82
Аутентификация пользователей Безмалый В.Ф. Microsoft Security Trusted Advisor MVP Consumer Security [email protected] http://vladbez.spaces.live.com

Аутентификация пользователей

  • Upload
    hans

  • View
    88

  • Download
    7

Embed Size (px)

DESCRIPTION

Аутентификация пользователей. Безмалый В.Ф. Microsoft Security Trusted Advisor MVP Consumer Security [email protected] http://vladbez.spaces.live.com. Идентификация и аутентификация пользователей. - PowerPoint PPT Presentation

Citation preview

..Microsoft Security Trusted AdvisorMVP Consumer [email protected]://vladbez.spaces.live.com

- , , , () , , , - () . - () . - , , (). , (, PIN-, ); , (, , ..); ( , , ..) ; (, ) .

, ( ) :, , , ; , , , , , ..; . () . ( ) . : ( , , ); , , , ; ( );, ( ). ( - ). : ; ; .

Windows 10 ; , ; 42 ; . ? ( - ), , . . - , .

? , , , , . , . , , . , , .( http://www.password.ru) : , ; ; 1; . , , password pa55w0rd). ( Windows 2000/XP/2003)

SAM (Security Account Management Database) (hive) (registry) Windows 2000/XP/2003. (subtree) HKEY_LOCAL_MACHINE SAM. \winnt_root\System32\Config SAM. , SAM, , Windows , . . SAM Windows XP/2003.

SAM 16- , (Windows 2000/XP/2003 LAN). Windows 2000/XP/2003 MD4. MD4 , 128 . 16- - Windows 2000/XP/2003. DES-, SAM. (Relative Identifier, RID), SAM. SAM . , , SAM. Windows 2000/XP/2003 \winnt_root\System32\Config\SAM . , NTBACKUP Windows 2000/XP/2003 . SAM REGBAK Windows NT Resource Kit. , SAM (SAM.SAV) \winnt_root\System32\Config SAM ( SAM._) \winnt_root\Repair.

Windows 200/XP/2003 Windows 2000/XP/2003 . , , , , , . ; ; ; ; , ; ; ; ; .

Windows 2000/XP/2003 Windows XP ( Windows XP Professional SP2 ( - " WXPSP2") ( (Enforce password history)) 42 . (Minimum password lengths) ( ): - 7 ; - 8 ; - 12 .

7 81000.0001 () 260.0640.1664 360.06242.248, 622.8062173.9838, 727.9929575,4866 7 810100%100% () 26100%100% 36100%100%, 62100%24.14%, 72100%7.3% ; ( , "", ..).

.

; , , ; ; , .

; ; ; ( ); . - PC/SC -.;USB- USB (Universal Serial Bus), - .

- eToken

29

- , , ( PIN-, -) ( -: , , , -, ) , , . ( PKI) , . - eToken30

eToken PRO (Java) USB- - eToken, Java- (72 ) (Java-). USB- -.

31

eToken NG-FLASH (Java) USB- Flash- 16 , - .

32

eToken NG-OTP (Java)33

USB- . eToken PRO (Java) PKI- . , , , USB- (, - ).eToken PASS . , , USB- -.34

eToken Network Logon

Microsoft Windows (eToken + PIN-) Microsoft Windows: (, , ) Windows eToken eToken ""

37eToken Network Logon Windows USB- - eToken; ; .509, - ; , . 38 eToken

eToken: Log off

eToken : , , Web-, , .; , , ( Microsoft, Linux, Unix, Novell) - (SAP R/3, IBM Lotus Notes/Domino); PKI (Entrust, Microsoft CA, RSA Keon, , ( -); eToken , ( Microsoft Exchange, Novell GroupWise, Lotus Notes/Domino) - , ; eToken ( VPN, IPSec SSL) , , ; ( Cisco Systems, Check Point) ; eToken , , ; ( eTrust SSO, IBM Tivoli Access Manager, WebSphere, mySAP Enterprise Portal) Oracle ; eToken Web- ( Microsoft IIS, Apache Web Server) , , ; , (Token Management System) - eToken ; .USB-, eToken R2, eToken PRO Aladdin;iKey10xx, iKey20xx,iKey 3000 Rainbow Technologies;ePass 1000 ePass 2000 Feitian Technologies;ruToken ;uaToken - .

USB- , iKey 20xx8/3264DES (ECB CBC), DESX, 3DES, RC2, RC5, MD5, RSA-1024/2048eToken PRO16/3232RSA/1024, DES, 3DES, SHA-1ePass 10008/3264MD5, MD5-HMACePass 200016/3264RSA, DES, 3DES, DSA, MD5, SHA-1ruToken8/16/32/64/12832 28147-89, RSA, DES, 3DES, RC2, RC4, MD4, MD5, SHA-1uaToken8/16/32/64/12832 28147-89USB-, eToken PRO Aladdin;iKey10xx, iKey20xx,iKey 3000 Rainbow Technologies;ePass 1000 ePass 2000 Feitian Technologies;ruToken ;uaToken - .

- - () , , , . , -, , . - 10 . , , , ."" ( , , ), ( "" , - ), . 3 , .. . . 16 2,5 , 9-10 . , "" 16 16 . ISO/IEC DIS 9798-2.

. , . , "" , , . , "" , , .

- PROximity -, ISO/IEC 15693 ISO/IEC 14443. - . PROximity , . 32/64 .

- USB-; -; - USB- - - USB- - , ( ) ( , , ..) USB- . , . , , , USB- , . :RFiKey Rainbow Technologies;eToken PRO RM Aladdin Software Security R.D.

eToken RFID- (Radio Frequency IDentification, ) . RFID-, . , : RFID- 1,2 . , 13.56 , , HID. - - . , . USB-, - : . , , " . - USB-. , , . , . , . , , . (, ). - . . . .

( , , ..). - . - , , , . . , . . . - . . ( ).

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ , . , , () () ( ). ( ):BioLink, http://www.biolink.ru/, http://www.biolinkusa.com/;Bioscrypt, http://www.bioscrypt.com/;DigitalPersona, http://www.digitalpersona.com/;Ethentica, http://www.ethentica.com/; , . , ( ), , , . :Recognition Systems, http://www.recogsys.com/, http://www.handreader.com/;BioMet Partners, http://www.biomet.ch/.

. , , , , . :Iridian - , : LG, Panasonic, OKI, Saflink . ., http://www.iridiantech.com/.

- . , , , . ., , . , . , ( , . .) , . :AcSys Biometrics, http://www.acsysbiometrics.com/A4Vision, http://www.a4vision.com/ , , , ( , . .). :CIC (Communication Intelligence Corporation), http://www.cic.com/;Cyber-SIGN, http://www.cybersign.com/;SOFTPRO, http://www.signplus.com/;Valyd, http://www.valyd.com/.

, , . , , - . :BioPassword Security Software, http://www.biopassword.com/;Checco, http://www.biochec.com/.

: , . :Nuance, http://www.nuance.com/;Persay, http://www.persay.com/;Voicevault, http://www.voicevault.com/.

, , . . FAR (False Acceptance Rate) - , FRR (False Rejection Rate) - . . , - , . . .. , . , , . .

. , , , , . . , 1,55 2,1 . , Glenochil.

10 Gartner, , , . 1015% . Gartner Sun IBM: Sun Microsystems 300 . ., IBM, 500 . .

: (pre-shared key); , ; , ; .

-. -: ; ; -; , USB-; .

, : ; , , (.. , , ..); . , USB- (-).

? MVP Consumer SecurityMicrosoft Security Trusted [email protected] http://vladbez.spaces.live.com