Authentication

The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with?

Biometrics encompasses a variety of methods for ensuring identity based on physical or behavioral traits. Conventional identifying traits include fingerprints, face topology, iris structure, hand geometry, vein structure, voice, signature and keystroke recognition. Emerging technologies analyze characteristics such as gait, odor, and ear shape. Rather than being used in isolation, biometrics systems are increasingly becoming multimodal, an approach that serves both to increase security and overcome failure-to-enroll problems.

Considering a biometric access system? Experts offer practical advice in these dos and don'ts.

Chris Nickerson is willing to push it about as far as a person can go when it comes to security assessments. The founder of Lares, a security consultancy in Colorado, Nickerson conducts what he calls "Red Team Assessments" for clients. He is paid to try and dupe a client, and the client's employees, to give them a clear picture of the weak spots in their security plan. He then advises them on how to shore up defenses more effectively in the event a real criminal comes knocking.

When it comes to security, the British government's Consulate-General in New York, part of the United Kingdom's diplomatic mission for business and visa-related activities, is taking no chances on spies or other intruders sneaking onto its network.

For any corporate wireless infrastructure to remain secure, using 802.1X for authentication is a must - after all, it provides much more granular control of authentication credentials and can provide accounting for wireless LAN usage. Setting everything up can be a complex process fraught with choosing the right EAP type that both your clients and your RADIUS server supports in addition to putting in place the PKI infrastructure that some EAP types require. During this whole process one thing can often be overlooked - the security of the RADIUS server itself.

In this computer-driven era, identity theft and the loss or disclosure of data and related intellectual property are growing problems. We each have multiple accounts and use multiple passwords on an ever-increasing number of computers and Web sites. Maintaining and managing access while protecting both the user's identity and the computer's data and systems has become increasingly difficult. Central to all security is the concept of authentication -- verifying that the user is who he claims to be.

I apologize up front for jumping into this debate, but I couldn't resist. Not a week goes by, or so it seems, without some newspaper, magazine or TV show (apologies to my media brethren) lambasting security and IT professionals because they force unnecessary security controls on the poor, downtrodden consumer or worker. It's as if your security requirements are designed to make everyone's life miserable with little or no benefit. You evil CSOs! My heart bleeds for the poor peasants whom you oppress.

It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but there are reports that this might still be the case in New Zealand.

Open source has encompassed all areas of software applications and services, so there was little doubt that authentication would, sooner or later, be part of this fast growing movement. OpenLDAP, the open source directory project, has been with us for quite some time. But there's a new movement to create an authentication protocol, to standardize how authentication data is exchanged.