Information about Logical Security
Logical Security consists of software safeguards for an organization’s systems, including user ID and password access, authentication, access rights and authority levels. These measures are to ensure that only authorized users are able to perform actions or access information in a network or a workstation. It is a subset of computer security.
Guest accounts, or anonymous logins, are set up so that multiple users can log in to the account at the same time without a password. Users are sometimes asked to type a username. This account has very limited access, and is often only allowed to access special public files. Usually, anonymous accounts have read access rights only for security purposes.
The superuser is an authority level assigned to system administrators on most computer operating systems. In Unix and related operating systems, this level is also called root, and has all access rights in the system, including changing ownership of files. In pre-Windows XP and NT systems (such as DOS and Windows 9x), all users are effectively superusers, and all users have all access rights. In Windows NT and related systems (such as Windows 2000 and XP), a superuser is known as the Administrator account. However, this Administrator account may or may not exist, depending on whether separation of privileges has been set up.
Elements of logical security
Elements of logical security include:- User IDs, also known as logins, user names, logons or accounts, are unique personal identifiers for agents of a computer program or network that is accessible by more than one agent. These identifiers are based on short strings of alphanumeric characters, and are either assigned or chosen by the users.
- Authentication is the process used by a computer program, computer, or network to attempt to confirm the identity of a user. Blind credentials (anonymous users) have no identity, but are allowed to enter the system. The confirmation of identities is essential to the concept of access control, which gives access to the authorized and excludes the unauthorized.
- Biometrics authentication is the measuring of a user’s physiological or behavioral features to attempt to confirm his/her identity. Physiological aspects that are used include fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements. Behavioral aspects that are used include signature recognition, gait recognition, speaker recognition and typing pattern recognition. When a user registers with the system which he/she will attempt to access later, one or more of his/her physiological characteristics are obtained and processed by a numerical algorithm. This number is then entered into a database, and the features of the user attempting to match the stored features must match up to a certain error rate.
Token Authentication
Token Authentication comprises security tokens which are small devices that authorized users of computer systems or networks carry to assist in identitfying that who is logging in to a computer or network system is actually authorized. They can also store cryptographic keys and biometric data. The most popular type of security token (RSA’s SecurID) displays a number which changes every minute. Users are authenticated by entering a personal identification number and the number on the token. The token contains a time of day clock and a unique seed value, and the number displayed is a cryptographic hash of the seed value and the time of day. The computer which is being accessed also contains the same algorithm and is able to match the number by matching the user’s seed and time of day. Clock error is taken into account, and values a few minutes off are sometimes accepted. Another similar type of token (CryptoCard) can produce a value each time a button is pressed. Other security tokens can connect directly to the computer through USB, Smart card or Bluetooth ports, or through special purpose interfaces. Cell phones and PDA's can also be used as security tokens with proper programming.Password Authentication
Password Authentication uses secret data to control access to a particular resource. Usually, the user attempting to access the network, computer or computer program is queried on whether they know the password or not, and is granted or denied access accordingly. Passwords are either created by the user or assigned, similar to usernames. However, once assigned a password, the user usually is given the option to change the password to something of his/her choice. Depending on the restrictions of the system or network, the user may change his/her password to any alphanumeric sequence. Usually, limitations to password creation include length restrictions, a requirement of a number, uppercase letter or special character, or not being able to use the past four or five changed passwords associated with the username. In addition, the system may force a user to change his/her password after a given amount of time.Two-Way Authentication
Two-Way Authentication involves both the user and system or network convincing each other that they know the shared password without transmitting this password over any communication channel. This is done by using the password as the encryption key to transmit a randomly generated piece of information, or “the challenge.” The other side must then return a similarly encrypted value which is some predetermined function of the originally offered information, his/her “response,” which proves that he/she was able to decrypt the challenge. Kerberos (a computer network authentication protocol) is a good example of this, as it sends an encrypted integer N, and the response must be the encrypted integer N + 1.Common setup and access rights
Access Rights and Authority Levels are the rights or power granted to users to create, change, delete or view data and files within a system or network. These rights vary from user to user, and can range from anonymous login (Guest) privileges to Superuser (root) privileges. Guest and Superuser accounts are the two extremes, as individual access rights can be denied or granted to each user. Usually, only the system administrator (a.k.a. the Superuser) has the ability to grant or deny these rights.Guest accounts, or anonymous logins, are set up so that multiple users can log in to the account at the same time without a password. Users are sometimes asked to type a username. This account has very limited access, and is often only allowed to access special public files. Usually, anonymous accounts have read access rights only for security purposes.
