top-rated free essay

What is authentication

By bellshogan Jan 28, 2014 1235 Words
 User Authentication
1.1 What is authentication and what is it used for?
Authentication is a process used to establish the identity of a particular user trying to access data or information on a web server. Authenticating users is a common part of most web applications. It is an important security measure used to protect confidential data i.e, bank details. Without a means of verifying a potential user, data access may be grantedto an unauthorised user which can lead to serious consequences if used for malicious purposes.Authentication can be achieved through using authentication credentials along with a user ID and a password and is done through an authentication server this is explained more here: “An authentication server is an application that facilitates authentication of an entity that attempts to access a network. Such an entity may be a human user or another server. An authentication server can reside in a dedicated computer, an Ethernet switch, an access point or a network access server. When a potential subscriber accesses an authentication server, a username and password may be the only identifying data required. In a more sophisticated system called Kerberos, the subscriber must request and receive an encrypted security token that can be used to access a particular service. RADIUS (Remote Authentication Dial-In User Service) is a commonly used authentication method. TACACS+ (Terminal Access Controller Access Control System Plus) is similar to RADIUS but is used with Unix networks. RADIUS employs UDP (User Datagram Protocol) and TACACS+ employs TCP (Transmission Control Protocol.Some specialized authentication servers employ smart cards or biometric verification in addition to one or more of the above mentioned technologies “ (Margaret Rouse July 2007) http://searchsecurity.techtarget.com/definition/authentication-server

1.2 Figure 1. Authentication process diagram:

This image was taking from the address below:

http://www.cisco.com/en/US/docs/telepresence/cts_admin/1_10/admin/guide/ctsadmin_cfg.html

1.3 What are Authentication credentials?
Authentication credentials are the mechanisms that an individual can use to provide the identity needed to access an application or a system. Mostly these credentials fall into three basic factors: 1. Something the user knows; a secret pin number, password or a security question that only the user knows the answer to 2. Something the user has; a smart card, atm card, or a password token. 3. Something the user is; finger print, hand print,voice print or a face scan thereare many different types of authentication but they all are used for the same purpose.

The factors of authentication are explained below:

1.4 Single factor authentication (SFA)
To log onto a computer or network a user must provide an account name and the users chosen password, (aka) single factor authentication,which is the use of the first factors from above (something the user knows)this information is then checked against a database which contains all its authorized users account names and passwords onlythen, if verified will the user gain access to the resource.Password authentication unfortunately is the most unreliable form of authentication, as most users will use a password that is easy for them to remember for example a relative’s name, a date of birthor a pet name which makes it extremely easy for a hacker to crack. There are many types of password hacking tools available on the Internet and the most common types are brute-force attack and dictionary guessing tools. If these tools fail to crack the password a password sniffing tool will be applied to collect all information that is not encrypted coming to and from the network.Password sniffing is explained more here;

1.5 What is a password sniffer?
“A password sniffer is a software application that scans and records passwords that are used or broadcasted on a computer or network interface. It listensto all incoming and outgoingnetwork traffic and records any instance of a data packet that contains a password.A password sniffer installs on a host machine and scans all incoming and outgoing network traffic. A password sniffer may be applied to most network protocols, including HTTP, Internet Message Access Protocol (IMAP), file transfer protocol (FTP), POP3, Telnet (TN) and related protocols that carry passwords in some format. In addition, a password sniffer that is installed on a gateway or proxy server can listen and retrieve all passwords that flow within a network. A password sniffer is primarily used as a network security tool for storing and restoring passwords. However, hackers and crackers use such utilities to sniff out passwords for illegal and malicious purposes”. (Cory Janssen) http://www.techopedia.com/definition/8798/password-sniffer To ensure the security of single factor authentication users have to have a strong password, in order to do this the password is advised to be at least 8 to 15 characters long and contain upper, lower case numbers, numeric characters or symbols. As it is so easy for hackers to crack password codes it is advised to use a more safe form of authentication. 1.6 Two factor authentication (2FA)

Stronger security can be implemented with the use of two factor authentication; this authentication is more suited where a high level of security assurance is needed such as online banking services. Two factor authentication, also known as two step authentication it is a process that requires two steps or credentials to gain access to the resource, which is two of the above three factors of authentication (something the user has and something the user knows) which is generally some type of a security token and a security pin or a password. ATM cards are a form of two factor authentication as it requires something the user has, which is the bank card and something the user knows which is the secret pin, some online web sites have now also started to use this form of authentication. Google is one example of this, the process requires the user to enter their account name and password then the website will send the user a security code to the users mobile phone by text when received the user will enter the received security code to the website and if correct the user will gain access to the account. This type of authentication will be time consuming for users, but the security effect will be a lot tighter as not only will the hacker need to crack the users password but would also need access to the users mobile phone in order retain the security code from the website. 1.7 Figure 2. Two factor authentication diagram:

