We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

Check Writers' Offers

What's Your Topic?

Hire a Professional Writer Now

The input space is limited by 250 symbols

What's Your Deadline?

Choose 3 Hours or More.
Back
2/4 steps

How Many Pages?

Back
3/4 steps

Sign Up and Get Writers' Offers

"You must agree to out terms of services and privacy policy"
Back
Get Offer

Authentication and Authorization Methodologies

Paper type: Essay
Pages: 4 (891 words)
Categories: Computer, Computer security, Network Security, Networking, Technology
Downloads: 38
Views: 4

Authentication and Authorization Methodologies

Authentication and Authorization MethodologiesIn our generation digital environment is highly vulnerable to attacks such as hackers and spammers. Therefore, implementing authentication and authorization are the most vital factors should be put in place when it comes to the security of information. The system meant for authentication purpose in any organization must be integrated in a manner that guarantees customer’s security of their data. Organizations led by Chief Executive Officer (CEO), Chief Information Officer (CIO) together with their team of staffs have a greater responsibility of making use of authentication and authorization as a top prior to ensure security of the databases.

, this could be organization’s planning/management data, their client’s data or partners. This context focuses on options for the authentication and authorization methodologies but particularly for the Navy Federal Credit Union the organization of choice and finally, recommend on how to mitigate the impacts of risks from vulnerabilities.

Roles of Employed by Navy Federal Credit Union Regarding Data Security.

Accounts existence are scattered across the internet. Each and every one of those accounts is has potential vulnerability to attacks and can interfere with confidentiality of vital data. The Navy Federal Credit Union has employed creation of unique username and password when users are creating their accounts. Their systems also incorporate password reset as well as change of username in case one has forgotten any of the later or suspects information leak. Moreover, the organization ensure their ATM’s used by their customers are safe from phishing and others attacks. Their entrusted staffs are ever alert and constantly keep monitoring systems for possible suspicious occurrence.

Common Attacks Against Access Control Methods

Although Navy Federal Credit Union has put in place security measures to control access of data as explained above, there are still vulnerabilities. For instance, they have not yet established a formal password policy that is able to meet the organization’s regulatory requirement. Instead, makes it optional for its clients to choose their passwords that are at times inconvenient and unreliable due to their weak status. Moreover, the organization uses a single-factor authentication which compromises the clients’ personal information such as the social security number, income, account transaction payment history, account information and account balance. The Navy Federal Credit Union uses a single Sign-On technology where the user is assigned into a single screen name which results in the logging in or unlocking of multiple webpages/sites and applications. Integrated systems with the ability to monitor the accessibility or permissions attracts vulnerability to attack due to the use of single authentication protocol. For instance, the system incorporate password reset feature, unauthorized person might gat an opportunity to predict a current or future password in the process of changing it via single authentication. It has been proven that regular changing of passwords does more harm than good, furthermore, this act is ineffective as a means of securing data.

Countermeasures to Reduce Vulnerabilities and Mitigate Potential Attacks on Access Methods.

Two-factor authentication is greatly recommended where an account is secured by two different locks with different factors before access is granted. Rather than the password, the two-factor authentication adds an added security. It can be a number of questions which have to be provided with the right answers in order to validate the actual account owner. An SMS message can be sent to your phone number, as a secret key. The organization should also put in place a password policy in the context of mandatory password expiration to increase the security (Wanger et al., 2015).

All the servers in the organization should use Active networks as they involve fast dynamics of varying element configuration because of the downloading and performing of Active Applications (AAs). These changes are required to be automated in order to launch an AA, on the other hand, the system that automates configuration should also be updated as new AA is launched. Conclusively, the self-configuring network automates configuration management (Kim, 2013).

The Navy Federal Union should react in ad-hoc fashion with a response plan in the aim of limiting data breach as much as possible. The Computer Security Incidence Response Team (CSIRT) can as well coordinate response effort through a number of ways including the identification of target attacks. Determining the threat severity through Geo IP services, intelligence and reputation feed and Virus Total. Verifying the infection if any and finally containing the threat (Tondel et al., 2014)

Conclusion

Globally, organizations encounter various risks associated with different threats, regardless of the nature or state of threat, it is up to the administrators of the organization to responsibly limit and contain the risks from respective threats. With the objective of improving IT security through vulnerability management, the Navy Federal Union or any other organizations should determine their scope. Identify the asset owners, manage expectations, work with single authoritative source and finally formulate policies, business, systems and customers are better protected when there is well integrated vulnerability management process

References

  1. Kim, H., & Feamster, N. (2013). Improving network management with software defined networking. IEEE Communications Magazine, 51(2), 114-119.
  2. Tondel, I. A., Line, M. B., & Jaatun, M. G. (2014). Information security incident management: Current practice as reported in the literature. Computers & Security, 45, 42-57.
  3. Wang, D., He, D., Wang, P., & Chu, C. H. (2015). Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Transactions on Dependable and Secure Computing, 12(4), 428-442.

Cite this essay

Authentication and Authorization Methodologies. (2019, Nov 19). Retrieved from https://studymoose.com/authentication-and-authorization-methodologies-example-essay

How to Avoid Plagiarism
  • Use multiple resourses when assembling your essay
  • Use Plagiarism Checker to double check your essay
  • Get help from professional writers when not sure you can do it yourself
  • Do not copy and paste free to download essays
Get plagiarism free essay

Not Finding What You Need?

Search for essay samples now

image

Your Answer is very helpful for Us
Thank you a lot!