Free Essay

The Security Authentication Process

In: Computers and Technology

Submitted By ajohnson1527
Words 1415
Pages 6
The Security Authentication Process
Simply put, authentication is the process by which a subject’s (or user’s) identity is verified (Conklin, White, Williams, Davis, & Cothren, 2012). An example of authentication most people are familiar with is their e-mail login. For instance, Gmail requires a person’s Gmail address and individual password to access his or her Gmail account. However, there are numerous types of authentication outside the common username and password. Furthermore, authentication is used in numerous areas of a system to re-verify a user’s identity when he or she is accessing a new area of the system, accessing encrypted data types, and securing the preservation of a system. This paper evaluates the different authentication types, their applications, and additional security measures for securing a system and its data.
Types of Authentication
According to Whitman and Mattford (2010), there are four types of authentication mechanisms, which are: * Something a person knows (passwords or passphrases) * Something a person has (such as cryptographic tokens or smartcards) * Something a person is (a fingerprint, retina or iris scan, or hand topography or geometry * Something a person produces (such as voice or pattern recognition)
The level of access control associated with a system and the data contained on the system is determined by legislation (varies geographically) governing data, and control policies developed and implemented by the entity who owns or controls the data. Passwords and passphrases, or something a person knows, are potentially the most commonly recognized forms of authentication. Specific examples of password and passphrase authentications include a Personal Identification Number (PIN) used at a bank ATM or a password safeguarding an e-mail account. However, stronger authentication is required for some data types, which includes the addition of secondary authentication mechanisms. A bank ATM does not simply allow a person to retrieve cash by entering a PIN. Customers are required to insert their bank card at the ATM, which prompts for the PIN associated with the customer’s card after insertion. The bank card acts as the second item from the list above and is classified as something a person has. Another example of something a person has is using a Common Access Card (CAC) or smartcard to access a system and the data contained therein. Applebee’s Neighborhood Bar and Grill requires employees to carry a smartcard to gain access to their Point-of-Sale (POS) systems. The card has a magnetic strip with an employee’s information programmed into it. Simply sliding the card through a card reader provides Applebee’s employees with access to the POS system where they can do number of tasks such as clock in and out for shifts and place orders for guests. The third type of authentication mechanism from the list is something a person is. For example, a system manufacturer may provide consumers with the option to equip their systems with biometric recognition software and hardware to prevent unauthorized access to a system and its data. This hardware may be used to recognize items such as finger, thumb, or palm prints, facial recognition, or retina or iris scans, which help to verify or authenticate a person’s identity. Types of biometric software includes Verisoft Access Manager, DigitalPersona, and HP Protect Tools, and the hardware used to verify biometrics includes cameras for facial recognition of scanners for recognizing items such as a thumb or finger prints. Something someone produces is the fourth and final type of authentication method from the list above. Examples of things a person produces for authentication are signatures or patterns and speech or audible sounds. Android powered devices such as smartphones and tablets offer a great example of pattern recognition for authenticating a user, which comes in the form of a pattern lock. The user is shown a twelve-dot matrix in which he or she can draw a pattern by connecting the dots. If the person attempting to unlock the device does not draw the approved pattern he or she is denied access to the device. Voice recognition software is another method for verifying a user’s identity through something he or she produces. An example is a person stating their name when prompted by a system to verify his or her identity for the system.
The Authentication Process
The authentication process seems fairly easy to explain using a Personal Computer (PC). When a person sets up a PC for the first time they set up a user profile. A person selects his or her user profile to access their personal profile and data on a system. The user is given the option to set up password protection for his or her profile (something a person knows). To sign on to the PC a user selects his or her profile and enters the password associated with the profile. An invalid password entry restricts access to the selected user profile.
An alternative to using a password is biometrics. Facial recognition software is one example of biometrics. Software installed on a system can control a camera to scan and authenticate a person’s face using various facial features such as a person’s jaw line, upper eye socket outlines, proportion of features such as distance and size of nose, mouth, etc. (FindBiometrics, 2014). Fingerprint, thumb, and palm readers are also good examples of biometric devices. These scan the features of a person’s features to verify their identity. These are excellent sources for authentication because each person’s hand feature is unique to them.
The use of two or more is known as strong authentication (Whitman & Mattford, 2010). Using smartcards in conjunction with PIN is an excellent example of strong authentication. Military and corporate systems are examples of places where strong authentication can prove useful for safeguarding IT systems and the data stored on them. Google uses a secondary authentication method to authenticate users in which a verification code is sent to a user’s phone as a text message. This is similar to having a token without the need to purchase and carry an additional product with a single function.
Securing Data
The authentication process is the first step in securing and preserving data. Using a password deters unauthorized access, but it is not an impenetrable means of security. Administrators can schedule system backups to further safeguard and preserve the integrity of a system and its data from damage or loss resulting from unauthorized access and even hardware or software failure. These backups allow for the restoration of a system in the event an attack is successful and data become damaged or lost. Several factors require consideration regarding backups, which include frequency of backups, extent of data that is backed up, process followed to backup data, verification of data backup creation, retention of data backups, storage of backups, and number of backups (Conklin, White, Williams, Davis, & Cothren, 2012). Creating and implementing a solid backup plan help reduce the amount of damage caused if authentication security measures fail or hardware or software failure results in data corruption.
Conclusion
Authentication is the process in which a user’s identity is verified (Conklin, White, Williams, Davis, & Cothren, 2012). Authentication is used every day in many ways. Signing on to a PC, work station, mobile phone, tablet, or even accessing a bank ATM all require authentication using one, or a combination, of the four authentication types. A PC may require a password whereas access to a work station may require an employee to use biometric authentication methods such as facial recognition software or print scanners to scan a user’s finger or thumbprint. A more advanced means of authentication in a workplace may require the use of a smartcard and PIN to gain access to a system. Financial institutions use ATM cards with PIN to aid in the prevention of unauthorized use of a customer’s card. Regardless of use, authentication is the first line of defense for safeguarding data. Following authentication is the use of backups for securing data. Backups reduce the damage caused in the event of unauthorized access and hardware or software failure. Organizations can benefit from solid backup policies and procedures coupled with strong authentication mechanisms to secure the data of a system from unauthorized access and unexpected hardware or software failures.