This image was taking from the address below:
http://techpp.com/2010/09/20/two-factor-authentication-coming-to-google-apps/ 1.8 Three factor authentication (TFA)
Three factor authentication is achieved by combining three credentials of the above three factors; something the user knows (password or a pin) something the user has (smart card or password token) and something the user is (biometric verification) this type of authentication is costly and used for the protection of very important data. Three factor authentication is very effective as a hacker would need to discover 1. The users password

2. The users smart card or security token
3. Replicate the users fingerprint, eye print etc.
To gain access to the account ,this would be a very hard task to complete and take a lot of time, as the user could not lose DNA where as a password could easily be forgotten or hacked and a smart card or token could easily be lost or stolen.

1.9 Figure 3. Biometric enrolment and authentication process diagram:

This image was taking from the address below:
http://flylib.com/books/en/3.211.1.173/1/

Cite This Document

Related Documents

  • WHAT THE H2!?

    ...WHAT THE H2!? 09-10-13 This is journal entry #20 10:30 AM 8/10/2050: The riots are still raging in the streets and gas prices are $200 a gallon. It has been 15 days since we have been told that there is no more fossil fuels. Our civilization is at the tipping point; like I said there is violent riots in the streets the lights are not turning...

    Read More
  • what is federalism

    ... What is Federalism? Carmen Torres Prof. Tracy Herman POL 110: US Government May 18, 2014 Abstract This paper will illustrate what is the meaning of federalism and what it does for us. I will talk about how it helps our political system and if it does us any good. How has federalism changed the behavior to our ...

    Read More
  • What

    ..."FREEDOM" "Freedom"  (full) The cry awoke Balintawak, And the echoes answered back;   "Freedom!" (fading away) All the four winds listened long To the shrieking of that song; FREEDOM Every poet struck his lyre With those burning notes of fire; FREEDOM! Girls: All the women knelt to pray In their hearts that frenzied lay. Boys:...

    Read More
  • What!!!?

    ...the enzyme change as its concentration is increased? As the more of the enzyme is added, the time in minutes for the reaction to happen decreases. This means that enzyme activity is increased as the concentration of the enzyme is increased. What are some reasons for these changes in activity? The enzyme binds to or somehow interacts wit...

    Read More
  • What

    ...hahaha Delta Air Lines-Northwest Airlines merger From Wikipedia, the free encyclopedia [pic] [pic] Most common symbol for the merger On April 15, 2008, Delta Air Lines and Northwest Airlines announced a merger agreement.[1] The merger of the two carriers formed, at the time, the largest commercial airline in the world, with 786 ...

    Read More
  • To Be or Not to Be What

    ...To Be or Not To Be What? While Hamlet’s, “To be or not to be” soliloquy is one of the most famous soliloquies throughout all of literature, the meaning of what Hamlet is trying to convey is commonly misunderstood. While it appears Hamlet is speaking on the manner of life or death itself, his ideals are more logical then how the...

    Read More
  • What

    ...WHy hello there. What am i actually supposed to write here? Idek. j jasjspw uduueje dudhisjjskw sdydjr ruufyht igiguthjt jghfurkfhd djdhhhhd dhoweih fhf f. rehhell ojjrntmt jjjdyr rhdjdnf gieejrn si fihsdfs dsdf/ . oepedh dheiowelhlledf n Cicero[edit] The Torrio-Capone organization, as well as the Sicilian-American Genna crime family, compete...

    Read More
  • What

    ...(Units: 1–4) Q. 1 (a) What is entrepreneurship decision process? (10) (b) Discuss the role of entrepreneurship in economic development of Pakistan. (10) Q. 2 (a) Differentiate between investors and entrepreneurship. (10) b) Discuss the problems and barriers to international entrepreneurs. (10) Q. 3 (a) Describe...

    Read More

Discover the Best Free Essays on StudyMode

Conquer writer's block once and for all.

High Quality Essays

Our library contains thousands of carefully selected free research papers and essays.

Popular Topics

No matter the topic you're researching, chances are we have it covered.