1.1 What is authentication and what is it used for?
Authentication is a process used to establish the identity of a particular user trying to access data or information on a web server. Authenticating users is a common part of most web applications. It is an important security measure used to protect confidential data i.e, bank details. Without a means of verifying a potential user, data access may be grantedto an unauthorised user which can lead to serious consequences if used for malicious purposes.Authentication can be achieved through using authentication credentials along with a user ID and a password and is done through an authentication server this is explained more here:
“An authentication server is an application that facilitates authentication of an entity that attempts to access a network. Such an entity may be a human user or another server. An authentication server can reside in a dedicated computer, an Ethernet switch, an access point or a network access server. When a potential subscriber accesses an authentication server, a username and password may be the only identifying data required. In a more sophisticated system called Kerberos, the subscriber must request and receive an encrypted security token that can be used to access a particular service. RADIUS (Remote Authentication Dial-In User Service) is a commonly used authentication method. TACACS+ (Terminal Access Controller Access Control System Plus) is similar to RADIUS but is used with Unix networks. RADIUS employs UDP (User Datagram Protocol) and TACACS+ employs TCP (Transmission Control Protocol.Some specialized authentication servers employ smart cards or biometric verification in addition to one or more of the above mentioned technologies “ (Margaret Rouse July 2007) http://searchsecurity.techtarget.com/definition/authentication-server
1.2 Figure 1. Authentication process diagram:
This image was taking from the address below:
http://www.cisco.com/en/US/docs/telepresence/cts_admin/1_10/admin/guide/ctsadmin_cfg.html
1.3 What are Authentication credentials?
Authentication credentials are the mechanisms that an individual can use to provide the identity needed to access an application or a system. Mostly these credentials fall into three basic factors:
1. Something the user knows; a secret pin number, password or a security question that only the user knows the answer to
2. Something the user has; a smart card, atm card, or a password token.
3. Something the user is; finger print, hand print,voice print or a face scan thereare many different types of authentication but they all are used for the same purpose.
The factors of authentication are explained below:
1.4 Single factor authentication (SFA)
To log onto a computer or network a user must provide an account name and the users chosen password, (aka) single factor authentication,which is the use of the first factors from above (something the user knows)this information is then checked against a database which contains all its authorized users account names and passwords onlythen, if verified will the user gain access to the resource.Password authentication unfortunately is the most unreliable form of authentication, as most users will use a password that is easy for them to remember for example a relative’s name, a date of birthor a pet name which makes it extremely easy for a hacker to crack. There are many types of password hacking tools available on the Internet and the most common types are brute-force attack and dictionary guessing tools. If these tools fail to crack the password a password sniffing tool will be applied to collect all information that is not encrypted coming to and from the network.Password sniffing is explained more here;
1.5 What is a password sniffer?
“A password sniffer is a software application that scans and records passwords that are used or broadcasted on a computer or network interface. It listensto all incoming and outgoingnetwork traffic and records any instance of a data packet that contains a password.A password sniffer installs on a host machine and scans all incoming and outgoing network traffic. A password sniffer may be applied to most network protocols, including HTTP, Internet Message Access Protocol (IMAP), file transfer protocol (FTP), POP3, Telnet (TN) and related protocols that carry passwords in some format. In addition, a password sniffer that is installed on a gateway or proxy server can listen and retrieve all passwords that flow within a network. A password sniffer is primarily used as a network security tool for storing and restoring passwords. However, hackers and crackers use such utilities to sniff out passwords for illegal and malicious purposes”. (Cory Janssen) http://www.techopedia.com/definition/8798/password-sniffer To ensure the security of single factor authentication users have to have a strong password, in order to do this the password is advised to be at least 8 to 15 characters long and contain upper, lower case numbers, numeric characters or symbols. As it is so easy for hackers to crack password codes it is advised to use a more safe form of authentication.
1.6 Two factor authentication (2FA)
Stronger security can be implemented with the use of two factor authentication; this authentication is more suited where a high level of security assurance is needed such as online banking services. Two factor authentication, also known as two step authentication it is a process that requires two steps or credentials to gain access to the resource, which is two of the above three factors of authentication (something the user has and something the user knows) which is generally some type of a security token and a security pin or a password. ATM cards are a form of two factor authentication as it requires something the user has, which is the bank card and something the user knows which is the secret pin, some online web sites have now also started to use this form of authentication. Google is one example of this, the process requires the user to enter their account name and password then the website will send the user a security code to the users mobile phone by text when received the user will enter the received security code to the website and if correct the user will gain access to the account. This type of authentication will be time consuming for users, but the security effect will be a lot tighter as not only will the hacker need to crack the users password but would also need access to the users mobile phone in order retain the security code from the website.
