Access controls regulate the admission of users into trusted
areas of an Organization. Access controls or Logical and physical. They are Identification,
Authentication, Authorization and Accountability.
Identification: Is a mechanism that provides information
about an unverified entity that wants to be granted access to known entity,
supplicant identification is called as ID.
Authentication: Is the process of validating a supplicant’s
identity. Ensures that the entity
requesting access is the entity claims to be.
There are four types of Authentication mechanism:
Something you know: This authentication mechanism verifies the
user’s identity by mean of password, passphrase or some other unique authentication
code, such as a pin. A good rule of thumb is for strong password requires at
least 10 characters long, contains at least one letter, one number and one
special character. It is better if it has upper and lowercase combinations.
Below table provides length of password and time to crack the
password based on Intel i7 PC (875K)
|
Length
|
Odds of Cracking: 1 in (Based on Number of Characters and Password
length
|
Estimated time to crack
|
|
8
|
208,827,064,576
|
2.3 Sec.
|
|
9
|
5,429,503,678,976
|
1.0 Min.
|
|
10
|
141,167,095,653,376
|
25.5 Min.
|
|
11
|
3,670,344,486,987,780
|
11.1 Hrs.
|
|
12
|
95,428,956,661,682,200
|
12 Days
|
|
13
|
2,481,152,873,203,740,000
|
311.8 Days
|
|
14
|
64,509,974,703,297,200,000
|
22.2 Years
|
|
15
|
1,677,259,342,285,730,000,000
|
577.5 years
|
|
16
|
43,608,742,899,428,900,000,000
|
15,014.4
Years
|
Something you have: This
authentication mechanism makes use of something a card, or token that the user
or the system has. This category includes ID, ATM cards, smart cards or
cartographic token. Tokens may be Synchronous are synchronized with a server,
each device use the time to generate the authentication number that is entered
during the user login. Asynchronous tokens use a challenge –response system in
which the server challenges the user with a number, then user enters the
challenge number into the token, which in turn calculates a response number,
then the user enter the number into system to gain the access.
Something you are: This mechanism takes advantage of something
inherent in the user that is evaluated suing bio-metrics includes the following;
·
Fingerprints
·
Face recognition.
·
Hand Geometry
·
Retina Scan
·
Iris scan
·
Voice Recognition
·
Palm vein authentication.
Something you produce: This mechanism makes use of something
the use performs or produces, example are signature or voice pattern.
Reference: Management of Information Security by Whitman and
Mattord
No comments:
Post a Comment