The superuser is an authority level assigned to system administrators on most computer operating systems. In Unix and related operating systems, this level is also called root, and has all access rights in the system, including changing ownership of files. In pre-Windows XP and NT systems (such as DOS and Windows 9x), all users are effectively superusers, and all users have all access rights. In Windows NT and related systems (such as Windows 2000 and XP), a superuser is known as the Administrator account. However, this Administrator account may or may not exist, depending on whether separation of privileges has been set up.
See also
References and Further Reading
- The Information Security Glossary and Reference Source
- Tom Sheldon's Linktionary.com
- Reduce SecurID Card Frustration
- Securing Logical Access
Computer software is a general term used to describe a collection of computer programs, procedures and documentation that perform some task on a computer system. [1]
..... Click the link for more information.
..... Click the link for more information.
ID, I.D. or id may refer to:
..... Click the link for more information.
- identification (popular-speech abbreviation)
- identity card
- the Id in the Id, ego, and super-ego psychological construct
- the identity function in mathematics.
..... Click the link for more information.
A password is a form of secret authentication data that is used to control access to a resource. The password is kept secret from those not allowed access, and those wishing to gain access are tested on whether or not they know the password and are granted or denied access
..... Click the link for more information.
..... Click the link for more information.
as a college campus, industrial complex, or a military base. A CAN, may be considered a type of MAN (metropolitan area network), but is generally limited to an area that is smaller than a typical MAN.
..... Click the link for more information.
..... Click the link for more information.
workstation, such as a Unix workstation, RISC workstation or engineering workstation, is a high-end desktop or deskside microcomputer designed for technical applications.
..... Click the link for more information.
..... Click the link for more information.
Computer security is a branch of information security applied to both theoretical and actual computer systems. Computer security is a branch of computer science that addresses enforcement of 'secure' behavior on the operation of computers.
..... Click the link for more information.
..... Click the link for more information.
Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true.
..... Click the link for more information.
..... Click the link for more information.
Biometrics (ancient Greek: bios ="life", metron ="measure") is the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.
..... Click the link for more information.
..... Click the link for more information.
security token (or sometimes a hardware token, authentication token or cryptographic token [1]) may be a physical device that an authorized user of computer services is given to aid in authentication.
..... Click the link for more information.
..... Click the link for more information.
RSA SecurID is a mechanism developed by RSA Security for performing two-factor authentication for a user to a network resource.
..... Click the link for more information.
Overview
The RSA SecurID authentication mechanism consists of a "token"—a piece of hardware (e.g. a token or USB) or software (e.g...... Click the link for more information.
USB
Universal Serial Bus
Original USB Logo
Year created: January 1996
Width:
Number of devices: 127 per host
Capacity Up to 12Mbit/s (USB 1.0)
Up to 480 Mbit/s (USB 2.
..... Click the link for more information.
Universal Serial Bus
Original USB Logo
Year created: January 1996
Width:
Number of devices: 127 per host
Capacity Up to 12Mbit/s (USB 1.0)
Up to 480 Mbit/s (USB 2.
..... Click the link for more information.
smart card, chip card, or integrated circuit card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information.
..... Click the link for more information.
..... Click the link for more information.
Bluetooth is an industrial specification for wireless personal area networks (PANs). Bluetooth provides a way to connect and exchange information between devices such as mobile phones, laptops, PCs, printers, digital cameras, and video game consoles over a secure, globally
..... Click the link for more information.
..... Click the link for more information.
Personal digital assistants (PDAs) are handheld computers, but have become much more versatile over the years. PDAs are also known as pocket computers or palmtop computers.
..... Click the link for more information.
..... Click the link for more information.
On many computer operating systems, superuser, or root, is the term used for the special user account that is controlled by the system administrator.
Many older operating systems on computers intended for personal and home use, including MS-DOS and Windows 9x, are not
..... Click the link for more information.
Many older operating systems on computers intended for personal and home use, including MS-DOS and Windows 9x, are not
..... Click the link for more information.
Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner.
..... Click the link for more information.
..... Click the link for more information.
Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elaborate as multiple layers of armed guardposts.
..... Click the link for more information.
..... Click the link for more information.
Security is the condition of being protected against danger or loss. In the general sense, security is a concept similar to safety. The nuance between the two is an added emphasis on being protected from dangers that originate from outside.
..... Click the link for more information.
..... Click the link for more information.
This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.
Herod_Archelaus