References
Conklin, A. W., White, G., Williams, D., Davis, R., & Cothren, C. (2012). Principles of Computer Security: CompTIA Security+ and Beyond. McGraw-Hill.
FindBiometrics. (2014). Facial Recognition. Retrieved from findbiometrics.com: http://findbiometrics.com/solutions/facial-recognition/
Whitman, M. P., & Mattford, H. M. (2010). Management of Information Security. Mason: Cengage Learning.

Similar Documents

Premium Essay

Securing and Protecting Information

...on numerous users can be achieved at a single click. The methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks. Security Authentication Process Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication process is incorporated in identification of the foreign program. Therefore, the most common authentication application is done through incorporation of passwords. Before description of the authentication process, it is important to explain some of the important terms. In this concept, the term AAA is commonly employed to mean authentication, accounting, and authorizations. Let us now...

Words: 1094 - Pages: 5

Premium Essay

Securing and Protecting Information

...on numerous users can be achieved at a single click. The methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks. Security Authentication Process Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication process is incorporated in identification of the foreign program. Therefore, the most common authentication application is done through incorporation of passwords. Before description of the authentication process, it is important to explain some of the important terms. In this concept, the term AAA is commonly employed to mean authentication, accounting, and authorizations. Let us now differentiate between these terms. *...

Words: 1090 - Pages: 5

Premium Essay

Disaster Securing and Protecting Information

...Disaster Securing and Protecting Information Sherry Stender CMGT 400 December 10, 2012 Dr. Derek Sedlack Disaster Securing and Protecting Information Authentication, verifying a user’s identity, is an important way to establish trust in business processes. Authentication is the process of verifying a user’s claim of identity and is most commonly implemented through a username and password combination when logging into a business’ system or application. While the password and username combination is the most common, there are various other methods of authentication such as: voice recognition, a token device, or swiping a smart card. Authentication is based on the principle that a proper form of identification is not produced by the user that the system will not correlate an authentication factor with a specific subject. Many factors can contribute to a system’s security, but the authentication is a key element to the success of a secure information system. Authentication is vital for maintaining the integrity, confidentiality, and availability of a business’ IT infrastructure. The application of access controls includes 4 processes: * Identification- obtaining the identity of the user that is seeking access to a physical or logical area * Authentication- confirming the user’s identity that is requesting access to a physical or logical area * Authorization- determining which specific actions can be performed by the authenticated user in a specific logical......

