Posted September 28, 2001
Authentication is not a new concept. Organizations need to protect assets, and they traditionally limit access to databases and sensitive data. In the IT world, the most basic form of authentication relies user names and passwords. If each person has a password, then the person that knows that password has permission to access system resources. However, passwords are lost or stolen, and hackers seem to capture and decipher passwords with apparent ease.
As the defined boundaries of the corporate network dissolve to meet the demands of an increasingly mobile and distributed workforce, the weakness of simple password protection becomes obvious. Legitimate users can access the network from a variety of systems, and this makes it difficult to screen remote connections. At the same time, businesses want closer contact with customers and suppliers. They need to share information and corporate resources. The increased use of messaging technologies like e-mail increase the risk, because intruders can use legitimate messages to invade a server.
Authentication provides a method of identifying legitimate users, and when combined with utilities that guard against data modification, helps protect against unauthorized accesses. Authentication vendors offer a broad array of products, including:
- Digital certificate uses a unique identifier stored on a users system. The server compares the certificate and logon information against a database that identifies the user. If the information matches, the session continues. Many companies use third-party providers, call Certification Authorities (CAs), to control the database of identities and the distribution of certificates. The CA then generates a certificate that permits the session to continue.
- Hardware token establishes a digital notification generated by the user's workstation. This, along with a password, implies that the user accessing the network is at a known workstation. As IT adds wireless components and workers increasingly access corporate networks from home, establishing a hardware-based system becomes more difficult.
- Smart card permits users to access a network after they identify themselves using a personal identification card and a card reader. This is a secure method as long as users protect their identification cards. Passwords permit network managers to prevent access through a misplaced or stolen card. This approach requires a card reader on any workstation accessing the network.
- Biometrics uses fingerprints, eye scan, or face recognition technology to ensure that the user is the person associated with a specific password. This is the most costly technology to implement, and it requires special hardware on each system that the person uses to access the network.
- Public Key Infrastructure (PKI) implements several encryption based security measures based on key that is available only to authorized users. Authentication provides protection for the key.
- Kerebos provides authentication service and secure transmission across platforms. It works at a layer above the operating system login authentication service, and it is popular in those networks that support multiple operating systems.