• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.701 ■ Spring 2022 ■ Jose Gomez
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit 01 – Threat Environment
      • Unit 02 – System Security Plan
      • Unit 03 – Planning and Policy
      • Unit 04 – Cryptography
      • Unit 05 – Secure Networks
      • Unit 06 – Firewalls
      • Unit 07 – Mid-Term Exam
    • Second Half of the Semester
      • Unit 08 – Access Control
      • Unit 9 Host Hardening
      • Unit 10 Application Security
      • Unit 11 Data Protection
      • Unit 12 – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Equifax Data Breach
    • Participation
    • Team Project
  • Harvard Coursepack
  • Gradebook
  • Zoom

My question to discuss with my classmates

March 2, 2022 by Jose Gomez 29 Comments

Filed Under: 08 - Access Control Tagged With:

Reader Interactions

Comments

  1. kofi bonsu says

    March 6, 2022 at 2:00 pm

    The question that I may be willing to discuss with my classmates with regard to to security and managing facility access is how to select the right access control system, one that meets your business’ specific needs. This is so because there are many different types of access control systems available in the market today, such as standalone systems for one to four doors, mid-size systems that use single-factor authentication such as a keypad or proximity card, or large-scale systems that enable organizations to provide access to employees at multiple facilities in different states while using a single credential.

    Log in to Reply
  2. Madalyn Stiverson says

    March 6, 2022 at 3:19 pm

    What’s the danger of using biometric data as a method of authentication?

    Log in to Reply
    • Patrick Jurgelewicz says

      March 7, 2022 at 9:30 pm

      Hey Madalyn, some dangers that come with using biometric data as a method of authentication are deception and unreliability. Fingerprint scanners using unsophisticated methods are frequently subject to deception, and facial recognition and voice recognition yield high error rates.

      Log in to Reply
    • Kyuande Johnson says

      March 8, 2022 at 8:13 pm

      Biometrics are inherently public, so someone could duplicate some traits from another person. For example, a criminal could lift a person’s fingerprint from a glass tabletop. Then, they can use this information to gain access to a device or account.

      Log in to Reply
    • Antonio Cozza says

      March 8, 2022 at 8:17 pm

      While biometric data is quite useful at times, and the third type of authentication factor, it does come with some downsides just like any other security implementation / mechanism. Biometric data is somewhat more challenging to duplicate or steal, but nonetheless, fingerprints can still be stolen off a surface if the attacker is near the target. Biometric data is also still stored in a database, which can be broken into like any other database. The most obvious one as well is false positives; while biometric data is highly accurate in most cases, there are still false positives.

      Log in to Reply
    • Victoria Zak says

      March 8, 2022 at 11:48 pm

      Hi Madalyn,

      Biometrics was the most interesting to me while reading the chapter for this week. The downfall of utilizing biometric data as authentication is a cybercriminal being able to track someone with or without their knowledge by using biometric data from public cameras. Additionally, voice recordings that are leaked from the device can put someone at risk as well.

      Log in to Reply
    • kofi bonsu says

      March 9, 2022 at 2:15 am

      Hi Madalyn
      I like your question simply because accurate collection of biometric data is essential for its security as a method of authentication. From a practical standpoint, incorrectly capturing data can result in access problems down the line.

      Log in to Reply
  3. Dhaval Patel says

    March 6, 2022 at 3:31 pm

    What are some of the pros and cons of log files, and what might be considered best practices for log file retention?

    Log in to Reply
    • Kelly Sharadin says

      March 7, 2022 at 10:44 pm

      Hi Dhaval,

      Pros of logging would be increased visibility for cyber defense. Critical logs an organization should enable include firewall, auditing, host-based (Windows Event and Auditd), and web servers. These are key areas an organization must have visibility. Enabling logging assists security professionals with investigations, e-discovery, and even network troubleshooting.

      The most notable cons of logging are the increased costs and employee overhead resulting from ingesting and storing logs. Organizations acquire gigs of log data that an analyst must parse through. If there is no SIEM in place to help centralize and automate, logging becomes unfeasible for analysis.

      Log in to Reply
    • Antonio Cozza says

      March 8, 2022 at 8:20 pm

      Pros of log files are that they help organizations track the relevant data that they would want to be retained, assuming they have established logging in a reasonable way. They also help ensure that organizations in compliance with the relevant regulations to the business type and location. Most obviously, log files are used as needed for analyzing whatever type of data deemed important at that time; for example, an organization can observe network traffic logs to understand what types of attacks it may be being targeted by.

      Log in to Reply
  4. zijian ou says

    March 7, 2022 at 3:00 am

    How to audit password?

    Log in to Reply
    • Vraj Patel says

      March 8, 2022 at 11:18 am

      Hello Zijian,
      There are multiple tools that can help audit the passwords such as RainbowCrack, Cain and Abel, and Wfuzz. This tools can be used to check for any weak or common password used by the user.

