(1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.
(2) Verifying the identity of a user logging into a network. Passwords, digital certificates, smart cards and biometrics can be used to prove the identity of the client to the network. Passwords and digital certificates can also be used to identify the network to the client. The latter is important in wireless networks to ensure that the desired network is being accessed. See identity management, identity metasystem, OpenID, human authentication, challenge/response, two-factor authentication, password, digital signature, IP spoofing and biometrics.
Four Levels of Proof
There are four levels of proof that people are indeed who they say they are. None of them are entirely foolproof, but in order of least to most secure, they are:
1 - What You Know
Passwords are widely used to identify a user, but only verify that somebody knows the password.
2 - What You Have
Digital certificates in the user's computer add more security than a password, and smart cards verify that users have a physical token in their possession, but both laptops and smart cards can be stolen.
3 - What You Are
Biometrics such as fingerprints and iris recognition are more difficult to forge, but you have seen such systems fooled in the movies all the time!
4 - What You Do
Dynamic biometrics such as hand writing a signature and voice recognition are the most secure; however, replay attacks can fool the system.
(2) Verifying the identity of a user logging into a network. Passwords, digital certificates, smart cards and biometrics can be used to prove the identity of the client to the network. Passwords and digital certificates can also be used to identify the network to the client. The latter is important in wireless networks to ensure that the desired network is being accessed. See identity management, identity metasystem, OpenID, human authentication, challenge/response, two-factor authentication, password, digital signature, IP spoofing and biometrics.
Four Levels of Proof
There are four levels of proof that people are indeed who they say they are. None of them are entirely foolproof, but in order of least to most secure, they are:
1 - What You Know
Passwords are widely used to identify a user, but only verify that somebody knows the password.
2 - What You Have
Digital certificates in the user's computer add more security than a password, and smart cards verify that users have a physical token in their possession, but both laptops and smart cards can be stolen.
3 - What You Are
Biometrics such as fingerprints and iris recognition are more difficult to forge, but you have seen such systems fooled in the movies all the time!
4 - What You Do
Dynamic biometrics such as hand writing a signature and voice recognition are the most secure; however, replay attacks can fool the system.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Expert: SOA vulnerable to DNS security flaw, too
- This just in from the Black Hat security confab currently taking place in Las Vegas: Dan Kaminsky, a well-known IT security researcher, disclosed his findings around the Domain Name Server flaw or DNS cache poisoning vulnerability, and where it can bite. Tim Wilson of Dark Reading reported on Kaminsky's presentation,...
- Blog posts 2008-08-06
- Why x86 is perfectly fine for now
- Why x86 is perfectly fine for nowAgreed - But demand drives progressEverything you say is true, but the more people who say I want 64bit and I want it now, the more progress you will see in 64bit apps and drivers. If 64bit demand is low, companies will turn...
- Discussion threads 2008-08-05
- Fortify warns of configuration weaknesses in SOA deployments
- Security code review specialists Fortify Software has issued a warning about major configuration weaknesses affecting SOA service oriented architecture deployments from IBM, Microsoft and Apache. According to Fortify, certain configurations of Apache Axis, Apache Axis 2, IBM WebSphere 6.1, Microsoft .NET Web Services Enhancements WSE 2.0 and...
- Blog posts 2008-07-29
- Oracle ships emergency workaround for zero-day flaw
- For the first time since the introduction of its quarterly Critical Patch Update process in 2005, Oracle has released an emergency alert to offer mitigation for a zero-day vulnerability that's been published on the Internet. The emergency workaround, available here, addresses an unpatched vulnerability that's remotely exploitable...
- Blog posts 2008-07-28
- Safari browser flaw: Session fixation attacks possible
- Another day, another unpatched Safari browser vulnerability. According to this flaw warning found on the NVD National Vulnerability Database, Apple's flagship browser is vulnerable to session fixation attacks because of the way it handles cookies in country-specific top-level domains. [ SEE: Microsoft issues Safari-to-IE...
- Blog posts 2008-07-28
- Learning from Walmart
- Learning from WalmartLower cost, much more flexibility- no help desk needed- lets you put sysadmins into user groups, reporting to user managers- eliminates most security and processing failure risks- gives you OS independent access to software - eliminates user impact and costs of evergreen policiesHow would SUN Ray help?ntSmart displays?"put...
- Discussion threads 2008-07-28
- Click fraud in 2nd quarter of 2008 more sophisticated, botnets to blame
- Whereas the overall click fraud rate isn't increasing, it's not decreasing either, remaining flat for the first two quarters of 2008, according to data gathered from the Click Fraud Network, consisting of more than 4,000 online advertisers and agencies. Click Forensics report for the second quarter of 2008, indicates that...
