Lesson 02 – Authentication & Authorisation
Briefly define the terms below. For each definition include an example to demonstrate your understanding:
• Authentication, Authorisation, Permission, Read/Write Access, Biometrics,
• Security Token, Multi-step Authentication.
• File Systems: FAT, FAT32, NTFS, HFS, APFS, NFS
• Encryption, Decryption, Compression, Decompression, Hashing, SSL, PGP, VPN, PKI, Public Key, Private Key, Certificate Authority.
Authentication
Authentication is a human-to-computer identification process required to ensure a user’s identity. It occurs in almost all human-to-computer interactions other than guest and automatically logged in accounts.
An example of this occurs when logging onto TAFE computers where the user is required to enter an ID and a password to gain access to their selected data and programs or similarly the same procedure occurs when wishing to purchase from online an online site.
References:
1. http://searchsecurity.techtarget.com/definition/user-authentication
2. http://hitachi-id.com/concepts/authentication.html
Authorisation
Authorization refers to both the initial establishment of a user’s access level and the subsequent checking of the assigned access level each time the user logs in to obtain access to the computer. In this manner the computer can determine what data access permissions are available to the user during sessions and ensures that all activities are performed by employees acting within their scope of knowledge and within an approved level of control.
Proper authorisation practices are a proactive method for preventing invalid transactions from occurring.
As an example consider bank protocols which apply authorisation protocols to ensure every staff member can only access data to the level to which they are accredited to do so by their job description.
References:
1. http://searchsecurity.techtarget.com/definition/authorization
Permission
Permissions (also known as privileges or rights ) are access details assigned by network administrators to users defining their access rights to specific network files and data.
Reference:
1. http://www.pcmag.com/encyclopedia/term/58231/user-permissions
Read/Write Access
Refers to a device that can both input and output or transmit and receive, or refers to a file that can be updated and erased. If a shared file is given read/write access, it can be changed by someone else on the network.
Reference:
1. http://www.techopedia.com/definition/12283/read-write-memory-rwm
Biometrics
Biometrics refers to technologies developed to detect and recognise unique human physical characteristics for security purposes. With respect to computer technology, biometrics are analogous with “biometric authentication,” used to facilitate user identification for computer login authorization.
There are several types of common examples of biometric authentication employed including facial recognition, fingerprint or retinal scanning, voice analysis, etc.
Reference:
1. https://techterms.com/definition/biometrics
Security Token
A security token (also known as a key fob) is a physical device, such as a smart card, that together with the entry of a password permits the user authorized access to a computer system.
References:
1. https://whatis.techtarget.com/definition/token
2. http://searchsecurity.techtarget.com/definition/security-token
Multi-step Authentication
Multi-step authentication combines two or more independent categories, such as a piece of information (password) and the measurement of a unique human parameter (biometric verification) or a physical device (key fob), to create a layered defense against an individual’s unauthorized access to an area, computing service or database.
Examples of multi-step authentication include logging into a website and entering an additional one-time password that the website sends to the user’s email address or phone or swiping a key card and entering a PIN into an ATM.
References:
1. http:// searchsecurity.techtarget.com/definition/multifactor-authentication-MFA
2. https://en.wikipedia.org/wiki/Multi-factor_authentication
File Allocation Table (FAT)
FAT, first introduced in 1977 for early Microsoft operating system, is a method to better manage the positioning, storage and retrieval of hard drive data and consists of numbers corresponding to clusters (the basic units of logical storage) of specific data on a hard disk.
The FAT file system reduces the amount of searching for information and thus minimize the wear and extends the lifespan of the hard drive.
Reference:
1. http://www.computerhope.com/jargon/f/fat.htm
FAT32
Fat 32 is an enhanced File Allocation Table modified to be faster and a more flexible system for managing data on both removable and fixed media.
FAT 32 uses a more robust technology, able relocate the root directory, use a backup copy of the FAT instead of the default copy and backup critical data to be less susceptible to failure.
Reference:
1. http://www.computerhope.com/fat32.htm
New Technology File System (NTFS)
The method used by the Windows NT operating system to better manage the positioning, storage and retrieval of network data on hard drives is known as the New Technology File System (NTFS) and is the Windows NT version of the Windows 95 file allocation table (FAT).
Reference:
1. searchwindowsserver.techtarget.com/definition/NTFS
Hierarchical File System.(HFS)
The Hierarchical File System (HFS) refers to the file management method used for file organisation on a Macintosh hard disk which creates directories that expand with the addition of new files and data folders.
Reference:
1. http://www.yourdictionary.com/hierarchical-file-system#computer
APple File System (APFS)
APple File System is the newest file system launched for Apple devices. It offers several technology improvements including being optimized for flash memory, solid state drives while continuing to still support many of the offerings in Apple’s previous file system, HFS+. Other improvements include better crash protection than HFS+ using a new “copy-on-write” meta-data feature, one nanosecond time stamping and enhanced native encryption support.