1.7 Figure 2. Two factor authentication diagram:
This image was taking from the address below: http://techpp.com/2010/09/20/two-factor-authentication-coming-to-google-apps/ 1.8 Three factor authentication (TFA)
Three factor authentication is achieved by combining three credentials of the above three factors; something the user knows (password or a pin) something the user has (smart card or password token) and something the user is (biometric verification) this type of authentication is costly and used for the protection of very important data. Three factor authentication is very effective as a hacker would need to discover
1. The users password
2. The users smart card or security token
3. Replicate the users fingerprint, eye print etc.
To gain access to the account ,this would be a very hard task to complete and take a lot of time, as the user could not lose DNA where as a password could easily be forgotten or hacked and a smart card or token could easily be lost or stolen.
1.9 Figure 3. Biometric enrolment and authentication process diagram:
This image was taking from the address below: http://flylib.com/books/en/3.211.1.173/1/
You May Also Find These Documents Helpful
-
IS3230 Lab 7 Multi-Factor Authentication Process Chris Wiginton ITT Technical Institute, Tampa FL Instructor: David Marquez 1 May 2014 Multi-Factor Authentication Process Area Authentication Process(es) Authentication Factors Authentication and Authorization LDAP /Kerberos Authentication, Token , Session Timeline Username , Password Token, Pin, Biometric Device Support Device should not be end of life and under support contract Vendor Supported Firewalls using Approved Product List (APL) Interoperability ISO and IEEE Standards for Encryption Multi-Vendor Interoperability based on AES, 3DES Standards, and SSL Encryption methods. Multiprotocol Support TCP, UDP, ESP, SSL ACL only allows trusted endpoints based on Port and Protocol Packet Encryption IKE - Internet Key Exchange VPN 2 Phase Negotiation based on Pre-Share Key, VPN Certificate Authentication.…
- 155 Words
- 2 Pages
Satisfactory Essays -
3. Authentication Header is used to prove the identity of the sender and ensure the data is not tampered with. A Encapsulated Security Payload provides authentication and encryption and encrypts the IP packets and ensures their integrity.…
- 421 Words
- 2 Pages
Satisfactory Essays -
• Authentication – the process for “trust” connection establishing between the server and the applier;…
- 767 Words
- 4 Pages
Good Essays -
The process of confirming a user's identity, usually by requiring the user to supply some sort of token, such as a password or a certificate, is called authentication : Authentication…
- 1432 Words
- 7 Pages
Powerful Essays -
____ supports advanced authentication and encryption technologies; however, it requires Windows machines on both sides of any remote connection.…
- 817 Words
- 4 Pages
Powerful Essays -
6. When dealing with RADIUS and TACACS+ for authentication methods, what protocols are used at Layer 4 for each of these techniques?…
- 1094 Words
- 5 Pages
Powerful Essays -
6.) A program to run/see if Windows 7 is compatible with an upgrade is called?…
- 641 Words
- 3 Pages
Good Essays -
40. RADIUS provides flexibility for network administrators by implementing AAA components in stages as opposed to all at once.…
- 352 Words
- 2 Pages
Satisfactory Essays -
An extra layer of authentication for the security of resources by two-step verification. The combination of any two or more veri-fication methods (password, biometrics, trusted device).…
- 553 Words
- 3 Pages
Good Essays -
The system stores all the necessary information about the user. A new user is first registered to the system and the corresponding information is burned in the RFID tag. This RFID tag will then be accessible through the system. When a registered user comes to the entry point and puts his/her tag into the reader, the system checks whether he/she is a registered user or an imposter. If the user is registered, then the tab information is matched with the user information stored in system. The door is opened after the successful authentication and is closed automatically after a specific time interval. The check-in information is also stored in the database with the corresponding date and time. A log is also generated by the system according to the check-in information. Finally, this check-in information is stored in a central server along with the basic information of the…
- 7711 Words
- 31 Pages
Better Essays -
Authentication is the process of ensuring that the individuals trying to access the system are who they claim to be.…
- 4381 Words
- 33 Pages
Satisfactory Essays -
The trusted site feature. It ensures that the sites which provides our personal information takes precautions to protect our data by giving limited access to foreign users.…
- 418 Words
- 2 Pages
Satisfactory Essays -
The LDAP server will be utilized as the central authentication server so that the involved users have a login that is unified and covers all console logins (LDAP NExt, 2010).…
- 295 Words
- 2 Pages
Good Essays -
Various authentication methods are used and range from the simple to complex. The security level provided will vary depending on the utilized technique and deployment method. The most dominant method involves authentication with a password and username. However, this is also one of the most insecure methods. We can describe these devices and systems depending on the three factors:…
- 1097 Words
- 5 Pages
Better Essays -
The Trusted Computing Base (TCB) is the part of a system that is responsible for enforcing system-wide information security policies. The user can define user access to the trusted communication path, which allows secure communication between regular users and the TCB, by installing and…
- 753 Words
- 4 Pages
Good Essays