# Biometrics
Biometric controls are more reliable than other form of access control
Lifecycle - Enrolment -> transmission and storage -> verification -> identification and termination
Three main accuracy measures used for a biometric solution are:
- False-Acceptance Rate (FAR) (i.e access given to unauthorised person)
- False-Rejection Rate (FRR), (i.e. access rejected to authorised person)
- Cross-Error Rate (CER) or Equal-Error Rate (EER) (i.e. rate at which FAR is equal to FRR)
# Both FAR & FRR are inversely proportionate. As a general rule when FAR decreases, FRR increases and vice versa. Similarly if FRR decreases, FAR increases and vice versa.
# Most important performance indicator for biometric system is false-acceptance rate (FAR).
# Most important overall quantitative performance indicator for biometric system is CER or EER.
# ‘Retina Scan’, ‘Iris Scan’ has the highest reliability and lowest false-acceptance rate (FAR) among the current biometric methods.
# Biometric-Attacks
Replay - Residual Biometrics Characteristics
Brute-Force - Sending numerous request
Cryptographic - Attack on cryptography or encryption
Mimic - Faking the characteristics
# IDS & IPS
Three IDS -
(i) signature/ rule based - Intrusion is identified on the basis of known type of attacks. Such known patterns are stored in form of signature. New attacks can't be identified.
(ii) statistical - Any activity which falls outside the scope of normal behaviour is flagged as intrusion.
(iii) neural network - Like statistical with added self-learning functionality.
# Neural network creates its own database. More effective in detecting fraud.
# Statistical based IDS generates most false positives (false alarms).
Four components of IDS - (i) sensor (ii) analyzer (iii) admin console and (iv) user interface
# Sensor collects the data and send to analyzer for data analysis.
# Most important concern of IDS implementation is that attacks not identified/detected by IDS.
# Challenges of IDS
- IDS will not able to detect application level vulnerabilities, Back doors into application, encrypted traffic.
# Challenges of IPS
- Threshold limitsthat are too high or too low will reduces the effectiveness of IPS
- IPS may itself become a threat when attacker sends commands to large number of host protected by IPS to make them dysfunctional.
# OSI Architecture
- Data link layer works on MAC address whereas Network layer works on IP address.
- Network layer inserts IP address and routing whereas transport layer ensure proper delivery.
# Transport layer - Reliable delivery or connection oriented or congestion control or order of sequence.
# Session layer - establishing connection.
# Presentation layer - acceptable format.
# Application layer - end user.
1st Layer [Physical Layer]
-Physical layer is concerned with electrical and physical specifications for devices.
-Provides hardware for data (bit) transmission.
2nd Layer [Data Link Layer]
-bit stream (received from physical layer) is converted into data packets for network layer.
-data packets (received from network layer) is converted into bit stream for physical layer.
-uses MAC address.
3rd Layer [Network Layer]
-inserts address and provides routing service.
-uses IP address.
-Provides confidentiality, authentication, and data integrity services.
4th Layer [Transport Layer]
-ensures packet reaches its destination
-congestion control
-concerned with reliability of data transfer between two systems.
-ensure that data reaches its destination.
-make sure that packets on the receiving system are delivered in proper sequence
-uses connection-oriented protocols.
-implements a flow control mechanism that can detect congestion, reduce data transmission rates during congestion and increase transmission rates when the network appears to no longer be congested.
# Reliable delivery, Connection oriented, delivery in Proper order, Congestion control
5th Layer [Session Layer]
- establishes, manages and terminates the connection between the application layers.
- Control connection
- Establish security for the user application
6th Layer [Presentation Layer]
-converts data into presentable form.
-provides services such as encryption, text compression and re-formatting
-formatting of data
7th Layer [Application Layer]
-provides interface for the user.
# Wet (water based)[WBS] and Dry Sprinkling System (DPSS):
In WBS, water always remains in the system piping.
WBS is more effective and reliable.
Disadvantage of exposing the facility to water damage if pipe leaks or breaks.
DPSS do not have water in the pipes until an electronic fire alarm activates the water pump to send water into the system.
Comparatively less effective and reliable.
Advantage of not exposing the facility to water damage even if pipe leaks or breaks
# Halon Gas System
- Halon gas removes oxygen from air thus starving the fire.
- They are not safe for human life.
- There should be audible alarm and brief delay before discharge to permit time for evacuation.
- Halon gas is banned as its adversely effects the ozone layer.
- Popular replacements are FM-200 & Argonite.
# FM-200 Gas
- FM-200 is colorless & odorless gas.
- FM-200 is safe to be used when people are present.
- FM-200 is environment friendly.
- It is commonly used as a gaseous fire suppression agent.
# What is Argonite Gas?
- Argonite is a mixture of 50% Argon & 50% Nitrogen.
- It is used as a gaseous fire suppression agent.
- Though environment friendly & non-toxic, people have suffocated by breathing argon by mistake.
# CO2
- CO2 Systems release pressurised CO2 gas in the area protected to replace the oxygen required for combustion.
- Unlike Halon, FM-200 & Agronite, CO2 is unable to sustain Human life.
- In most countries, it is illegal for such systems to be set to automatic release if any human may be in the area.
- CO2 installations are permitted where no humans are regularly present such as unmanned data centres.
# As per CRM, FM-200 & Argonite gases are safe for human life. However, it must be noted that Argonite, though environment friendly & non-toxic, people have suffocated by breathing argon by mistake.
# CO2 & Halon gases are not safe for human life.
# Single Signon (SSO)
Example - Kerberos - Authentication service used to validate services and users in distributed computing environment (DCE).
-In DCE, both usrs and servers authenticate themselves.
-In SSO, unauthorized access will have major impact.
-Unauthorised access can be best control by Kerberos.