Reference:
1. http://www.pcmag.com/encyclopedia/term/69041/apfs
Network File System (NFS)
The Network File System (NFS) is a file system protocol, implemented in situations where central management of data is essential, that enables user storage and retrieval of data from remote locations over a shared network.
Reference:
1. http://www.techopedia.com/definition/1845/network-file-system-nfs
Encryption
Encryption is the transformation of data into an unrecognisable cipher (sequence) used to protect sensitive information from unauthorized access. Encryption can be applied to files, storage devices and electronically transferred data.
Encrypted files are usually password protected or require a private key to be accessed.
Reference:
1. http://http://searchsecurity.techtarget.com/definition/data-encryption-decryption-IC
Decryption
Decryption is the process of transforming encrypted data back into its original form, for access by authorised personnel.
Reference:
1. http://http://searchsecurity.techtarget.com/definition/data-encryption-decryption-IC
Compression
Compression is the process by which a reduction in the total number of bits needed to represent specific data is achieved.
Compression is performed by an algorithm which shrinks the size of the data. For example, an algorithm may represent the specific data as a string of 0s and 1s, and substitute it with a smaller string of 0s and 1s by using a dictionary for the conversion between the two data forms. Alternatively, test compression can be as simple as removing all unnecessary characters.
Compressing data can decrease network bandwidth costs, improve the speed of data transfer and reduce data storage requirements .
Reference:
1. http://www.webopedia.com/TERM/D/data_compression.html
Decompression
Decompression is the process of reversing compressed data, by using appropriate software, to expand the compressed file back into its original form for user access.
Reference:
1. http://smallbusiness.chron.com/file-compression-decompression-930.html
Hashing
Hashing is the irreversible change of a text string into a shorter value that represents the original data via an algorithm. Hashing is used in databases to index and retrieve items as it allows faster resource access than using than the original value. It is also used as a means of storing online personal data providing a simple, secure and efficient user authentication and authorisation method.
References:
1. http://www.webopedia.com/TERM/H/hashing.html
2. http://searchsqlserver.techtarget.com/definition/hashing
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) is the standard technology employed to create a encrypted link between a web server and browser for secure data transmission over a network.
SSL is typically used when payment details for a purchase are entered into a website (i.e. the web server) and a browser to maintain the buyer’s payment details secure.
References:
1. https://www.digicert.com/ssl.htm
2. http://searchsecurity.techtarget.com/definition/Secure-Sockets-Layer-SSL
Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is a software program used for encrypting and decrypting e-mail communications to ensure privacy. In principal, PGP uses the public key encryption protocol, where senders and receivers encrypt and decrypt transmissions using their own public and private keys.
PGP is available in several versions offering different features, add-ons and variations in software methodology employed.
References:
1. http://searchsecurity.techtarget.com/definition/Pretty-Good-Privacy
2. https://www.techopedia.com/definition/4062/pretty-good-privacy-pgp
Virtual Private Network (VPN)
A virtual private network (VPN) is an encryption technology that connects the Internet to to a private network, like an institution’s internal network. Although this is a less secure network connection, it provides some level of security when it cannot be provided by the available communication infrastructure.
A VPN is created when it is either too costly or unfeasible to access a private network such as in the case of contractors operating in remote locations and needing to access office support.
References:
1. http://searchenterprisewan.techtarget.com/definition/virtual-private-network
2. http://www.webopedia.com/TERM/V/VPN.html
Public Key Infrastructure (PKI)
Public Key Infrastructure is a framework, based on public key encryption, for facilitating secure network data transfer, where passwords may provide inadequate user authentication or rigorous proof of identity is required and/or to validate the data being transferred. Examples where this may be used include internet activities such as banking, e-commerce and in the transmission of confidential email.
References:
1. http://www.techotopia.com/index.php/An_Overview_of_Public_Key_Infrastructures_(PKI).
2. http://www.pcmag.com/encyclopedia/term/49333/pki
Public Key
A public key is coded software created, by public key cryptography, using algorithms for the purpose of encrypting messages to enable secure network communication. Public and private keys are paired, with data decryption processed by using a different, but mathematically linked, private key.
This type of encryption is often used by government departments to transmit sensitive data to selected receipts. For example the Health Insurance Commission uses this technology to install the protocol for pharmacies to access the Commission’s reimbursement and payment system .
References:
1. http://searchsecurity.techtarget.com/definition/public-key
2. https://www.techopedia.com/definition/16139/public-key
Private Key
A private key is a piece of software code that is mathematically paired with a public key to decrypt received secure data.
References:
1. https://www.techopedia.com/definition/16135/private-key
Certificate Authority
A certificate authority (CA) is a trusted third party entity that issues digital certificates certifying the ownership of a public key by the entity named on the certificate.This allows others to rely upon assertions made about the private key that corresponds to the certified public key.
Examples of Certificate Authorities include: Symantec, DigiCert, GoDaddy, etc.
References:
dsjboiancertiv2017technicaljournal.wordpress.com 