| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Biometrics
|
|
Passwords
|
|
PKI
|
|
An Overview of Different Authentication Methods and Protocols Authentication can be accomplished in many ways. The importance of selecting an environment appropriate Authentication Method is perhaps the most crucial decision in designing secure systems. Authentication protocols are capable of simply authenticating the connecting party or authenticating the connecting party as well as authenticating itself to the connecting party. This overview will generalize several Authentication Methods and Authentication Protocols in hopes of better understanding a few options that are available when designing a security system.
By Richard Duncan, 03/24/2004
|
|
A Concept for Universal Identification The goal of this paper is to provide a detailed look at a new perspective for a unified, secure and consolidated form of personal identification. The advanced yet inexpensive technology exists today to step up modern identification to the next level. The combination of various forms of authentication with Public Key Infrastructure (PKI) can yield a versatile yet secure form of access to most anything requiring a key. Inexpensive smart cards with built in fingerprint readers are available, providing the secure storage of a smart card with a quite secure form of biometric authentication. Applications requiring increased security and authentication can use relatively inexpensive retina or iris scanners.
By Daniel E Williams, 03/24/2004
|
|
Authentication and Authorization: The Big Picture with IEEE 802.1X In the enterprise, Auth-x will provide IT staff and network managers with the ability to tighten security by enabling improved, automated implementation of their security policy. Auth-x brings authentication and authorization down to a port level, enabling true privilege-based management of network services. When deployed on a large scale, Auth-x becomes an important moderator for Internet traffic. In fact, in a few years, it will be hard to picture the Internet with out it. Auth-x puts security managers in control.
By A Arthur Fisher, 03/24/2004
|
|
Web Single Sign-On Meets Business Reality Single Sign-On (SSO) will not provide SSO across all applications. Even scaling SSO to just Web servers is a challenge. While vendors will tell you how easy Web SSO is, and how quickly it can be deployed, the reality is quite different. This paper discusses some of the real-world operational challenges in getting a Web-only SSO deployed, starting with the impetus for why to deploy SSO; some considerations in vendor selection; operational considerations in a deployment, including challenges with having SSO and load balancing work effectively together, and; some compensating security controls are discussed.
By Tim Mather, 03/24/2004
|
|
Smart Cards: How Secure Are They? To understand these arguments, we will look at the history, types and uses of smart cards and how they may be vulnerable. Since smart cards were never designed to be standalone systems, we will look at some of the applications that have incorporated smart cards into their design to see how they work, potential motivation for why they might be threatened, and review some of the documented attacks. Next we will look at the how to do the cost/benefit analysis of incorporating smart cards. At the end we will determine how secure smart cards really are based on the analysis in the rest of this paper.
By John Abbott, 03/24/2004
|
|
How to Install IC Radius and Extend via Custom Perl Script Efficient, scalable multi-platform authentication poses many problems to all systems administrators. RADIUS is a flexible authentication protocol that can be used to centralize authentication. In this HOW TO I will investigate how for a typical company you can install and extend a freely available radius server. In addition, detailed steps also show how the extended radius server can be configured to authenticate a selection of different network elements.
By Michael T Meacle, 03/24/2004
|
|
Making Smart Cards Work In the Enterprise This paper examines some of the key benefits that can be realized from employing smart cards, and it explains how smart cards can be used to significantly improve both physical and logical security. Additionally, it provides an overview of some strategic infrastructure elements needed to make smart cards work in an enterprise environment, including complimentary technologies, personnel, hardware, software, and perhaps most importantly, policies and procedures.
By Brett Lewis, 03/24/2004
|
|
Single Sign On Through Password Synchronization This paper is a case study on a project to provide a Single Sign On (SSO) solution to web based applications that use the mainframe as the data store. The paper begins with a thorough description of the high level business requirements. There is a high level overview of Single Sign On and the underlying technologies. The reader is taken through the steps of developing the detailed technical requirements, researching products, trialing products, product selection, customization, implementation and after implementation review. This paper should provide guidance to other security professionals faced with providing a Single Sign On solution. The Single Sign On solution covered is based on password synchronization. The lessons learned from managing this project are shared, as well as the additional benefits of our password synchronization solution.
By Nancy Loveland, 03/24/2004
|
|
In Pursuit of Liberty? The Liberty Alliance Project is a consortium of industry leading business and technology companies that have banded together to create an open standard specification for securely sharing user identity information. In today's world most users have unique user ids and passwords for each of the services they interact with on the enterprise network or internet. The specification offers a solution to the problem by suggesting that users can choose to link their various accounts together facilitating single sign-on and global logout. There are currently a few vendors offering proprietary solutions in this space. The largest of these is Microsoft .NET Passport. There appears to be fierce competition between members of the consortium and Microsoft. The Liberty specification is relatively new and, it will take some time to see whether the industry will start building solutions based on the specification.
By Randy Mahrt, 03/24/2004
|
|
An Introduction to Identity Management The purpose of this document is to offer a broad overview of current identity management technologies and provide a framework for determining when an identity management system would benefit your company. This document first defines the underlying business problems and resulting business risks inherent in managing user identity information across a heterogeneous technology infrastructure. Next, this document highlights the unique challenges of implementing an identity management solution. This document introduces the functionality of an identity management solution and describes this functionality within the context of the identity management infrastructure. Next, this document highlights products from leading vendors. Finally, a basic framework is provided to help determine if an identity management solution would benefit your company.
By Spencer C. Lee, 03/24/2004
|
|
Page: 12 3 45 |