- Blog posts 2008-07-25
- Facebook gets serious about app quality
- Facebook at its F8 developer powwow had a bevy of announcements that garnered interest, but among the most notable were its efforts to improve the quality of applications on the social networking site. First, the brief recap of Facebook's news (statement, Steve O'Hear's takeaways, Webware and Techmeme...
- Blog posts 2008-07-24
- |)ruid and HD Moore release part 2 of DNS exploit
- |)ruid and HD Moore release part 2 of DNS exploitSo, Linux's BIND the first to be exploited...So, Linux's BIND the first to be exploited...Nice work!CoolNate, nice post and analysis!Wasn't the replacing the ns.victim.com cache entry part of the Halvar Flake speculation? I thought first part of the exploit was to...
- Discussion threads 2008-07-24
- Microsoft gives a new Xbox 360 experience
- Microsoft gives a new Xbox 360 experienceNow, why can't they get their OS right?I'm probably too old to be a fan boy here, especially since I love about every game platform. But as a XBL user I can say Microsoft has seriously earned some respect points with the whole...
- Discussion threads 2008-07-23
- Sun to make health care play through identity
- If you're at home accessing a health care site and need authentication to reach a patient portal it's transparent to you as a patient. It's the infrastructure for their authentication and authorization by Dana Blankenhorn
- Blog posts 2008-07-20
- 'Rogue admin' thought he was protecting network and city
- Paul Venezia at PC World has an exclusive insider account on Terry Childs, the rogue network admin who locked everyone out of the city's network. The story in essence is Childs is an extreme control freak who built and maintained an extremely complex network, perhaps...
- Blog posts 2008-07-20
- Android losing it's mojo fast
- Android losing it's mojo fastForcing GTalk != do no evilYou can't get more lame than that...A note on iPhone apps.Apple would do well to remove the restriction where any non Apple application must exit not stay resident when another function is used like answering an incoming call. This will...
- Discussion threads 2008-07-19
- Spam coming from free email providers increasing
- After analyzing three weeks of spam data between June 13 to July 3, 2008, Roaring Penguin Software Inc. found evidence that spam originating from the top three free email providers (Gmail, Yahoo Mail and Hotmail) is increasing, with spammers in favor of abusing Gmail's privacy preserving feature of not including...
- Blog posts 2008-07-18
- WatchDog4.Biz Free Web site Monitoring (exe)
- WatchDog4.Biz is a Web site availability monitoring and performance monitoring tool. It is a solution that helps you to get a true picture of availability and performance of your Web sites. Using WatchDog4.Biz you can always be aware whether your online business is down or up and estimate the efficiency...
- Software downloads 2008-07-15
- Palm Treo 800w (Sprint)
- The world may still be all abuzz with iPhone 3G talk, but believe it or not, there are other smartphones out there and Sprint has just landed a pretty darn good one. Today, Palm and Sprint unveiled the Palm Treo 800w, a Windows Mobile 6.1 smartphone targeted at business users....
- Product reviews 2008-07-14
- On deck from Oracle: 45 critical database, server patches
- On deck from Oracle: 45 critical database, server patchesUnbreakable.ntRE: On deck from Oracle: 45 critical database, server patchesso tables turned? MS SQL 2005 "zero" known vulnerabilities in 2.5years.. looks like SDL works well for Microsoft and its clientsRE: On deck from Oracle: 45 critical database, server patchesIt is important...
- Discussion threads 2008-07-14
- On deck from Oracle: 45 critical database, server patches
- Database server giant Oracle plans to ship patches for a total of 45 security vulnerabilities on Thursday (July 17), bringing the vulnerability count for 2008 to a whopping 112. Since January 2006 this CPU included, Oracle has shipped fixes for a total of 572 vulnerabilities. ...
- Blog posts 2008-07-14
- Live Webcast: Guide to Evaluating Two-Factor Solutions
- If you're in the market for a two-factor solution, don't miss this live TechRepublic Webcast. Learn how to choose the two-factor solution that is the right for your business. During the webcast, we'll discuss the key drivers for a successful two-factor implementation, identify key evaluation criteria, and compare two-factor authentication...
- Webcasts 2008-07-10
- Gmail, PayPal and Ebay embrace DomainKeys to fight phishing emails
- Brad Taylor, Google's Gmail Spam Czar, has just posted details on the ongoing cooperation with PayPal and Ebay, two of the most targeted brands in phishing emails, the effect of which is rejecting compared to flagging as spam each and every email pretending to be coming from paypal.com and ebay.com...
- Blog posts 2008-07-09
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- BNET Industries
- Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
-
- The technology industry from a different angle
-
- See what's hot in the auto industry
-
- Stay on top of the energy industry
