Network Access Control: User and Device Authentication

In: Science

Submitted By waleedansari
Words 1319
Pages 6
IT@Intel Brief Intel Information Technology Computer Manufacturing Enterprise Security

Network Access Control: User and Device Authentication
August 2005 Intel IT is piloting new security methods to provide network access control by authenticating devices as well as users. Since networking has evolved to support both wired and wireless access, securing corporate networks from attack has become ever more essential. Therefore, to effectively enforce network access control policies in a proactive manner, we are developing a method to authenticate users and devices before they connect to the network.

Network Access Control at Intel
• Over 90,000 employees worldwide • 80 percent of knowledge workers are mobile and unwired • Over 50,000 remote access users

Background
As a global corporation, Intel IT supports more than 90,000 employees and contractors all over the world, and 80 percent of our knowledge workers are mobile and unwired. Network access depends more and more upon wireless LANs and WANs, as well as virtual private network (VPN) remote access. All of these technologies have the potential to open our network perimeter to threats. When we considered the threat of viruses and worms, it was evident that we needed additional controls to secure the enterprise network and its information assets from unauthorized devices and unauthorized people. Figure 1 shows how we could authenticate devices and users as part of the authentication pyramid.

Figure 1. Authentication pyramid

Info Use Auditing

Access Control

User Device Authentification Authentification

User Identity

Device Identity

What is Device Authentication?
When a device is attached to a network, it can report its identity in secure ways that affirmatively identify when a particular notebook computer or handheld device is accessing the network. We can accomplish this with…...

Similar Documents

Enable Windows Active Directory and User Access Controls

...and User Access Controls LAB #3 – ASSESSMENT WORKSHEET Enable Windows Active Directory and User Access Controls Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview This lab provided students with the hands-on skills needed to create a new Active Directory domain in Windows Server 2003 and demonstrated how to configure a centralized authentication and policy definition for access controls. The Active Directory users and workstation plug-ins were used to create users, groups, and configure role-based access permissions and controls on objects and folders in a Windows Server 2003 Active Directory system. Lab Assessment Questions & Answers 1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization. 2. What two access controls can be set up for Windows Server 2003 folders and authentication? Authentication and Access control. 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? What type of access control would best describe this access control situation? Assessment Worksheet 4. What is the mechanism on a Windows server where you can administer granular policies and 51 permissions on a Windows network using role-based access? 5. What is two-factor authentication, and why is it an effective access control......

Words: 478 - Pages: 2

Lab #3 Enable Windows Active Directory and User Access Controls

...effective access control solution for information systems? Identification, Authentication, and Authorization 2. What two access controls can be setup for a Windows Server 2003 folders and authentication? Authentication and Access control. 3. lf you can browse a file on a Windows network share but are not able to copy it or modify it what type of access controls and permissions are probably configured? What type of Access Control would best describe this access control situation? List Folder Contents – Security Policy based control. 4. What is the mechanism on a Windows Server where you can administer granular policies and permissions on a Windows network using role-based access? Group Policy Editor 5. What is two-factor authentication and why is it an effective access control technique? Two Factor uses two of the three characteristics in Authentication types (Knowledge, Ownership, Characteristics) 6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve C-1-A for departmental LANs, departmental folders, and data. creates security principals in the Active Directory domain partition 7. Is it a good practice to include the account or user name in the password? Why or why not? It is not a good idea to have a user name in the password, because it easy for people can try to hack or decode the password. 8. Can a user who is defined in the Active Directory access a shared drive if that......

Words: 319 - Pages: 2

Access Control Models

...ACCESS CONTROL MODELS An access control model is a framework that dictates how subjects access objects. There are three main types of access control model mandatory access control, discretionary access control and role-based access control. Discretionary (DAC) The creator of a file is the ‘owner’ and can grant ownership to others. Access control is at the discretion of the owner. Most common implementation is through access control lists. Discretionary access control is required for the Orange Book “C” Level. Mandatory (MAC) Much more structured. Is based on security labels and classifications. Access decisions are based on clearance level of the data and clearance level of the user, and, classification of the object. Rules are made by management, configured by the administrators and enforced by the operating system. Mandatory access control is required for the Orange Book “B” Level. Role-Based (RBAC) Continually administered set of controls by role within organization. Access rights assigned to roles – not directly to users. Roles are tighter controlled than groups - a user can only have one role. Can use different types of RBAC Role-based Role within organization. Task-based Specific task assigned to the user. Lattice-based Upper and Lower bounds Access Control Techniques and Technologies Once a company decides on the access control model to use, the technologies and techniques to implement that model need to be determined Role-based Can be used......

