Cmgt400 Week 3

Only available on StudyMode
  • Download(s) : 147
  • Published : December 5, 2012
Open Document
Text Preview
Running head: ASSIGNMENT: SECURING AND PROTECTING INFORMATION  
 
 

 
 
 
 
 
Assignment: Securing and Protecting Information
David Sauerbrei
CMGT/400
11/24/12
Robert L. Quintin
Axia College of University of Phoenix
Assignment: Securing and Protecting Information
Authentication
With the advances in technology, authentication has become part of our everyday lives, whether scanning your badge at work, signing for a credit card purchase, or logging into your Facebook/Twitter accounts.  Authentication is the act of validating your identity while requesting access to software, purchases, or entry to a secured facility.  There are four types of authentication; something you know, something you have, something you are, and something you can produce.  When a service requests two or more types of authentication, it is called strong authentication, such as inserting an identification card and providing a password to access a computer workstation. Something you know refers to the use of passwords, passphrases, and codes or PINs. When creating a password, the user must make the decision to create a string of alphanumeric and special characters with differing cases. The longer and more complicated a password the user creates drastically reduces the risk of cracking or brute force attacks. The same password must also be something easily remembered by the user to dissuade it from being written down and stored onsite or left at the workstation. A solution to this is creating a passphrase, a common phrase or date abbreviated and linked together with special characters to create a personal passphrase difficult to crack but easy to remember. An example of this would be a favorite television show with the day and time it airs.  A common rule is to create a string at least eight character longs with at least one number and one special character, which this example adheres. The something you have method requires the user to carry and use an access control item. A common one used with the military and federal government is a smart card linked to a PIN called a Common Access Card, an identification card with a user photo, scan able bar code, and imbedded chip. This unique card is used for varying levels of granted access to buildings, hardware devices, and software. Another device is the cryptographic token, a computer chip with a display contained within the card. The chip “contains a built-in seed number that uses a formula or a clock to calculate a number that can be used to perform a remote login authentication. Tokens may be either synchronous or asynchronous” (Whitman & Mattord, 2010). When a synchronous token is synchronized to the server, each device uses the time of authentication to create a generated number used for entry to the system during log in.  The asynchronous tokens use a challenge-response system where the server creates a challenge with a number. When the user enters the challenge into the token, a response number is calculated. This response number is entered into the device and entry is authorized. The advantage of this situation is that server synchronization does not occur, preventing errors due to mistiming. The something you are method references to your physical characteristics, your fingerprints, retina, facial recognition, and other defining features used to verify authentication.  Out of the options available, only three are classified as truly unique identifiers, fingerprints, blood vessel pattern of the retina, and the random patterns of the iris. To further the defenses, these characteristics are encrypted and stored so each subsequent scan can be identified and compared. The obvious downside to this security feature is that a person’s features can change over time or with illness and injury causing some difficulty in some instances. The something you can produce authentication is based around the user as well using signatures, voice activation, and the lesser-known keystroke pattern...
tracking img