Ragavendhar Access Lab 1
pdf
keyboard_arrow_up
School
Kenyatta University *
*We aren’t endorsed by this school
Course
MISC
Subject
Information Systems
Date
Nov 24, 2024
Type
Pages
3
Uploaded by stevebia77
Designing an Access Control System (3e)
Access Control and Identity Management, Third Edition - Lab 01
Student:
Email:
Ragavendhar Pippala
rpippala22917@ucumberlands.edu
Time on Task:
Progress:
100%
Report Generated:
Wednesday, September 14, 2022 at 4:29 AM
Guided Exercises
Part 1: Research Digital Identity Guidance
3.
Summarize
the process for establishing digital identity, shown in the figure below.
The process of establishing digital identity can be summarized into two parts: enrollment and
interaction with system authenticators. Enrollment involves enrolling an applicant through the CSP in a
process called proofing , where the applicant becomes a subscriber. Authentication in this process is
done on a digital process. Interaction with system authenticators involves verification of an already
enrolled user, thus completing the digital identity process.
5.
Summarize
the requirements suggested by NIST for password-based authentication where
the user is allowed to select his or her own passwords.
1. Character composition rules should not be used 2. Password length should be a minimum of 8
characters and maximum of 64 characters 3. Allowing the use of ASCII and UNICODE characters in
the password 4. Enable copy paste function in the password 5. Change any untrusted or unreliable
passwords and carefully assess authentication failures
Part 2: Design an Access Control System
1.
All of your systems rely on passwords for one of their authentication factors.
Write
a password
policy for the organization that is consistent with the best practices outlined in NIST 800-63b.
The password policy includes: 1. Common phrases should not be used in password 2. Allowed
password length is between 8 to 64 characters 3. The password should have a minimum of one
capital letter, one number and two special characters 4. No repeating the password or a phrase of a
password from the last five times 5. Password has to be changed after every 90 days
Page 1 of 3
Designing an Access Control System (3e)
Access Control and Identity Management, Third Edition - Lab 01
2.
Your website permits different levels of access for the general public and for authenticated
users.
Describe
the authentication process for customers accessing restricted areas of the
website.
Identify
each authentication factor being used by type.
Answer
whether the
approach qualifies as multifactor authentication.
Authentication process for accessing website's restricted areas: Customers can access the restricted
areas using a single factor authentication process that is determined by the information type.
Password or PIN can be used to authenticate. Authentication Factor by Type: What is known
(Password or PIN) What people are (Biometric) People's possession (Access Card) The approach to
access the website does not qualify as a multifactor authentication.
3.
The human resources system requires stricter access controls than the website.
Describe
an
authentication process for managers and HR staff accessing this system.
Identify
each
authentication factor being used by type.
Answer
whether the approach qualifies as multifactor
authentication.
Human resource house sensitive information, which prompts the use of multifactor authentication. The
managers and HR staff will require to first use their password or PIN to start the authentication
process and then use their biometrics to verify the authentication identity. Authentication Factor by
Type: What is known (Password or PIN) What people are (Biometric) Multifactor authentication is used
in this case.
4.
The manufacturing system also requires stricter access controls than the website, but the
authentication system used must be broadly accessible to all users in the company.
Describe
an authentication process for employees accessing this system.
Identify
each authentication
factor being used by type.
Answer
whether the approach qualifies as multifactor
authentication.
The authentication process will involve multifactor authentication where in the first level of security,
employees will be required to input their username and password. Second level security will be
security questions or biometric access. Authentication Factor by Type: What is known (Password or
PIN) What people are (Biometric)
Page 2 of 3
Designing an Access Control System (3e)
Access Control and Identity Management, Third Edition - Lab 01
Challenge Exercise
1.
Which authentication technique(s) are used by this system?
The authentication techniques include: 1. Password authentication 2. Two-factor authentication (2FA)
3. Token authentication 4. Biometric authentication 5. Transaction authentication 6. Computer
recognition authentication
2.
For each technique used, what is the category of the authentication factor?
The category of authentication factor includes: 1. What is known (Passwords and PIN) 2. What people
are (biometrics) 3. Possessions (Smartphone and access card)
3.
Does this system qualify as multifactor authentication?
The system qualifies for multifactor authentication since the authentication approach helps in
optimizing the defense and security mechanism for the system.
4.
If the system does not qualify as multifactor authentication, how could you modify it to qualify?
In order for the system to qualify for multifactor authentication, an upgrade is needed on both the
resources and the software.
Powered by TCPDF (www.tcpdf.org)
Page 3 of 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help