Words: 1719 - Pages: 7

Lab 3 Enable Windows Active Directory and User Access Control

...Enable Windows Active Directory and User Access Control 1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication and Authorization 2. What two access controls can be set up for Windows Server 2003 folder and authentication? Authentication and Access Control 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? What type of access control would best describe this access control situation? Folder Contents. The access control best fitting would be security policy. 4. What is the mechanism on a Windows server where you can administer granular policies and permissions on a Windows network using role-based access? This would fall under Group Policies. 5. What is two-factor authentication and why is it an effective access control technique? It is a two different type of identification process. Like an ID card and a pin code. 6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve CIA for departmental LANs departmental folders, and data. The security details are created in the directory domain 7. It is a good practice to include the account or user name in the password? Why or why not? This is definitely not a good or suggested practice because this is a common starting place for hackers to start when attempting to......

Words: 385 - Pages: 2

Access Control Policy

...to define standards for connecting to 's network from any host. These standards are designed to minimize the potential exposure to from damages which may result from unauthorized use of resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical internal systems, etc. 2.0 Scope This policy applies to all employees, contractors, vendors and agents with a -owned or personally-owned computer or workstation used to connect to the network. This policy applies to remote access connections used to do work on behalf of , including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to, dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems, etc. 3.0 Policy 3.1 General 1. It is the responsibility of employees, contractors, vendors and agents with remote access privileges to 's corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to . 2. General access to the Internet for recreational use by immediate household members through the Network on personal computers is permitted for employees that have flat-rate services. The employee is responsible to ensure the family member does not violate any policies, does not perform illegal activities, and does not use the access for outside business interests. The ......

Words: 1119 - Pages: 5

Access Controls

...Remote access control policy definition Richman Investments firm Remote access control policy The following is the firm remote access control policy. The policy will be listing the appropriate access controls for systems, applications and data access. We will be providing a description on each type of access. It is our mission to preserve and protect the Confidentiality, Availability and Integrity of our Firms Information System. 1. Systems Access Control. A. Users are required to use a user ID with password and smart card for accessibility. B. Remote Users are required to use a user ID with password and software token for accessibility. C. All users most change user password every 30 days. D. Users will only have access to their branch office. E. User’s logins will be recorded. F. Only authorized users will be allowed access to their respected system. G. Management users will have access to their own branch office and also to Head Quarters office. H. Desk top, mobile and wireless devices most be loaded with up to date firm ware, OS software and patches. 2. Application Access Control. A. Users will be assigned rights to use individual application. B. Users will have to use first and second layer of authentication to gain access to their application. C. Users will be recorded using application. D. IT Administration is responsible for running monthly application test. E. Applications will be tested for......

Words: 383 - Pages: 2

Role Based Access Controls

...Role Based Access Controls June 16, 2013 Professor M. Hansen In order to establish system design controls that are directly related to the data input mechanism of a network and in order to control data entry operations and prevent unauthorized access to information or data; Role Based Access Controls (RBAC) are required. The basic principle of these controls is that the data entry personnel, on any level, should be allowed limited access to only specific information in order to get their jobs done. Because of higher data requirements, more data access streams, higher employee turnover and outsourcing of data-entry processes there are many avenues where data can acquired illegally from an outside source and within the organization it can also be lost or stolen. “Organizations must provide granular, resource-based access. Every organization must protect business applications and information from unauthorized disclosure and abuse, not only for the obvious business reasons but especially to comply in a confusing, evolving and unforgiving regulatory environment.” (Piscitello, 2005) Access control is the process by which resources or services are granted or denied on a computer system or network. There are four standard access control models as well as specific practices used to enforce access control; identification, authentication, authorization and access.. Identification defines a user accessing a computer system would present credentials or identification, such......

