July 2010
M T W T F S S
« Jun    
 1234
567891011
12131415161718
19202122232425
262728293031  
Add to Technorati Favorites
My Zimbio
Top Stories
Web Directory
As Featured on ArticleCity.com
«  
  »

Authentication Methods

Authentication and authorization is the key to gain access to the corporate resources – many types of authentication methods you can adopt with their advantages and disadvantages


In a corporate network infrastructure, the information assets must be properly protected against any types of threats or security breaches. The need of management of information security is very essential for the organization. The way the user gain access to the corporate network either in the Ethernet network or the wireless network – use the authentication and authorization methods.

Authentication is the process where a user (via any type of physical access such as computer, network, or remote) establishes a right to an identity. A user log in to a network infrastructure system with a user name and password, and the system knows who the user is.

Authorization is the process of determining whether a user is permitted to perform some action or access to a resource. A user log in to a system with a user name and password, and the system knows who the user is and the user can grant or deny access to certain network resources.

Authentication

There are many different methods that can be used to authenticate a user.

User name and password Authentication

Most operating systems and web servers will have some type of user name and password authentication system. Most of these systems will have some type of mechanism to manage the user name and password architecture—for example, account expiration, password expiration, password length, and/or quality of password. Currently, this is the access method of choice for most pages on the Internet. See also password security guidelines.

Advantages

  • Easy to implement and manage
  • Inexpensive—provided with most operating systems and web servers
  • Only minimal training required for end users

Disadvantages

  • User name and password sent in the clear text for basic authentication (although not in all cases, and SSL can encrypt at the Network level)
  • User name and password subject to directory attacks
  • On the Internet, users may have many different user names and passwords (which can be a real headache to maintain)

Certificates Authentication

User certificates can be used by end users to assure their identity. Access to the certificate is normally controlled by a password that is local to the certificate. For example, on Netscape you can open the certificate database with a password, which then allows you to use the certificate. Many companies are starting to implement user certificates on their internal network.

Advantages

  • Binds the certificate to the user
  • Ability to encrypt data and digitally sign messages
  • Supported by most web browsers and e-mail packages
  • Offers some mechanisms for a single sign-on solution
  • Difficult to stage a directory attack
  • Allows roaming users, i.e., users moving from one location to another (if your vendor supports this feature)
  • Can encrypt data, e-mail, and sign with only one certificate (actually, it is better to have separate certificates for signing and encryption)

Disadvantages

  • Cost—implementing a PKI can be expensive
  • Extensive user training is required
  • Requires a support structure
  • Roaming users, i.e., users moving from one location to another (not many vendors support this feature—but this is getting better)
  • Vendors are only now developing tools that can handle large-scale implementations

See also windows file encryption.

Biometric techniques Authentication

A biometric authentication system will use devices such as fingerprints or eye scanners to allow access. This type of device can ensure greater security for high-risk environments that need to limit and control access to sensitive systems. Using this type of system, you could limit “tailgating,” or, allowing users to use another person’s user name and password.

Advantages

  • The person is the authentication—very difficult to impersonate
  • Directory attacks are nearly impossible
  • Offers some mechanisms for a single sign-on solution

Disadvantages

  • Not many vendors support this technology, but the laptops today are now equipped with this type of fingerprint authentication to gain access to the laptops.
  • Expensive to implement unless manufactured in mass production such as today’s laptops

Smart cards Authentication

A smart card is typically a credit card-sized plastic card that has an embedded integrated circuit (IC) chip. This chip is what makes the card “smart.” The smart card can store all types of information, which can be transferred via an electronic interface that connects to a computer. This smart card can store information about who you are and cryptographic keys and perform cryptographic algorithms, like encryption. Access to the smart card is controlled via a PIN or a password. This type of authentication mostly deployed for door access in high security area such as military, banks, gold industry, etc.


Advantages

  • Easy to bind the card to the person
  • The card can hold keys and other information about the user
  • If keys are included, then it is easy to encrypt data and e-mail
  • Easy to train users on the technology
  • Great solution for roaming users; the certificate can easily be transported

Disadvantages

  • Very expensive, although the cost of this technology is dropping
  • Still easy to give the card and PIN to another user i.e. tailgating
  • Requires a support system and may require more hardware on each PC

Anonymous Authentication

An anonymous user name is a method for giving users access to files so they don’t need to identify themselves to the server. The user enters “anonymous” as a user ID. Anonymous identification is a common way to get access to a server to view or download files that are publicly available.

Through the use of a control anonymous setting, anonymous is both an authentication method and an authorization method. By accessing a system via a control anonymous setting, you can be sure that you know where users are and what data they are accessing. Never assume that anonymous should be a “default” access. This is dangerous. Make sure you limit anonymous access to the data sources that really need to gain access.

Advantages

  • Easy to implement
  • Little to no user training required
  • Ability to conduct secure transactions without registering a user with a user name and password. How? Have you ever purchased a book online and used a credit card? Not all companies will require you to create an account. All you need to do is enter your credit card information (and hopefully you used SSL!)

Disadvantages

  • Clearly, there is no binding to a specific user. Consequently, you don’t know who accessed the data
  • Cannot block access on a “per-user” basis
  • Potentially open to “spam” attacks, where garbage is dumped onto your site
  • No logging or audit trail

See also:

  • Share/Bookmark
August 27th, 2009 | Tags: , | Category: Information Security, Network Security

2 comments to Authentication Methods

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>