
A friendly introduction to differential equationsA friendly introduction to differential equations
A friendly introduction to differential equations
 
High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)
 
assembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUassembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YU
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
Lecture 3
Lecture 3Lecture 3
Lecture 3
 
Lecture 2
Lecture 2Lecture 2
Lecture 2
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
 
Data warehousing labs maunal
Data warehousing labs maunalData warehousing labs maunal
Data warehousing labs maunal
 

Recently uploaded

Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 

Recently uploaded (20)

Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 

Lecture 4

  • 1. Computer Network Security 1 Protection in OS A brief history There were no Operating Systems Programs were entered by users by means of switches Programs were entered by means of inputs devices like keyboards Each user had exclusive access to the computing system Time sharing Required to load libraries, compilers, linkers, assemblers and then clean up for the next user by removing sensitive code or data
  • 2. Computer Network Security 2 A brief history The first OS were simple utilities called executives Designed to assist programmers and to smooth user to user transition Provided linkers and loaders, compilers and assemblers, and automatic loading of subprograms from libraries Multiprogramming allowed two users to interleave access to resources of a single computing system Researchers developed scheduling, sharing and parallel use
  • 3. Computer Network Security 3 A brief history Multiprogramming OSs, called monitors oversaw each program’s execution While an executive stayed in the background, waiting to be called into action by the user, a monitor maintained control of the computing system and gave access to a resource only if consistent with good use of the system User Multiprogramming brought complications: one user making a mistake on an executive would feel foolish, but a user could not adversely affect the computation of another user
  • 4. Computer Network Security 4 User authentication An OS bases much of its protection on knowing who a user of the system is In real-life, you may ask for an ID before cashing a cheque, or issuing a book Over time organizations and systems have developed means of authentication: documents, voice recognition, fingerprint, retina matching etc In computing, the choices are limited and possibilities are less secure. Anyone can attempt to login to a computing system. A computer can not recognize electrical signals as one person being any different from another
  • 5. Computer Network Security 5 User authentication Most computer authentication systems must be based on something only shared between the user and the computer Authentication mechanism based on: Something the user knows: passwords, PINs, mother’s maiden name Something the user has: identity badges, physical keys, driver’s license Something the user is: biometrics are based on a physical characteristic of the user, such as a fingerprint, the pattern of a person's voice. Two or more forms can be combined for strong security for example, a bank card and a PIN
  • 6. Computer Network Security 6 Use of passwords The most common authentication mechanism for user to operating system is a password Mutually agreed upon code words, assumed to be known only to the system and the user Seems to offer relatively secure system BUT: human practice sometimes degrades its quality
  • 7. Computer Network Security 7 Passwords: loose-lipped systems Consider a would-be intruder: Knows nothing of the system Enter a common name as user name • Invalid user name • Password dialog Enter a guessed password Intruder finds out OS, valid user name
  • 8. Computer Network Security 8 Passwords: additional authentication information Day and time of access Location of access
  • 9. Computer Network Security 9 Attacks on passwords Passwords are somewhat limited as protection devices due to relatively small number of bits of information they contain. Here are some ways you might be able to determine a user's password. Try all possible passwords Try many probable passwords Try passwords likely for the user Search for the system list of passwords Ask the user
  • 10. Computer Network Security 10 Exhaustive attack: brute force All possible passwords: usually automated If a system has a maximum password length of 8 alphabets (26 possibilities): 261 one-character 262 two-character 268 eight-character 26+ 262 +…….+ 268 =5 million At one password per milliseconds, it will take only 150 years to try all possibilities At one password per microseconds, only two months
  • 11. Computer Network Security 11 Probable passwords We prefer smaller passwords that are easy to remember, spell and pronounce At one password per million, it takes only 18.278 seconds for three character passwords Or about 8 minutes for 4 character Or about 3.5 hours for 5 character This analysis assumes that people choose passwords like vxlag and msms as often as they pick enter and boring However, people tend to choose names or words they can remember Programs contain dictionaries of English words It takes only 80 seconds to test all 80,000 words in a dictionary as passwords