Words: 1484 - Pages: 6

User Authentication: Doing Us a Disservice

...2013 USER AUTHENTICATION: DOING US A DISSERVICE INTRODUCTION: Several Years ago the growth of internet wasn’t rapidly and there were few limited online application. Today, almost everything that can be done offline has an online counterpart. This goes from simple email, access to paying your bill online (Roger ,M.and Carlos,C., 2007). Therefore, authentication is a process in which a user is asked to identify itself by providing certain details. Authentication has become the most integral part of all web based application nowadays. The most used form of authentication is the password and pin approach. Internet usage and online application are experiencing spectacular growth worldwide; there are over a billion internet users at present which utilises the use of the internet. Authentication is necessary in our everyday business because it will cut down the rate of identity theft and also stabilize confidentiality. User authentication faces a major problem as many security geniuses came out to proof that no single security completely protects users from theft. This essay will describe the limitations that can occur in practice of authenticating a user. It will help improve the reader’s knowledge on issue with authentication process, which is done according to the level of authentication. It will review the state of practice of a user authentication; also evaluate the authentication process with three website such as Facebook, Barclays bank and Yahoo. The future of user......

Words: 3317 - Pages: 14

Improving User Authentication on Mobile Devices:

...Improving user authentication on mobile devices: A Touchscreen Graphical Password Summary By: Quaniesha Hillian December 12, 2013 Abstract We analyze three biometric verification modalities – voice, face and motion – and in addition secret word passage, on a portable gadget, to investigate the relative requests on client time, exertion, blunder and errand interruption. Our research center study furnished perceptions of client movements, techniques, and responses to the validation strategies. Face and voice biometrics conditions were speedier than watchword passage. Talking a Pin was the speediest for biometric specimen entrance, yet fleeting memory review was better in the face check condition. None of the confirmation conditions were recognized exceptionally usable. In conditions that consolidated two biometric entrance routines, the opportunity to get the biometric examples was shorter than if obtained independently yet they were extremely disliked and had high memory assignment blunder rates. These quantitative effects exhibit cognitive and engine contrasts between biometric verification modalities, and brief strategy choices in selecting confirmation. Typing text passwords is challenging when using touchscreens on mobile devices and this is becoming more problematic as mobile usage increases. They designed a new graphical password scheme called Touchscreen Multi-layered Drawing specifically for use with touchscreens. They conducted an......

Words: 3240 - Pages: 13

Network Access Control

...Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network.[citation needed] NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. A basic form of NAC is the 802.1X standard. Network Access Control aims to do exactly what the name implies—control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. In plain English[edit] When a computer connects to a computer network, it is not permitted to access anything unless it complies with a business defined policy; including anti-virus protection level, system update level and configuration. While the computer is being checked by a pre-installed software agent, it can only access resources that can remediate (resolve or update) any issues. Once the policy is met, the computer is able to access network resources and the Internet, within the policies defined within the NAC system. NAC is mainly used......

Words: 298 - Pages: 2

Enabling Windows Active Directory and User Access Controls

...Lab #3 – Assessment Worksheet Enabling Windows Active Directory and User Access Controls 1. What are the three fundamental elements of an effective security program for information systems? Identification, Authentication, and Authorization. 2. Of these three fundamental controls, which two are used by the Domain User Admin to create users and assign rights to resources? Authentication and Authorization 2 | Lab #3: Enabling Windows Active Directory and User Access Controls 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what types of access controls and permissions are probably configured? Read only file type, not Read/Rewritable permissions set by an Adminstrative level atleast 4. What is the mechanism on a Windows server that lets you administer granular policies and permissions on a Windows network using role based access? Group Policies 5. What is two-factor authentication, and why is it an effective access control technique? "It is a two different type of identification process. Like an ID card and a pin code." 6. Relate how Windows Server 2012 Active Directory and the configuration of access controls achieve C-I-A for departmental LANs, departmental folders, and data. "security details are created in the directory domain" 7. Is it a good practice to include the account or username in the password? Why or why not? " this is a common starting place for hackers to start when attempting to log......

