Logical security
   HOME

TheInfoList



Click Here for Items Related To - Logical security
OR:
Logical security on:   [Wikipedia]   [Google]   [Amazon]

Logical Security consists of
software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consist ...
safeguards for an organization’s systems, including user identification and password access, authenticating, access rights and authority levels. These measures are to ensure that only authorized users are able to perform actions or access information in a
network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematic ...
or a workstation. It is a subset of
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
.


Elements

Elements of logical security are: *User IDs, also known as logins, user names, logons or accounts, are unique personal identifiers for agents of a computer program or network that is accessible by more than one agent. These identifiers are based on short strings of alphanumeric characters, and are either assigned or chosen by the users. *
Authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
is the process used by a computer program, computer, or network to attempt to confirm the identity of a user. Blind credentials (anonymous users) have no identity, but are allowed to enter the system. The confirmation of identities is essential to the concept of access control, which gives access to the authorized and excludes the unauthorized. *
Biometrics Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify i ...
authentication is the measuring of a user’s physiological or behavioral features to attempt to confirm his/her identity. Physiological aspects that are used include fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements. Behavioral aspects that are used include signature recognition,
gait recognition Gait analysis is the systematic study of animal locomotion, more specifically the study of human motion, using the eye and the brain of observers, augmented by instrumentation for measuring body movements, body mechanics, and the activity of the ...
, speaker recognition and typing pattern recognition. When a user registers with the system which he/she will attempt to access later, one or more of his/her physiological characteristics are obtained and processed by a numerical algorithm. This number is then entered into a database, and the features of the user attempting to match the stored features must match up to a certain error rate.


Token Authentication

Token Authentication are small devices that authorized users of computer systems or networks carry to assist in identifying that who is logging into a computer or network system is actually authorized. They can also store cryptographic keys and biometric data. The most popular type of security token (
RSA SecurID RSA SecurID, formerly referred to as SecurID, is a mechanism developed by RSA for performing two-factor authentication for a user to a network resource. Description The RSA SecurID authentication mechanism consists of a " token"—either ...
) displays a number which changes every minute. Users are authenticated by entering a
personal identification number A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code, is a numeric (sometimes alpha-numeric) passcode used in the process of authenticating a user accessing a system. The PIN has been the key to facilitati ...
and the number on the token. The token contains a time of day clock and a unique seed value, and the number displayed is a cryptographic hash of the seed value and the time of day. The computer which is being accessed also contains the same algorithm and is able to match the number by matching the user’s seed and time of day. Clock error is taken into account, and values a few minutes off are sometimes accepted. Another similar type of token (Cryptogram) can produce a value each time a button is pressed. Other security tokens can connect directly to the computer through USB,
Smart card A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...
or
Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limi ...
ports, or through special purpose interfaces. Cell phones and
PDA PDA may refer to: Science and technology * Patron-driven acquisition, a mechanism for libraries to purchase books *Personal digital assistant, a mobile device * Photodiode array, a type of detector * Polydiacetylenes, a family of conducting po ...
's can also be used as security tokens with proper programming.


Password Authentication

Password Authentication uses secret data to control access to a particular resource. Usually, the user attempting to access the network, computer or computer program is queried on whether they know the password or not, and is granted or denied access accordingly. Passwords are either created by the user or assigned, similar to usernames. However, once assigned a password, the user usually is given the option to change the password to something of his/her choice. Depending on the restrictions of the system or network, the user may change his/her password to any alphanumeric sequence. Usually, limitations to password creation include length restrictions, a requirement of a number, uppercase letter or special character, or not being able to use the past four or five changed passwords associated with the username. In addition, the system may force a user to change his/her password after a given amount of time.


Two-Way Authentication

Two-Way Authentication involves both the user and system or network convincing each other that they know the shared password without transmitting this password over any communication channel. This is done by using the password as the encryption key to transmit a randomly generated piece of information, or “the challenge.” The other side must then return a similarly encrypted value which is some predetermined function of the originally offered information, his/her “response,” which proves that he/she was able to decrypt the challenge. Kerberos (a computer network authentication protocol) is a good example of this, as it sends an encrypted integer N, and the response must be the encrypted integer N + 1.


Common setup and access rights

Access Rights and Authority Levels are the rights or power granted to users to create, change, delete or view data and files within a system or network. These rights vary from user to user, and can range from anonymous login (Guest) privileges to
Superuser In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of t ...
(root) privileges. Guest and Superuser accounts are the two extremes, as individual access rights can be denied or granted to each user. Usually, only the system administrator (a.k.a. the Superuser) has the ability to grant or deny these rights. Guest accounts, or anonymous logins, are set up so that multiple users can log into the account at the same time without a password. Users are sometimes asked to type a username. This account has very limited access, and is often only allowed to access special public files. Usually, anonymous accounts have read access rights only for security purposes. The superuser is an authority level assigned to system administrators on most computer operating systems. In Unix and related operating systems, this level is also called root and has all access rights in the system, including changing ownership of files. In pre-Windows XP and NT systems (such as DOS and Windows 9x), all users are effectively superusers, and all users have all access rights. In Windows NT and related systems (such as Windows 2000 and XP), a superuser is known as the Administrator account. However, this Administrator account may or may not exist depending on whether separation up.


See also

*
methods Method ( grc, μέθοδος, methodos) literally means a pursuit of knowledge, investigation, mode of prosecuting such inquiry, or system. In recent centuries it more often means a prescribed process for completing a task. It may refer to: *Scien ...
* Kerberos *
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
*
Security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...


References

{{Reflist Computer security software