      Log in to Reply
    • Kyuande Johnson says

      March 8, 2022 at 8:23 pm

      There are a list of tools that can be utilize when auditing passwords
      Examples:
      – Rainbow Crack
      – Wfuzz
      – Cain and Abel
      – THC Hydra
      – Ncrack

      Log in to Reply
    • Antonio Cozza says

      March 8, 2022 at 8:29 pm

      There are multiple ways to audit a password. Some password cracking / audit tools are included in penetration testing products like Kali Linux through software like Cain and Abel, John the Ripper for network authentication mainly, and for web applications through OWASP ZAP or Burp Suite. Administrators can also enforce security controls in an environment like Windows AD which force users to establish a password that meets certain minimum criteria, which help the strength of a password to an extent. The same can be done in Linux by editing the pam or /etc/login.defs files.

      Log in to Reply
    • Victoria Zak says

      March 8, 2022 at 11:45 pm

      Hi Zijian,

      As Chapter 5 mentions, one of the ways. to audit a password is to look at the credentials as a hacker. Would you be able to crack the code? The password strengths must be implemented and utilized. Password lengths must be at least 12 characters long, one uppercase and lowercase, numbers, and special character. You can utilize special software and tools such as active directory weak password finder or RaindbowCrack, Wfuzz.

      Log in to Reply
    • Madalyn Stiverson says

      March 9, 2022 at 11:41 am

      Hi Zijian,

      One important aspect of making sure your organization has strong passwords is by implementing a password policy. You should add rules so passwords need to meet a minimum length and complexity. You can also implement policies where passwords have to be a certain percentage different from the previous passwords.

      Log in to Reply
  5. Michael Jordan says

    March 7, 2022 at 3:02 am

    Do you think that the lack of identity proofing and authentication for using many public online services is more of a good thing or a bad thing?

    Log in to Reply
  6. Patrick Jurgelewicz says

    March 7, 2022 at 9:03 pm

    What risks exist when several people in a group share a single account?

    Log in to Reply
    • Vraj Patel says

      March 8, 2022 at 11:20 am

      Hello Patrick,
      One of the risk associated with using a single account for multiple users is that the accountability could not be established. If there happens to be a unauthorized activity on the network or process supported by that system then there would be no ways to identify who has performed that unauthorized activity.

      Log in to Reply
    • Kyuande Johnson says

      March 8, 2022 at 8:21 pm

      Shared Accounts Compromises one of the Components of AAA
      (Authentication, Authorization and Accounting)
      – Every user should be accountable for their actions. So having separate accounts and passwords are essential. Logging individual user activity tracks and record the users behavior and determines if they were performing malicious task. If shared passwords were being used it disqualifies the accountability aspect and no one would be held accountablity if a malious incident occurred.

      Log in to Reply
  7. Kelly Sharadin says

    March 7, 2022 at 10:12 pm

    What AAL level would you assign Passwordless authentication?
    https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless

    Log in to Reply
    • Madalyn Stiverson says

      March 9, 2022 at 11:46 am

      Hi Kelly,

      AAL3 is ideal because it provides the highest level of confidence that the user is who they say they are. This is typically achieved through proof of possession of a key through a cryptographic protocol.

      AAL1 is the worst (single factor) and AAL2 is between AAL1 and AAL3.

      Log in to Reply
  8. Vraj Patel says

    March 8, 2022 at 11:14 am

    What would be the best time frame to review the audit logs that are being generated for the authentication and authorization processes?

    Log in to Reply
  9. Antonio Cozza says

    March 8, 2022 at 7:21 pm

    How does one determine the strength of identity proofing, and which level of IAL is used?

    Log in to Reply
  10. Kyuande Johnson says

    March 8, 2022 at 8:06 pm

    What type of access control provides the strongest level of protection?

    Log in to Reply
  11. Victoria Zak says

    March 8, 2022 at 10:18 pm

    What are the pros and cons of facial recognition utilized as an authentication?

    Log in to Reply
    • Madalyn Stiverson says

      March 9, 2022 at 11:52 am

      Hi Victoria,

      Facial recognition data is publicly available online through pictures, so this authentication method could be compromised. Facial recognition is quick and easy although you may need to remove your mask.

      It’s also a probabilistic authentication method rather than deterministic. This means that it scans your face and determines with a certain percent accuracy that you are who you are claiming to be. Deterministic authentication methods are tokens and passwords – it has to be an exact 100% match to work.

      Log in to Reply
  12. Lauren Deinhardt says

    March 8, 2022 at 11:46 pm

    What do you believe is the most effective form of authentication on its own? (i.e. what you know, what you are, what you have).

    Log in to Reply
  13. Olayinka Lucas says

    March 9, 2022 at 4:50 pm

    If multifactor authentication is deemed ineffective, what other known authentication alternatives/controls are available or recommended to get a more secure outcome

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • 01 – Introduction (2)
  • 01 – Threat Environment (3)
  • 02 – System Security Plan (6)
  • 03 – Planning and Policy (7)
  • 04 – Cryptography (6)
  • 05 – Secure Networks (7)
  • 06 – Firewalls (5)
  • 08 – Access Control (7)
  • 09 – Host Hardening (5)
  • 10 – Application Security (6)
  • 11 – Data Protection (4)
  • 12 – Incident and Disaster Response (5)
  • 13 – Review (1)
  • 13 – Team Project Presentations and Review for Final (1)
Fox School of Business

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in