Words: 410 - Pages: 2

User Authentication for Network Environment

... CHAPTER ONE INTRODUCTION 1. BACKGROUND OF THE STUDY User authentication for network or internet based environment posed a challenging task for system and network administrator. This statement is true and is still very much applicable till these days as it is a well known fact that authentication is being widely incorporated as part of access control for most systems. Authentication has been the catalyst for business organization in information protection and security. Implementation of access control policies, standards or procedures involves the identification of appropriate authentication mechanism whereby the criticality of the information being protected are being used as justification for having a more refined authentication mechanism as compared to a more simple approach. Without the appropriate authentication mechanism in place, attacker could easily gain access to systems or applications by utilizing personal information, gained through various means, including but not limited to social engineering. Conventional textual passwords are the most common mechanism used in authentication. This method requires a user to enter their username and password, either in alphabet or numeric, or more commonly, a mixture of both forms as authentication tokens to gain access to systems or applications. Two recent surveys have shown that users choose short, simple passwords that are easily guessable, for example, “password”, personal names of family members,......

Words: 17307 - Pages: 70

Simple Access Control Policy

...1. Purpose This policy establishes the Access Control Policy for <Company>. <COMPANY> implements access controls across its networks, systems, and services in order to provide appropriate user access while ensuring proper security of data confidentiality, integrity, and availability. Human threats are the primary cause for a wide range of hazards to business systems and information. For this reason, access controls must be put in place to mitigate any possible threat. 2. Scope and Applicability The scope of this policy applies to all Information Technology resources owned and/or operated by <Company>. Any information not specifically identified as the property of other parties that is transmitted or stored on <COMPANY> IT resources is the property of <COMPANY>. All users, including <COMPANY> employees, contractors, vendors or others) of IT resources are held accountable for upholding this policy. The <COMPANY> external website and information contained within it is regarded as “Public” information, and is available to anyone inside or outside the company. 3. Standards Each user provided access to <Company> systems and data is provided this access on a least privilege and need-to-know basis. The corporation will use a combination of role-based access control, mandatory access control, and/or discretionary access control as appropriate in order to safeguard sensitive information. 4. Policy 4.1......

Words: 993 - Pages: 4

Project: Access Control Proposal

...Project: Access Control Proposal * Phase I: Risk mitigation plan to identify critical IT assets * Phase II: Policies and procedures for protecting the IT assets Contents I. Introduction 2 II. Diagram of the proposed solution 3 III. Phase I:Access Control Risk Mitigation 3 1. Identified Treats and vulnerabilities 3 2. IT assets 4 3. Treats and vulnerabilities per IT Domain 4 4. The System Security Team 5 5. Access Control Plan 5 IV. Phase II: Policies and procedures for protecting the IT assets 6 1) General Security Practices for VPN Remote Access 6 2. Protecting Cyber Assets: Secure Interactive Remote Access Concepts 7 2. How Employee Accesses the Corporate Network 9 3. How external Partners (Vendor) Access the Corporate Network 9 V. Conclusion 13 I. Introduction Access control mechanisms operate at a number of levels in a system, from applications down through the operating system to the hardware. Higher-level mechanisms can be more expressive, but also tend to be more vulnerable to attack, for a variety of reasons ranging from intrinsic complexity to implementer skill levels. Most attacks involve the opportunistic exploitation of bugs; and software that is very large, very widely used, or both (as with operating systems) is particularly likely to have security bugs found and publicized. Operating systems are also vulnerable to environmental changes that undermine the assumptions used in their design. The main function of......

Words: 2458 - Pages: 10

Access Control

...you’d like to implement Network Access Control, no matter what architecture you select, you definitely want to start by building a small interoperability lab. In this white paper, we’ll give you some advice on what to think about before you get started, and outline what resources you’ll need to have in place in order to begin testing. Any NAC deployment must start by answering three critical questions: 1) What is my access control policy? 2) What are the access methods (such as LAN, wireless, or VPN) I want to protect? 3) How will this integrate with my existing infrastructure? Once you answer these questions, you can begin to gather test lab resources, such as servers (for policy definition points), laptops or desktops (for network access requestors), and switches, access points, and VPN servers (for policy enforcement points). Getting Started with Network Access Control What is my access control policy? NAC is a generic concept that deals with defining access controls based on user authentication, end-point security assessment, and network environmental information. That’s too big for most network managers to bite off in a single chunk, so many NAC deployments hone in on a subset of these goals and expand over time. You’d be wise to do the same---trying to do too much too early in the lifecycle of this emerging group of products will lead to undue frustration and unnecessary complexity. To start, you should define a simple network access control policy. It is......

Words: 1611 - Pages: 7