GROUP 3

ENHANCING AUTHENTICATION AND ACCESS

CONTROL TO PREVENT DATA BREACHES
BOFELO X JOSHUA X ONKUTLULE
NNA RA PHATOLA DAH..!
Introduction
Scenario Overview:
• The university's IT department identified multiple security vulnerabilities,
leading to a recent data breach.
• Sensitive information, such as student records, faculty data, and research files,
was compromised.
• Our focus today is on addressing how we can enhance authentication methods
and access control to prevent future incidents.
Question 1 - Weaknesses in Authentication Methods Contributing to the Data
Breach

Single-Factor Authentication (SFA):

• Likely relied on usernames and passwords, making the network vulnerable to password-based attacks.

Weak Password Policies:

 Outdated or insufficient password complexity and no forced password changes left accounts open to brute-
force attacks.

No Multi-Factor Authentication (MFA):

• Without MFA, stolen credentials could be used directly to access sensitive systems without additional
verification.

Unmonitored Session Management:

 Attackers could exploit long-lasting or poorly managed sessions to hijack access to university systems.

Insecure Token Handling :


Question 2 - How Stronger Authentication Protocols Can Prevent
Unauthorized Access

Biometric Authentication
• Biometric authentication uses unique physical or behavioral characteristics to verify a user’s identity and are
unique to the each user and these make the biometrics difficult to forge and ensures that the legitimate user
with their unique biometric traits gain access.

Multi-Factor Authentication
MFA requires users to provide two or more authentication factors to access a system and if one is
compromised the other will provide additional security and ensures that an attacker needs more than just a
stolen password to gain entry, making unauthorized access significantly harder reducing the likelihood of
unauthorized access.

Combined Strength
 Combining biometric authentication with MFA creates a powerful defense and this makes
unauthorized access becomes extremely unlikely due to the dual-layer protection.
Question 3 - Role of Access Control in Securing Sensitive Data
Authorization and Permission Management
• Access control ensures that only authorized individuals or systems can access critical
data. By defining permissions for specific users or groups, access control restricts
unauthorized access and unauthorized users are prevented from viewing, modifying, or
deleting sensitive data

Insider Threat Mitigation

 Access control prevents unauthorized actions by employees and this means employees
can’t misuse their privileges to steal or manipulate data and this protects against
accidental or intentional insider threats.

Segregation of Duties
 Access control enforces separation of duties and different users handle
different aspects of data and this prevents fraud or errors due to collusion hence
protecting sensitive data.
Question 4 - Tools to Enforce Stronger Access Control Policies
NordLayer NAC
 NAC (network access control) is a method of securing a private network by
restricting access of unauthorized users and devices. Its an overall network access
control tool Provides comprehensive access control, including user
authentication, device profiling, and policy enforcement and this provides a
holistic approach to securing network.

Ivanti Policy Secure

Ideal for core features and compliance. It enforces policies based on user roles, device types, and
network segments. It ensures compliance with security standards and helps organizations maintain a
strong security posture.
Portnox Cloud

• Best for pricing accessibility and transparency and its a Cloud-based NAC solution that simplifies
deployment and management. Its beneficial as it is Scalable, cost-effective, and user-friendly.
Conclusion
• Weak authentication and access control mechanisms contributed to
the data breach.
 MFA and stronger authentication methods, such as biometrics, are
essential to preventing unauthorized access.
Implementing robust access control policies, including and least
privilege, will help secure sensitive information.
YAMATE KOROSAIIIII