Monday, August 26, 2019
Pervasive Computing in Security Essay Example | Topics and Well Written Essays - 1750 words
Pervasive Computing in Security - Essay Example Authentication is the process of proving that you are who you say you are and establishing proof of identity. Authentication can be achieved through the use of passwords, smart cards, biometrics, or a combination thereof. People are the next most important security component. Often, people are the weakest link in any security infrastructure. Most corporate security relies on the password a user chooses. If the user chooses his or her first name as the password, the time, energy, and money spent evaluating, purchasing, and implementing security solutions go out the window. Numerous methods exist to gain access to a system. Social engineering preying on the weakest factor in any security infrastructure, the human-is one of the most successful methods. From pretending to be a helpdesk worker and asking users to change their passwords, to dressing up as the copy machine repair technician to gain physical access to a building, social engineering is effective in gaining access to an organization's systems. (Andress, 2003) Other methods include trying to guess username and password combinations and using exploits in operating systems and applications to gain access to systems. Some common exploits include buffer overflows, Windows exploits, and Web server application exploits. The most popular tool for information theft attacks is the network sniffer. With a sniffer, an attacker monitors traffic on a network, usually looking for username-password combinations. (Andres, 2003) The use of sniffers is known as a passive attack because the sniffer's snooping does not require any action on the part of the attacker. Active attacks, on the other hand, do require action. Examples of active attacks are "dumpster diving" or calling up an individual at a target company and asking for information. Security Awareness Security awareness can be provided at the utmost by conducting seminars and awareness campaigns. Such campaigns work well in explaining topics like password selection, screen locking, document labeling, and physical (door) security. Posters, e-mails, screensavers, and mouse pads printed with security tips and expectations help provide day-to-day reminders. Some companies even establish security incentive programs for their employees. Multifactor Authentication The three major types of authentication which are commonly used now a days are: Something you know-personal identification number (PIN), password. Something you have-SecurID, smart card, iButton. Something you are-that is, some measurable physical characteristic of you, such as fingerprints
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.