Authentication and Public major Infrastructure

Authentication and Public major Infrastructure

Access Control, Authentication, and Public major Infrastructure

Lesson 5

Security Breaches and the Law

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

1

Learning Objective and Key Concepts

Learning Objective

Assess the consequences of failed access controls and mitigate unauthorized access.

Key Concepts

U.S. federal and state laws passed to deter information theft

Costs associated with inadequate access controls

How access controls can fail

Security breaches and their implications

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

2

DISCOVER: CONCEPTS

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Laws and Data Breaches

Federal and state laws act as deterrents

Organizations are required to take steps to protect the sensitive data

An organization may have a legal obligation to inform all stakeholders

if a breach occurred

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Federal Laws

Computer Fraud and Abuse Act (CFAA) designed to protect electronic data from theft

Digital Millennium Copyright Act (DMCA) prohibits unauthorized disclosure of data by circumventing an established technological measure

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

State Laws

California Identity Theft Statute requires businesses to notify customers when personal information has been disclosed

Research specific laws that apply in your state.

You can begin by visiting your state’s

Office of Attorney General Web site.

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

First-Layer Access Controls

All physical security must comply with all applicable regulations

Access to secure computing facilities granted only to individuals with a legitimate business need for access.

All secure computing facilities that allow visitors must have an access log.

Visitors must be escorted at all times

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Most common and easiest form of access

To be effective: Requires the use of a secure channel through the network to transmit the encrypted password

Not very secure

WHY USE THEM??

Something you know

User friendly – People get the concept (like an ATM pin #)

Two factor authentication

– Combine passwords with a (smart card) token

– ATM card and PIN –improved protection

Easy to manage

Supported across IT platforms

7

Inadequate Access Controls

People

Technology

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

People

Phishing and spear phishing attacks

Poor physical security on systems

File-sharing and social networking sites

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

9

Technology

Very weak password encryption

Web browsers are a major vector for unauthorized access

Web servers and other public-facing

systems, are an entry point for unauthorized access

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

10

DISCOVER: PROCESS

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Security Breach Principles

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

12

System exploits

Eavesdropping

Social engineering

Denial of service (DoS) attacks

Indirect attacks

Direct attacks

Consequences

Security breaches can have serious consequences for an organization.

They can rely on:

Lax physical security

Inadequate logical access controls

A combination of both

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

13

Implications of Security Breaches

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

14

Damages organizations’ computer systems

Financial Impact

Legal action

Loss of reputation

Costs of contacting all of the individuals

Organization’s market share

Summary

U.S. federal and state laws passed to deter information theft

Costs associated with inadequate access controls

How access controls can fail

Security breaches and their implications

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

Virtual Lab

Managing Group Policy Objects in Active Directory

Page ‹#›

Access Control, Authentication, and PKI

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company

www.jblearning.com

All rights reserved.

If your educational institution included the Jones & Bartlett labs as part of the course curriculum, use this script to introduce the lab:

“In this lesson, you learned about ways that compromised access controls can result in security breaches. You also discovered the legal implications of security incidents. One effective way to help prevent security breaches is to enforce system logon security controls.

In the lab for this lesson, you will use the Group Policy Management tool to edit the default domain policy and set up a new password policy. You will also create a new group policy object (GPO) and apply it to an organizational unit.”

3/30/2015

16

The post Authentication and Public major Infrastructure appeared first on best homeworkhelp.

 

Tags: