Anda di halaman 1dari 2

Authentication: Meaning of it.

It is the method of limiting information access permissions to limited users or one single user by
specifying which users can access them resources and the circumstances for their access. (Eg:
Company data that can be accessed when logged on from a computer that is physically on-site but
not from a remote connection). The backbone of this system is user identification.

How it works:
The system requires a credentials to identify a user as the person who is authorized to access
it. There are several ways of achieving this, however, the basic authentication process is the
same for all methods.
A valid user account has to be created and configured specifying user’s permissions and
rights by the network administrator then a password is assigned / a smart card issued, or a
biometric scan entered into the network database against which future readings will be
verified and compared.
In the event of a log in, user enters the credentials i.e. username and password or pin or
biometric scan, then the system cross verifies with the network database for the original entry
and makes a comparison. If the credentials of the user match those in the database, the
information or account can be accessed.
Types:

There are numerous kinds types. Recent cut throat competition and hacking threats demands
authentications that can offer more protection especially in the cases of highly sensitive data.

1. Password authentication: is the most common type however, it is not the most secure.
A computer or network can be logged into with a username and corresponding password used
specially for that account. The details are verified against a database that contains all users
and their corresponding passwords. Windows 2000 network, stores this data in the Active
Directory.

2. Smart card authentication: are devices that house a chip, which is used to maintain
personal information for identifying a person and authenticating them. Like an ATM or credit
card, it requires to be physically inserted in to a chip reader and then unique number is used
to unlock it. Since it uses cryptographic information it provides greater security than a
password.

3. Biometric authentication: is a method of system unlocking using biological


characteristics like the retinal pattern, finger prints etc. it is more secure than smart cards or
password authentication. It requires costly equipment.

Advantages of multi-layered authentication


Multi-layered authentication adds extra protection and is useful in cases where data or
information is highly valuable or sensitive. In a multi-layered authentication system, the user
provides more than one type of credential. Example, a user could provide both a fingerprint
and a smart card. A multi-layered system is used to decrease the chances of unauthorized
access to sensitive data.

Authentication methods and protocols


There are numerous authentication methods and protocols that can be applied depending on
the application and security requirements. The below list are not the only methods of
authentication but they are popularly used.

 Kerberos: it uses temporary tickets which are encrypted and contains the user log in
details. It was initially developed for UNIX networks and since then it was widely
accepted and now it is incorporated in the Microsoft OS.

 SSL: Called secure Sockets Layer and is based on digital certificates that allow
webservers to verify the others identify before a connection is established. It functions
using a combination if public key technology and secret key technology which
operate at lower layers.

 Microsoft NTLM: uses the challenge/response method. Provides increased security


as the user credentials are not transmitted across the network.

 PAP and SPAP: PAP is compatible across different server types and provides user
authentication over remote access control. SPAP on the other hand, is PAP’s
improvement in terms of security because of its encryption. The credentials are sent
across the network and decrypted and matched with the database then the access is
provided.

 CHAP and MS-CHAP: CHAP is a one-way encryption method for remote access
security. It proves more security than PAP or SPAP because the credentials are not
sent across the network. MS-CHAP is a two-way authentication method where
separate encrypted keys are used for transmitted and received data.

 EAP: Means of authenticating a point to point connection, where computers negotiate


an authentication scheme.

 RADIUS: mainly used by internet providers for authenticating its users.

 Certificate services: used to authenticate and secure communications on unsecured


connections. A public key is associated to a user and the other party has the private
key.

Conclusion

Authentication is a critical part of data and information protection and is an important part of
a network’s security scheme, as it confirms the user’s identity, and the validity of the
computer, or service. Owing to the many ways mentioned in the article above an ideal
authentication method can be chosen depending on network operating system and connection
type.