Please note! This essay has been submitted by a student.
Authentication is the process that requires users trying to connect to a given server remotely to authenticate themselves prior to establishing a session with the server. Usually authentication is a feature that ensures that users provide details that identify themselves with the registered users in the database thus preventing unauthorized access to a given system or server. Network access authentication requires that users contain some certifications which provide a strong security feature for authenticating users and computers into a particular system (Samarati, 1996 p. 341).
Access control is a security feature that controls access to resources in an operating system or network. In computer systems, applications are designed to call access control functions to determine who can gain access to a particular resource that is provided by that particular application (Samarati, 1996 p. 342). Access control can be a controlling access to files, in system storage or access to functions that allows one with administrative rights to change system settings such a clock or user actions. Access control ensures that authenticated users only have access to resources that they are allowed to use.
Auditing within a system is a process of critically analyzing the system in order to ensure that security features are in place and effective. Auditing inspects logs within a system to detect any trace of the intrusion and to probe within a system (Samarati, 1996 p. 343). Auditing ensures that authentication and access control features are activated and function effectively within a system in order to prevent unauthorized persons from accessing resources illegally within a network of resources. In networks, routers record all logs and secure files in a central location where one can analyze log activities that can differentiate authorized, and unauthorized accesses based on the records.
Open system interconnection is the reference model in which applications over a network can communicate. It provides a theoretical framework for understanding relationship which directs vendors and developers in ensuring that the digital communication software and products they develop will interoperate and to make it easy for precise similarity among tools (Reed, 2013).
Securing information sent through a network is as important as securing the computers and encrypting messages. Therefore, when transmitting data the channel of communication should not be left vulnerable to attacks by intruders or hackers who may intercept the message decrypt it and return a false message into the transmission process. Open system interconnection layers provide a way of ensuring that every communication step in the process of communication between devices in a network is secured by upholding data security and network security (Reed, 2013). The security mode layers match to the open system interconnect model . As a result making sure that efficient and effective network designs are produced which avoids the commonly known security problems. For instance, cryptography takes place at the physical layer and the users creating a message are aware thus can select one of the various data security methods to secure their message. Network security is also contained within the physical layer which provides services such as authentication of users, failure detection, intelligent countermeasure strategies and attack detection mechanism.
Describe the impact of a breach of the CIA triad for a campus police department at a midsized private university. Be sure to describe what type of attacks could lead to a CIA triad breach.
CIA triad is the model that is designed control how information if managed within a given organization. CIA entails confidentiality, integrity and availability forming the most significant components in a security system. Any violation on any of the three elements results in a breach of CIA triad and the person involved is regarded as a thread or an intruder. When there is a breach in CIA triad, confidential information held in the database of the police department will be leaked to university students or persons involved in the jamming process (Ning, 2013 p. 47). Thus, violating the confidentiality policy of the department considering CIA triad. Also, information can be tampered with by either insiders misusing privileges or outsiders breaking into the system thus violating the integrity of the information stored in the databases. It makes the information less accurate hence lowering the trustworthiness of the evidence held in the police databases within the department. Intruders such as hackers can also break into the system and erase some important information that would have been used as evidence of crimes thus violating availability policy for information stored in the database (Ning, 2013 p. 48).
You have been hired by the Connecticut State Police to replace their current authentication system for the agency’s criminal database. The old system used a user name and user selected password for authentication. What type of two-factor authentication would you use and why? Account for potential problems, your new authentication system could face.
Regarding the old system of authentication of the police department, it is clear that anyone can perform password guessing until he or she manages to get a password that matches one in the database. To circumvent this threat, I would implement a two-factor authentication involving biometric fingerprint authentication and a membership swipe card. It is because biometric authentication is quite secure in that access to a database can only happen in the presence of the authenticated person and, in addition, his or her employee card. Therefore, even insiders cannot misuse privileges to gain access since they will have to require the fingerprint of the user. Despite the high level of security, this method offers, it has a drawback that is one should always carry his or her card in order to gain access. The card can easily get lost or misplaced hence becoming a hurdle in someway.