Slide 1:PHYSICAL ACCESS Module Number 13


Slide 2:Physical Access Physical access to a system is more than enough for an attacker to compromise the security measures taken to prevent the intrusions. There are lot of ways to compromise the security, if got physical access, Hacking Through USB Live or Bootable CD Wiretapping Sniffing keystrokes from Electromagnetic emanations


Slide 3:Gaining Admin access : Admin to Admin Admin to Admin lusrmgr.msc Userpasswords2 System user session using ‘at’ command Batch program at all users start up net users administrator * Create admin & reset password


Slide 4:Copy Inactive SAM & crack hashes SAM Spoofing Live Bootable CD Wiretapping Electromagnetic Emanations Gaining Admin access


Slide 5:Wiretapping Eavesdropping or spying on a private network by illegally connecting and crimping wires from the network to the attacker’s computer.


Slide 6:Electromagnetic Emanations Electronic devices produce minute electromagnetic radiations when operated. The radiations can be received using some components. The radiations are reverse engineered to obtain the desired result that an hacker expects. Keyboards,Monitors & ATM machines even beyond 20M can be compromised. This is a sample Radiation created by a Keyboard while typing letters.


Slide 7:Biometrics Biometric is a way of identifying a human based upon their unique physical or behavioral traits. Biometrics are used as a security mechanism in Information Technology, it can also be used for various other purposes like identifying one person from a group, most probably by forensics department. Biometric Classification, Physiological Biometrics Behavioral Biometrics


Slide 8:Physiological Biometrics The Physiological Biometrics is completely related to physical shape and structure of a human body. Humans have few body parts that are unique and they were finger prints, Iris, retina, DNA, hand and palm geometry and pheromones.


Slide 9:Behavioral Biometrics The Behavioral Biometrics is related to the behavior of a human being. Few behaviors in human beings are unique and by using this, a particular human can be easily identified and those behaviors include voice, typing rhythm, and so on.


Slide 10:Biometric Samples A Biometric device needs a raw data to compare the match with the scanned entity and this is called Biometric samples. Biometric sample is the raw data that includes finger prints, photographs, hand and palm geometry, retina and iris pattern and so on.


Slide 11:Biometric Authentication The Biometric authentication is a kind of authentication mechanism that is used for identifying and authenticating a user by scanning physical parts or by recognizing characteristics. The Biometric authentication involves three main systems that it has to undergo and they were, What you are? - Fingerprint, IRIS scanning,.. What you have? - Smart card, Security Token What you know? - Username, Password, PIN


Slide 12:Biometric Authentication System


Slide 13:Types of Biometric Authentication There are lot of biometric authentication techniques, Typing Patterns Eye Scanning ( IRIS and Retina ) Fingerprint recognition Hand and Palm geometry Voice Recognition Facial Recognition


Slide 14:Common Biometric Issues Likewise other systems, biometric too have its cons, FAR FAR = Number of Accepted "fraud" attempts Total number of "fraud" attempts FRR FRR =  Number of rejected "qualified" attempts Total number of "qualified" attempts FTE ( Failure to Enroll) or FER ( Failure to Enroll Rate )


Slide 15:Can Biometric security compromised ? The answer to this question relies upon the type of biometric security that is implemented.