Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
21222324252627282930
1-7
Access Control Concepts
Network Access Control Technologies
Authentication
Authentication is the process by which a device determines the identity of a
user connecting to a network or attempting to access a resource.
Authentication Factors. A human can identify another human in many
different ways: by a name, a face, an ID badge, or knowledge of a certain piece
of information. And a human can rely on his or her judgment to inform the
identification. In the networking world, authentication boils down to a user
submitting certain information that an authentication server uniquely associ-
ates with that user.
However, the information submitted can take several forms, or factors:
Something the user knows—The user submits a password, which the
authentication server has already associated with the user’s name (also
submitted during authentication). Assuming that no one else knows the
password, the server equates a correct password with an authentic user.
Although relatively easy to deploy, this factor is also the least secure.
Users may write down their passwords where anyone can find them; they
may tell them to friends and family members; they may select easily
guessed passwords. In addition, passwords that are not changed often
enough can be cracked, and passwords submitted or stored in an insecure
manner can be hijacked.
Still, steps have been taken to address these issues. Databases often store
passwords in non-reversibly encrypted form; users may be required to
choose non-dictionary passwords and to change passwords frequently. In
addition, most authentication protocols require users to submit pass-
words in encrypted form. You need to consider these issues when you
select an authentication protocol because, implemented correctly, pass-
words are still often a good choice for credentials. (For more information,
see “Authentication Protocols” on page 1-23.)
Something the user has—The user owns a physical object, such as a
token card or smart card, that identifies him or her, usually by storing
credentials that cannot be compromised without destroying the device.
The stored credentials often take the form of a private key/digital certifi-
cate. The private key “signs” data to prove that the user, who is identified
in the associated digital certificate, is the source of the data.
Instead of being installed on a smart card, the private key/digital certifi-
cate can be stored directly on a users endpoint. In this case, owning the
endpoint (with installed certificate) is what proves the user’s identity.