Words: 1433 - Pages: 6

Premium Essay

Securing and Protecting Information

...extremely important to maintain devices connected to the internet secure from risks and threats. Remote access enables users outside a network access and provides privileges based on the security settings. Users are able to access resources through an internet service provider or ISP which is connecting remotely to the resources online. Secure connectivity is able to be done due to an authentication process, this process establishes a user’s identification to enable access and grant permissions. There are several ways to establish a network connection based on the software, hardware, and network type and security requirements. Security authentication Wireless devices are able to connect remotely involving two elements: a temporary network connection and a series of protocols that set the privileges and commands. The temporary network connection, occurred through a wired connection or wireless access, or any other method of connecting to a network. The primary issue is authenticating the identity of the user and establishing proper privileges for that user. This is accomplished using a combination of protocols and the operating system on the host machine. The three steps in the establishment of proper privileges are authentication, authorization, and accounting, also known as AAA. Authentication is the matching of user-supplied credentials to previously stored credentials on a host machine, and it usually involves an account username and password. Once the user is......

Words: 1275 - Pages: 6

Premium Essay

Security Authentication

...Security Authentication Process CMGT/400 February 9, 2013 Anthony Seymour Security Authentication Process Like most people who are computer users, you do not simply turn on your computer and start accessing programs. There are systems put in place by the user, or the administrator of the network to ensure that the properly authorized people gain access to their information. Specific profiles are created to differentiate amongst the users that allow each unique user to create, delete, and print or any other process they have access to. The process needs to be thoroughly planned out, and there also has to be a determination how whether it will be managed locally, or by third party software. This management of access controls actually comes in four different steps. The steps are: Identification, Authentication, Authorization, and finally, Accountability. No administrator worth his salt will incorporate any sort of security authentication process without these four basic steps. A properly configure authentication process will protect your network from such threats as password cracking tools, brute force attacks, the abuse of system rights and outright impersonation of authenticated users. Identification is the first of the four steps of the security process. Anyone that wishes to gain access to a system is referred to as a supplicant, and the tool that they use to gain entry to the system is referred to as an Identifier. This identifier can be a myriad of different......

Words: 1640 - Pages: 7

Premium Essay

Security Authentication

...Securing and Protecting Information Authentication is a very common aspect of today's technology world. Anyone that uses a computer or mobile device has most likely used some form of it when logging into school accounts, shopping online, using social media, or accessing systems at work. What most individuals do not realize is that there are differing forms of authentication and ways it is used. Additionally, most people will not have any idea what is going on behind the scenes during authentication. He or she only knows that a login ID and password are required to gain access to the system. What is Authentication? The authentication process and other considerations affect the entire design and development for information systems. This and other preventative measures are used for securing data over a variety of systems. In order to learn about the authentication process, first it must be understood what security authentication is. The commonly accepted definition of security authentication is, according to “The business Of Authentication” (n.d.) “…the process of determining if a user or identity is who they claim to be. Authentication is accomplished using something the user knows (e.g. password), something the user has (e.g. security token) or something of the user (e.g. biometric) (para. 1). The important terms here are something the user has and something the user knows. In early authentication processes like automated teller machines (ATM), this idea was......

Words: 1455 - Pages: 6

Premium Essay

Week 1

...It is necessary to secure the authentication method to safeguard the system against varied forms of security threats like password cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and reply attacks. Additionally, if there share resources on the network with alternative organization in which information is exchange. Like most people who are computer users, you do not simply turn on your computer and start accessing programs. There are systems put in place by the user, or the administrator of the network to ensure that the properly authorized people gain access to their information. Specific profiles are created to differentiate amongst the users that allow each unique user to create, delete, and print or any other process they have access to. The process needs to be thoroughly planned out, and there also has to be a determination how whether it will be managed locally, or by third party software. This management of access controls actually comes in four different steps. The steps are: Identification, Authentication, Authorization, and finally, Accountability (Whitman & Mattord, 2013). No administrator worth his salt will incorporate any sort of security authentication process without these four basic steps. A properly configure authentication process will protect your network from such threats as password cracking tools, brute force attacks, the abuse of system rights and outright impersonation of authenticated......

