Please enable JavaScript.
Coggle requires JavaScript to display documents.
Access Control Systems & Methodology - Coggle Diagram
Access Control Systems & Methodology
Tujuan
Mempelajari mekanisme dan metode yang dipergunakan para administrator/manager untuk mengontrol apa yang boleh diakses user, termasuk apa yang boleh dilakukan setelah otentikasi dan otorisasi, termasuk pemantauannya.
Access Control
The ability to allow only authorized users, programs or processes system or resource access
Implementation
Logical controls
Physical controls
Administrative controls
protection
Data - Unauthorized viewing, modification or copying
System - Unauthorized use, modification or denial of service
It should be noted that nearly every network operating system (NT, Unix, Vines, NetWare) is based on a secure physical infrastructure
Logical Access Control
Operating systems access control
Database and/or application-level access control
Protection
authentication
Multi-factor authentication
To increase the level of security, many systems will require a user to provide 2 of the 3 types of authentication.
password
Problems with passwords
Insecure
Easly Broken
Inconvinient
Repudible
Kerugian Password
Eavesdropper mencuri password saat sedang
diucapkan
Classic password rules
The best passwords are those that are both easy to remember and hard to crack using a dictionary attack.
On-Line password guessing & prevensinya
Ada komputer yang memaksa pemasukkan password hanya oleh manusia (bukan program). Manusia relatif tidak cepat.
Off-line Password Guessing
Menebak password melalui hashnya, karena hash dari password yang umum pasti sama
Password distribution
Pakai KTP/SIM/KTM yang ada fotonya
Authentication Token
Smart Card
Biometrics
Definition
Authenticating a user via human characteristics
via
fingerprint scan
hand geometry
hand signature
disanventage
No common API or other standard
Companies & products are often new & immature
Still relatively expensive per user
Some hesitancy for user acceptance
Adventages
Can‟t be lent like a physical key or token and can‟t be forgotten like a password
Good compromise between ease of use, template size, cost and accuracy
Fingerprint contains enough inherent variability to enable unique identification even in very large (millions of records) databases
Basically lasts forever -- or at least until amputation or
dismemberment
Single sign-on (SSO)
definition
SSO is the process for the consolidating all organization platform-based administration, authentication and authorization functions into a single centralized administrative function.
adventages
It improves an administrator‟s ability to manage users‟ accounts and authorizations to all associates systems
It reduces administrative overhead in resetting forgotten passwords over multiple platforms and applications
Multiple passwords are no longer required, therefore, whereby a user may be more inclined and motivated to select a stronger password
disadventages
Support for all major operating system environments is difficult
The costs associated with SSO development can be significant when considering the nature and extent of interface development and maintenance that may be necessary