7/31/2019 Identity Management, Access Control System, & Intrusion Detection
1/19
Identity Management, Access
Control System & Intrusion
Detection
Presented by :
GAURAV JAISWAL
M.Tech. (S.E.) 2nd Sem.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
2/19
Identity Management
Is a discipline which encompasses all tasksrequired to create, manage and delete useridentities in computing environment.
It automatise the administrative process , such
as adding or removing access to specific systems,password reset and enforcing periodic changesof password.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
3/19
Identity Management : Model
In the context of online access systems, IM canbe viewed as the following model:-
1. Pure Identity Model
2. User Access Model
3. Service Model
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
4/19
1. Pure Identity Model
Based on some set of axiomatic principles.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
5/19
2. User Access Model
It requires each user to assume a unique digitalidentity across applications and networked
infrastructures, which protects personal andbusiness information from unauthorized access.
It is a type of access control provided to the user.
For example: a smart card and its associateddata used by a customer to log on to a service(s).
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
6/19
3. Service Model
With respect to the organization, the servicemodel deals with development of their systemsto provide information service to the world.
Online services includes all resources such as
forms, products, telephone services, addressbooks, etc. .
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
7/19
Access Control System
Access management is the heart of anInformation Technology-based security systemand is needed to meet the major goals of
information security confidentiality andintegrity.
Access management is a collection ofmechanisms that works together to create asecurity architecture to protect an informationsystem.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
8/19
Some terminologies are
i. Mandatory Access Control (MAC)
ii. Discretionary Access Control (DAC)
iii. Access Control Lists (ACL)
iv. Rule-Based Access Control (RBAC)
v. Role-Based Access Control (ROBAC)
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
9/19
i. MAC Based on the concept of Subjects, Objects and
Labels. Primarily used by the military and the
government. Access to system resources is under the control of
the administrator and the OS.
ii. DAC Based on the principle that owner is the one who
decides who can get an access to the system.
Allows each user to control access to their owndata.
OS like Windows, Unix, Novells etc. rely on DACprinciples.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
10/19
iii. ACL
It refers to a list or file of users. Contain information such as user id and asassociated privileges.
Privileges are typically read, write, update, execute,
delete ore rename.
iv. RBAC
Provides access based on a set of rules defined by a
system administrator.
Rules are stored in ACL and includes details such aswho has been given the permission to access thesystem, for how many hours, types of privileges, etc.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
11/19
v. ROBAC
Access permission is defined based on the rolesof the user with respect to the organization.
Access rights are grouped by role name and theuse of resources is strictly to an individuals role.
It enhance the system security and also reducethe amount of administrative effort.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
12/19
Some techniques for access control are based on
users requirement, generally known as tokens.
such tokens are divided into two categories
i. Memory tokens
ii. Smart tokens
Traditionally, authentication is mainlyperformed using two kinds of techniques
i. Possession-based
ii. Knowledge-based
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
13/19
The limitation of traditionally authentication
systems are generally overcome by biometric-based authentication, where our own bodybecomes the token and can be used for accesscontrol.
Moreover, if any access control system uses bothbiometric as well as tokens or passwords, itimproves the security.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
14/19
Intrusion Detection
ID system tries to detect an intruder breakinginto the system or an unauthorized user
misusing the system resources.
The goal is to identify any malicious programs
that can violate the security of a computersystems.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
15/19
The function of intrusion detection are as
follows :
i. Monitoring and analyzing both user and
system activities.ii. Analyzing system configurations.
iii. Assessing system and file integrity.
iv. Recognizing patterns typical of attacks.
v. Analyzing abnormal activity patterns.vi. Tracking user policy violation.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
16/19
An ID is composed of several parts i. ASensors to generate security alerts.
ii. AConsole to control the sensor and
iii. central Engine to use of rules to generatealerts.
The ID system follows two-step process :
i. Active componentii. Passive component
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
17/19
Types of ID Systems -
i. Host-based intrusion detection system
ii. Protocol-based intrusion detection system
iii. Hybrid intrusion detection system
iv. Network intrusion detection system
v. Application Protocol based intrusion detection
system.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
18/19
Reference
Phalguni Gupta, Surya Prakash and Umarani ,IT Infrastructure and Its Management, 2nd
edition, 2010 pg. no. 133-144.
7/31/2019 Identity Management, Access Control System, & Intrusion Detection
19/19
THANK YOU