Words: 1038 - Pages: 5

Free Essay

Access Control Mechanism

...Access control through two-Factor Authentication Access Maintaining data security has become more of a challenge, it is tough to anticipate attacks and prevent all the loopholes in software’s providing security. Verizon in their 2013 Data Breach Investigation Report stated that “Almost 80 percent of the attacks could have been prevented by using something other than single-factor username-password.” Two –factor authentication (2FA) when applied is one the best ways to secure your accounts online. It is basically a system that implements multiple factors for a verification process. This authentication stems from the principle of “Something the user knows” this could be a username, phone number, password or a personal question and “Something the user has” this would include a one-time passcode, key generator or a smart card. The verification process is similar to the process you would experience at an airport ticket counter. Your ticket when presented at the security acts as your identification and your photo id like the state-id or a passport through your photo would verify that it is you. Two-way authentication is a method of overcoming the problems associated with the single authentication process, when used efficiently it provides the following benefits. * Improved security: Since this authentication process is a 2 fold approach it ensures that even if a user’s password is compromised the hacker will be denied access until they provide the correct second......

Words: 799 - Pages: 4

Premium Essay

Cmgt 400 Intro to Information Assurance & Security

...methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks. Security Authentication Process Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication process is incorporated in identification of the foreign program. Therefore, the most common authentication application is done through incorporation of passwords. Before description of the authentication process, it is important to explain some of the important terms. In this concept, the term AAA is commonly employed to mean authentication, accounting, and authorizations. Let us now differentiate between these terms. Authentication simply means the process to verify, a user or persons......

Words: 1123 - Pages: 5

Premium Essay

Is3232

...IS3230 Access Security Unit 1 Introduction to Access Control, Authentication, and PKI skong@itt-tech.edu k @itt t h d © ITT Educational Services, Inc. All rights reserved. Learning Objective and Key Concepts Learning Objective Define authorization and access to an information technology (IT) infrastructure based on an access control policy framework. Key Concepts Access control policies, standards and procedures, and guidelines U.S. Federal d State U S F d l and St t compliance l li laws Fundamental access control concepts Identification, authentication Identification authentication, and authorization IS3230 Access Security © ITT Educational Services, Inc. All rights reserved. Page 2 EXPLORE: CONCEPTS IS3230 Access Security © ITT Educational Services, Inc. All rights reserved. Page 3 Access Control Enables an authorized person to control access to areas and resources in a given physical facility or computer-based information system IS3230 Access Security © ITT Educational Services, Inc. All rights reserved. Page 4 Primary Components of Access Control Policies: Defined from laws, requirements, and industry guides Subjects: People who need to access or are restricted from accessing Objects: Resources or information that need protection IS3230 Access Security © ITT Educational Services, Inc. All rights reserved. Page 5 Compliance Laws and Industry Guides Federal Laws State Government Laws Industry Guides IS3230......

Words: 836 - Pages: 4

Premium Essay

Securing and Protecting Information

...Information Instructor: April 24, 2014 Security Authentication Process It is necessary to secure your authentication method to safeguard your system against varied forms of security threats, like password-cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and reply attacks. Additionally, if you share resources on your network with alternative organizations, you need to make sure that your authentication policies are interchangeable with the organization in which you are exchanging your information with. Authentication is the method in which a person must prove that they are who they say they are. Public networks as well as private networks (including the Internet), use authentication to utilized or authorize logins and passwords. Data is required and ran through the password database to ensure that the user is authentic. Before anyone is allowed to access an organization’s intranet, they must first register or be registered by someone that has the appropriate credentials to perform these tasks. For this reason, net business and plenty of alternative transactions need additional authentication methods. “The utilization of digital certificates issued and verified by a Certificate Authority (CA) as a part of a public key infrastructure is taken into account probably to become the quality thanks to perform authentication on the web” (D'Arcy, Hovav, & Galletta, 2009). Process includes: Create a strong......

