User identification and authentication are essential parts of information security. Users must authenticate as they access their computer systems at work or at home every day. Yet do users understand how and why they are actually being authenticated, the security level of the authentication mechanism that they are using, and the potential impacts of selecting one authentication mechanism or another?
Introducing key concepts, Mechanics of User Identification and Authentication: Fundamentals of Identity Management outlines the process of controlled access to resources through authentication, authorization, and accounting in an in-depth, yet accessible manner. It examines today's security landscape and the specific threats to user authentication. The book then outlines the process of controlled access to resources and discusses the types of user credentials that can be presented as proof of identity prior to accessing a computer system. It also contains an overview on cryptography that includes the essential approaches and terms required for understanding how user authentication works.
This book provides specific information on the user authentication process for both UNIX and Windows. Addressing more advanced applications and services, the author presents common security models such as GSSAPI and discusses authentication architecture. Each method is illustrated with a specific authentication scenario.
Dobromir Todorov (Consultant Buckinghamshire UK)
Auerbach Publishers Inc.
Country of Publication:
18 June 2007
Professional and scholarly
A / AS level
USER IDENTIFICATION AND AUTHENTICATION CONCEPTS Security Landscape Authentication, Authorization, and Accounting Threats to User Identification and Authentication Rainbow Attacks Authentication Credentials Enterprise User Identification and Authentication Challenges Authenticating Access to Services and the Infrastructure Delegation and Impersonation Cryptology, Cryptography, and Cryptanalysis UNIX USER AUTHENTICATION ARCHITECTURE Users and Groups Simple User Credential Stores Name Services Switch (NSS) Pluggable Authentication Modules (PAM) The UNIX Authentication Process User Impersonation Case Study: User Authentication Against LDAP Case Study: Using Hesiod for User Authentication in Linux WINDOWS USER AUTHENTICATION ARCHITECTURE Security Principals Stand-Alone Authentication Windows Domain Authentication Federated Trusts Impersonation AUTHENTICATING ACCESS TO SERVICES AND APPLICATIONS Security Programming Interfaces Authentication Protocols Transport Layer Security (TLS) and Secure Sockets Layer (SSL) Telnet Authentication HTTP Authentication POP3/IMAP Authentication SMTP Authentication SSH Authentication Sun RPC Authentication SMB/CIFS Authentication NFS Authentication Microsoft Remote Procedure Calls MS SQL Authentication Oracle Database Server Authentication Oracle Legacy Authentication Database MS Exchange MAPI Authentication SAML, WS-Security, and Federated Identity AUTHENTICATING ACCESS TO THE INFRASTRUCTURE User Authentication on Cisco Routers and Switches Authenticating Remote Access to the Infrastructure Port-Based Access Control Authenticating Access to the Wireless Infrastructure IPSec, IKE, and VPN Client Authentication Centralized User Authentication APPENDICES References Lab Configuration Indices of Tables and Figures
Consultant, Buckinghamshire, UK
Reviews for Mechanics of User Identification and Authentication: Fundamentals of Identity Management
By the authors providing a 'hacker' perspective, readers will more fully understand the ramifications of having an insecure computer, server, network, program, database and or policy. ... [T]here are important discussions of the non-technical kind [of insecurity] like policy, which is too often overlooked in many organizations. ... What is most impressive about the book is its outlines of specific exploits and attacks with prescribed defenses. ... Coupled with good illustrations and detailed explanations[,] this is a great resource... - E-Streams, Vol. 7, No. 9, September 2004 This is a must-have book for those preparing for the CISSP exam and for any information security professional. - Zentralblatt MATH 1054, May 2005