Manualshelf

Datasheet

ManualsBrandsFor Dummies ManualsSoftware978-0-470-64748-6
12345678910
Introduction to Security Terminology
450
Introduction to Security Terminology
Let me start the discussion by going over some basic security concepts and
terminology. The CCENT certification exam expects you to have some
background in security best practices, so this chapter is designed to expose
the concepts to you. The next chapter looks at specific steps you need to
take to secure your Cisco devices.
Authentication
Authentication is the process of proving one’s identity to the network
environment. Typically, authentication involves typing a username and
password on a system, and it is then verified against an account database
before you are granted access. There are different methods you can use to
authenticate to a system or network — you can supply a valid username and
password or maybe even use biometrics to be authenticated. Biometrics is
the concept of using a unique physical characteristic of yourself to authenticate
to the system, such as a fingerprint, a retina scan, or voice recognition to
prove your identity.
Consider these three different forms of authentication, known as authentication
factors, and their uses:
Something you have: Dependent on the user having an object in her
possession to prove who she is. An example of this authentication is
possession of an ID card or door key.
Something you know: Dependent on the user knowing a piece of
information to validate who he is. Examples of this are knowledge of a
password, pass code, or even a PIN (personal identification number).
Something you are: Dependent on you proving your identity by
something you are, such as a fingerprint or retina scan — so biometrics
falls into this authentication factor.
Most authentication systems use a two-form authentication factor, where
two of the three factors mentioned here are used. For example, it is not
enough to have the ATM card in your possession to use it — you must know
the PIN for that card as well.
Smart card
A popular authentication device used today in networking environments
is a smart card, which is a small, ATM card–like device that contains your
account information. You insert the smart card into a smart card reader
that is connected to a computer, and then you enter the PIN associated with
the smart card. This is an example of securing an environment by requiring
the user to not only have the card, but also know the PIN — an example of
two-form authentication.
22_647486-bk04ch01.indd 45022_647486-bk04ch01.indd 450 10/15/10 11:27 PM10/15/10 11:27 PM