Identity Management, Access Control System & Intrusion Detection

Presented by : GAURAV JAISWAL M.Tech. (S.E.) 2nd Sem.

Identity Management
Is a discipline which encompasses all tasks required to create, manage and delete user identities in computing environment. It automatise the administrative process , such as adding or removing access to specific systems, password reset and enforcing periodic changes of password.

Identity Management : Model

In the context of online access systems, IM can be viewed as the following model:1. Pure Identity Model 2. User Access Model 3. Service Model

1. Pure Identity Model

Based on some set of axiomatic principles.

2. User Access Model

It requires each user to assume a unique digital identity across applications and networked infrastructures, which protects personal and business information from unauthorized access.
It is a type of access control provided to the user. For example: a smart card and its associated data used by a customer to log on to a service(s).

3. Service Model
With respect to the organization, the service model deals with development of their systems to provide information service to the world. Online services includes all resources such as forms, products, telephone services, address books, etc. .

Access Control System

Access management is the heart of an Information Technology-based security system and is needed to meet the major goals of information security confidentiality and integrity. Access management is a collection of mechanisms that works together to create a security architecture to protect an information system.

 Some terminologies are i. ii. iii. iv. v. Mandatory Access Control (MAC) Discretionary Access Control (DAC) Access Control Lists (ACL) Rule-Based Access Control (RBAC) Role-Based Access Control (ROBAC)

i. MAC Based on the concept of Subjects, Objects and Labels. Primarily used by the military and the government. Access to system resources is under the control of the administrator and the OS.

ii. DAC Based on the principle that owner is the one who decides who can get an access to the system. Allows each user to control access to their own data. OS like Windows, Unix, Novells etc. rely on DAC principles.

iii. ACL It refers to a list or file of users. Contain information such as user id and as associated privileges. Privileges are typically read, write, update, execute, delete ore rename. iv. RBAC Provides access based on a set of rules defined by a system administrator. Rules are stored in ACL and includes details such as who has been given the permission to access the system, for how many hours, types of privileges, etc.

v. ROBAC

Access permission is defined based on the roles of the user with respect to the organization.
Access rights are grouped by role name and the use of resources is strictly to an individuals role. It enhance the system security and also reduce the amount of administrative effort.

 Some techniques for access control are based on users requirement, generally known as tokens. such tokens are divided into two categories i. Memory tokens ii. Smart tokens

Traditionally, authentication is mainly performed using two kinds of techniques i. Possession-based ii. Knowledge-based

 The limitation of traditionally authentication systems are generally overcome by biometricbased authentication, where our own body becomes the token and can be used for access control.

Moreover, if any access control system uses both biometric as well as tokens or passwords, it improves the security.

Intrusion Detection
ID system tries to detect an intruder breaking into the system or an unauthorized user misusing the system resources. The goal is to identify any malicious programs that can violate the security of a computer systems.

 The function of intrusion detection are as follows : i. ii. iii. iv. v. vi. Monitoring and analyzing both user and system activities. Analyzing system configurations. Assessing system and file integrity. Recognizing patterns typical of attacks. Analyzing abnormal activity patterns. Tracking user policy violation.

 An ID is composed of several parts i. A Sensors to generate security alerts. ii. A Console to control the sensor and iii. central Engine to use of rules to generate alerts. The ID system follows two-step process : i. Active component ii. Passive component

Types of ID Systems i. ii. iii. iv. v. Host-based intrusion detection system Protocol-based intrusion detection system Hybrid intrusion detection system Network intrusion detection system Application Protocol based intrusion detection system.

Reference
Phalguni Gupta, Surya Prakash and Umarani , IT Infrastructure and Its Management, 2nd edition, 2010 pg. no. 133-144.

THANK YOU