KEMBAR78
User Authentication and Access Control (10 Marks) | PDF | Password | User (Computing)
Scribd
Upload
26 views5 pages

User Authentication and Access Control (10 Marks)

The document outlines the processes of identification and authentication, emphasizing their roles in network security. It details the significance of usernames and passwords, along with their management and security challenges. Additionally, it describes various password attack methods, including piggybacking, shoulder surfing, and dumpster diving, highlighting how attackers exploit these vulnerabilities to gain unauthorized access.

Uploaded by

sandeshlahane901
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
26 views5 pages

User Authentication and Access Control (10 Marks)

The document outlines the processes of identification and authentication, emphasizing their roles in network security. It details the significance of usernames and passwords, along with their management and security challenges. Additionally, it describes various password attack methods, including piggybacking, shoulder surfing, and dumpster diving, highlighting how attackers exploit these vulnerabilities to gain unauthorized access.

Uploaded by

sandeshlahane901
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Identification and Authentication

 Identification:
- Identification is the process of recognizing and distinguishing users,
devices, or systems within a network.
- It is the first step in the security process before authentication and
authorization.

 Authentication:
- Authentication is the process of verifying the identity of a user, device,
or system before granting access to resources.
- It ensures that the entity claiming an identity is actually who they say
they are.

User name and Password


 User name:
- A username (also called a user ID, login name, or account name)
is a unique identifier assigned to a user in a system, network, or online
platform.
- It is used for identification during the authentication process.

 Password:
- A password is a secret combination of characters (letters, numbers,
symbols) used to verify a user's identity during authentication.
- It acts as a security key to protect access to accounts, systems, or
data.

 User name and Password Management:


1. The first step is called identification
2. The second step is called authentication.
3. Entity authentication: The process of verify the identify claimed by
some system entity.
4. Password Security Management: Managing password security can
be little expensive and obtaining a valid password is a common way of
gaining unauthorized access to a computer system.

Password Attacks
Password attack is the process of attempting to gain unauthorized access to
restricted systems using common password or algorithms that guess
passwords. In other words, it is an art of obtaining the correct password that
gives access to a system protected by an authentication method.

Types of Password Attacks:

1. Piggybacking
2. Shoulder surfing
3. Dumpster diving

1. Piggybacking:

Piggybacking is a type of password attack. Password attack is the process


of attempting to gain unauthorized access to restricted systems using
common password or algorithms that guess passwords. In other words, it
is an art of obtaining the correct password that gives access to a system
protected by an authentication method.

Piggybacking is a social engineering attack where an attacker gains an


unauthorized access to a system or network by following an authorized
person without permission.

Piggybacking is when an attacker uses someone else's access to enter a


secure area or system without permission.

Piggybacking is the simple approach of following closely behind a person


who has just used their own access card or PIN to gain physical access to
a room or building.

In this way an attacker can gain access to the facility without knowing the
access code or acquiring an access card.

Example:

- A person enters a secure building by following an employee through a


locked door without using their own ID card.
- In Wi-Fi networks, piggybacking means using someone’s Wi-Fi without
permission.

2. Shoulder Surfing:

Shoulder surfing is a type of password attack. Password attack is the


process of attempting to gain unauthorized access to restricted systems
using common password or algorithms that guess passwords. In other
words, it is an art of obtaining the correct password that gives access to a
system protected by an authentication method.

Shoulder surfing is a type of social engineering attack where someone


secretly watches you while you enter confidential information like
passwords, PINs, or credit card numbers.

Shoulder surfing is the act of spying over someone's shoulder to steal


sensitive information, usually in public places.

Shoulder surfing is similar procedure, when an attackers position


themselves in such a way that he is able to observe the authorized user
entering the correct access code.

This attack is by direct observation techniques, like looking over some


one when he is entering PIN or password etc.

Example:

- Someone watches you type your ATM PIN from behind in a queue.
- A person sitting next to you on a bus glances at your phone while you
enter your password.

3. Dumpster diving:

Password attack is the process of attempting to gain unauthorized access


to restricted systems using common password or algorithms that guess
passwords. In other words, it is an art of obtaining the correct password
that gives access to a system protected by an authentication method.

Dumpster diving is a social engineering attack where an attacker


searches through discarded documents, storage devices or trash to
obtain sensitive information.

Dumpster diving is the act of retrieving sensitive data (like passwords,


account details, or personal documents) from physical or digital waste.
Example:

 Finding and using old bank statements, password notes, or employee


ID cards thrown in the trash.
 Recovering deleted files from unsecured old computers or hard drives.

You might also like