  • 12. Computer Network Security 12 Passwords likely for a user People choose passwords that is meaningful to them Spouse name Child’s name Brother or sister’s name Pet’s name Street name Trying this list takes under a second One can try ten of these by hand in under two minutes
  • 13. Computer Network Security 13 Weak passwords Several web sites post dictionaries of phrases, science fiction characters, places, mythological names, Chinese words, Yiddish words, and other specialized lists These help admins identify weak passwords but the same dictionaries can also be used by attackers of sites that do not have such attentive administrators. Tools such as COPS, Crack, and Satan allow an admin to scan a system for weak passwords People think they can be clever by picking a simple password and replacing certain characters such as 0 for o, 1 for I or l, 3 for E, or @ for a
  • 14. Computer Network Security 14 Steps an attacker would take Here are attackers some password guessing steps: No password Same as user id User name or derived from it Common: password, secret, private, asdfg, aaaaa Short college dictionary Complete English word list Common non-English dictionary
  • 15. Computer Network Security 15 Steps an attacker would take Short college dictionary with capitalizations: PaSsWoRd and substitutions of 0 for o etc Complete English with capitalization and substitutions Common non-English dictionary with capitalization and substitutions Brute force, lowercase alphabetic Brute force, full character set
  • 16. Computer Network Security 16 Plaintext system password list To validate passwords, a system must have a way of comparing entries with actual passwords Rather than trying to guess the password why not target the password file Two column: user ID, password Too obvious: Don’t leave out in the open Have to protect it
  • 17. Computer Network Security 17 Protecting plaintext password file Various security approaches are used to conceal the password table from those who should not see it. Strong access controls Only OS can access it Not every OS module needs access, e.g. the operating system scheduler, accounting routines, or storage manager have no need to know the table's contents. Avoid dumping of memory An attacker may carefully time the dump of memory Protect system backups
  • 18. Computer Network Security 18 Encrypted password file Conventional encryption One-way hash
  • 19. Computer Network Security 19 Conventional encryption Receive user password, decrypt stored password and compare But plain text password is available in memory for a while That is, the password is available to anyone who could obtain access to all of memory. Safer to use one-way hash
  • 20. Computer Network Security 20 One-way hash The password table's entries are encrypted by a one-way encryption and then stored. When the user enters a password, it is also encrypted and then compared with the table. If the two values are equal, the authentication succeeds. Unix password file can be read by anyone, unless special access controls have been installed. What if two people choose the same password? I notice that another user’s hashed password is the same as mine in the file
  • 21. Computer Network Security 21 One-way hash - salt Unix circumvents this vulnerability by using a password extension, called the salt. Salt is a 12-bit number derived from the current system time and the process id Likely to be unique for every user Concatenate salt and plaintext password, then hash it Store hash with salt User enters password, fetch salt from file, hash and compare
  • 22. Computer Network Security 22 Indiscreet users Tape to the monitor Card inside the top desk Give away for sharing files
  • 23. Computer Network Security 23 Password selection criteria Use characters other than alphabets Choose long passwords Avoid actual names or words Choose an unlikely password: 2BrnB Change password regularly Don’t write down Don’t tell anyone else
  • 24. Computer Network Security 24 Good password choices Some systems help users by providing meaningless but choices of pronounceable passwords. e.g. VAX VMS Easy to forget and misspell: bliptab Some systems encourage users to change passwords frequently Warn a few days ahead of expiry Leave no choice on day of expiry
  • 25. Computer Network Security 25 One-time passwords Changes every time it is used Assign a static mathematical function, the system provides an argument to the function, and the user computes and returns the function value. Such systems are also called challenge-response systems f(x)=x+1, f(x)=3x2 -9x+2, f(x)=px, px is the xth prime number f(x)=r(x) use x as seed to a random number generator, or the xth random numbers f(a1a2a3a4a5a6)=a3a1a1a4 f(E(x))=E(D(E(x))+1) System provides encrypted value, decrypt, perform arithmetic, re-encrypt One-time passwords are very effective because intercepted passwords are useless
  • 26. Computer Network Security 26 Authentication process Even a terrible typist should be able to type password correctly in a few tries A legitimate user will not complain on a delay of 5 to 10 seconds A penetrator’s job would be made unfeasible Repeated failure = not authorized user
  • 27. Computer Network Security 27 Fixing flaws Trojan horse: a program displays standard prompt e.g. SYSTEM ERROR, DISCONNECTED Make sure system is reinitialized Turn terminal off and then on Pressing break key Ctrl+alt+del System could display something only the user and the system know, such as last login time
  • 28. Computer Network Security 28 ANY QUESTIONS ?