Biometric controls are more reliable than other form of access control
Lifecycle - Enrolment -> transmission and storage -> verification -> identification and termination
Three main accuracy measures used for a biometric solution are:
- False-Acceptance Rate (FAR) (i.e access given to unauthorised person)
- False-Rejection Rate (FRR), (i.e. access rejected to authorised person)
- Cross-Error Rate (CER) or Equal-Error Rate (EER) (i.e. rate at which FAR is equal to FRR)
# Both FAR & FRR are inversely proportionate. As a general rule when FAR decreases, FRR increases and vice versa. Similarly if FRR decreases, FAR increases and vice versa.
# Most important performance indicator for biometric system is false-acceptance rate (FAR).
# Most important overall quantitative performance indicator for biometric system is CER or EER.
# ‘Retina Scan’, ‘Iris Scan’ has the highest reliability and lowest false-acceptance rate (FAR) among the current biometric methods.
# Biometric-Attacks
Replay - Residual Biometrics Characteristics
Brute-Force - Sending numerous request
Cryptographic - Attack on cryptography or encryption
Mimic - Faking the characteristics
# IDS & IPS
Three IDS -
(i) signature/ rule based - Intrusion is identified on the basis of known type of attacks. Such known patterns are stored in form of signature. New attacks can't be identified.
(ii) statistical - Any activity which falls outside the scope of normal behaviour is flagged as intrusion.
(iii) neural network - Like statistical with added self-learning functionality.
# Neural network creates its own database. More effective in detecting fraud.
# Statistical based IDS generates most false positives (false alarms).
Four components of IDS - (i) sensor (ii) analyzer (iii) admin console and (iv) user interface
# Sensor collects the data and send to analyzer for data analysis.
# Most important concern of IDS implementation is that attacks not identified/detected by IDS.
# Challenges of IDS
- IDS will not able to detect application level vulnerabilities, Back doors into application, encrypted traffic.
# Challenges of IPS
- Threshold limitsthat are too high or too low will reduces the effectiveness of IPS
- IPS may itself become a threat when attacker sends commands to large number of host protected by IPS to make them dysfunctional.
# OSI Architecture
- Data link layer works on MAC address whereas Network layer works on IP address.
- Network layer inserts IP address and routing whereas transport layer ensure proper delivery.
# Transport layer - Reliable delivery or connection oriented or congestion control or order of sequence.
# Session layer - establishing connection.
# Presentation layer - acceptable format.
# Application layer - end user.
1st Layer [Physical Layer]
-Physical layer is concerned with electrical and physical specifications for devices.
-Provides hardware for data (bit) transmission.
2nd Layer [Data Link Layer]
-bit stream (received from physical layer) is converted into data packets for network layer.
-data packets (received from network layer) is converted into bit stream for physical layer.
-uses MAC address.
3rd Layer [Network Layer]
-inserts address and provides routing service.
-uses IP address.
-Provides confidentiality, authentication, and data integrity services.
4th Layer [Transport Layer]
-ensures packet reaches its destination
-congestion control
-concerned with reliability of data transfer between two systems.
-ensure that data reaches its destination.
-make sure that packets on the receiving system are delivered in proper sequence
-uses connection-oriented protocols.
-implements a flow control mechanism that can detect congestion, reduce data transmission rates during congestion and increase transmission rates when the network appears to no longer be congested.
# Reliable delivery, Connection oriented, delivery in Proper order, Congestion control
5th Layer [Session Layer]
- establishes, manages and terminates the connection between the application layers.
- Control connection
- Establish security for the user application
6th Layer [Presentation Layer]
-converts data into presentable form.
-provides services such as encryption, text compression and re-formatting
-formatting of data
7th Layer [Application Layer]
-provides interface for the user.
# Wet (water based)[WBS] and Dry Sprinkling System (DPSS):
In WBS, water always remains in the system piping.
WBS is more effective and reliable.
Disadvantage of exposing the facility to water damage if pipe leaks or breaks.
DPSS do not have water in the pipes until an electronic fire alarm activates the water pump to send water into the system.
Comparatively less effective and reliable.
Advantage of not exposing the facility to water damage even if pipe leaks or breaks
# Halon Gas System
- Halon gas removes oxygen from air thus starving the fire.
- They are not safe for human life.
- There should be audible alarm and brief delay before discharge to permit time for evacuation.
- Halon gas is banned as its adversely effects the ozone layer.
- Popular replacements are FM-200 & Argonite.
# FM-200 Gas
- FM-200 is colorless & odorless gas.
- FM-200 is safe to be used when people are present.
- FM-200 is environment friendly.
- It is commonly used as a gaseous fire suppression agent.
# What is Argonite Gas?
- Argonite is a mixture of 50% Argon & 50% Nitrogen.
- It is used as a gaseous fire suppression agent.
- Though environment friendly & non-toxic, people have suffocated by breathing argon by mistake.
# CO2
- CO2 Systems release pressurised CO2 gas in the area protected to replace the oxygen required for combustion.
- Unlike Halon, FM-200 & Agronite, CO2 is unable to sustain Human life.
- In most countries, it is illegal for such systems to be set to automatic release if any human may be in the area.
- CO2 installations are permitted where no humans are regularly present such as unmanned data centres.
# As per CRM, FM-200 & Argonite gases are safe for human life. However, it must be noted that Argonite, though environment friendly & non-toxic, people have suffocated by breathing argon by mistake.
# CO2 & Halon gases are not safe for human life.
# Single Signon (SSO)
Example - Kerberos - Authentication service used to validate services and users in distributed computing environment (DCE).
-In DCE, both usrs and servers authenticate themselves.
-In SSO, unauthorized access will have major impact.
-Unauthorised access can be best control by Kerberos.