Words: 1469 - Pages: 6

Premium Essay

Work1

...Fundamentals of Information Systems Security Lesson 5 Access Controls © 2014 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective  Explain the role of access controls in implementing security policy. Fundamentals of Information Systems Security © 2014 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Key Concepts  Authorization policies that apply access control to systems, application, and data  The role of identification in granting access to information systems  The role of authentication in granting access to information systems  Authentication factor types and the need for twoor three-factor authentication  The pros and cons of the formal models used for access controls Fundamentals of Information Systems Security © 2014 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Defining Access Control  The process of protecting a resource so that it is used only by those allowed to do so  Prevents unauthorized use Fundamentals of Information Systems Security © 2014 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Four Parts of Access Control Access Control Component Authorization Identification Authentication Accountability Description Who is approved for access and what can they use?......

Words: 1398 - Pages: 6

Premium Essay

Network Access Control: User and Device Authentication

...Technology Computer Manufacturing Enterprise Security Network Access Control: User and Device Authentication August 2005 Intel IT is piloting new security methods to provide network access control by authenticating devices as well as users. Since networking has evolved to support both wired and wireless access, securing corporate networks from attack has become ever more essential. Therefore, to effectively enforce network access control policies in a proactive manner, we are developing a method to authenticate users and devices before they connect to the network. Network Access Control at Intel • Over 90,000 employees worldwide • 80 percent of knowledge workers are mobile and unwired • Over 50,000 remote access users Background As a global corporation, Intel IT supports more than 90,000 employees and contractors all over the world, and 80 percent of our knowledge workers are mobile and unwired. Network access depends more and more upon wireless LANs and WANs, as well as virtual private network (VPN) remote access. All of these technologies have the potential to open our network perimeter to threats. When we considered the threat of viruses and worms, it was evident that we needed additional controls to secure the enterprise network and its information assets from unauthorized devices and unauthorized people. Figure 1 shows how we could authenticate devices and users as part of the authentication pyramid. Figure 1. Authentication pyramid Info Use......

Words: 1319 - Pages: 6

Premium Essay

Securing and Protecting Information

...Protecting Information Security Authentication Process It is necessary to secure your authentication method to safeguard your system against varied forms of security threats, like brute-force or wordbook attacks, impersonation of users, and reply attacks. Additionally, if you share resources on your network with alternative organizations, you need to make sure that your authentication policies are interchangeable with the organization in which you are exchanging your information with. Authentication is the method in which a person must prove that they are who they say they are. Public and private networks, utilize authorized logins and passwords. Data is ran through the password database to ensure that the user is someone that has the credentials to access the network. In order to allow access a company’s intranet, they must register or be registered with the appropriate credentials to access this network. For this reason, net business and plenty of alternative transactions need additional authentication methods. “The utilization of digital certificates issued and verified by a Certificate Authority (CA) as a part of a public key infrastructure is taken into account probably to become the quality thanks to perform authentication on the web” (D'Arcy, Hovav, & Galletta, 2009). Process includes: Create a strong password policy Establish an account lock out policy Assign logon hours Create a ticket expiration policy Establish network authentication process Set clock......

Words: 1442 - Pages: 6

Premium Essay

Is3230

...Week 4 Lab Part 1: Design a Multi-factor Authentication Process Assessment Worksheet Design a Multi-factor Authentication Process Lab Assessment Questions & Answers 1. In an Internet Banking Financial Institution is Single Factor Authentication acceptable? Why or why not? Yes it can be acceptable because you can buff up security elsewhere. 2. Explain the difference between Positive Verification and Negative Verification? Negative verification is the opposite of positive verification. The customer must contact the bank to verify that the information is correct. 3. What vulnerabilities are introduced by implementing a Remote Access Server? Could Allow Remote Code Execution, two heap overflow, cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. 4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service? Using multi-factor authentication. 5. Name at least 3 remote access protections or security controls that must be in place to provide secure remote access. Authorized secure remote access, Traffic inspection and Coordinated Threat Control, Centralized security management and enterprise-wide visibility and control. 6. When dealing with RADIUS and TACACS+ for authentication methods, what protocols are used......

Words: 1143 - Pages: 5