Identification And Authentication Importance - Compaq 108164-003 - ProLiant - 800 White Paper

W P
HITE APER
(cont.)
. .
. .
encompass a broader range of security objectives. Leading vendors have entered into acquisitions
. .
and partnerships in order to offer new functionality. New functionality includes web filtering,
. .
. .
limiting the web locations employees may visit, VPN abilities allowing encrypted communications
. .
between firewalls, networks or remote clients, screening capabilities for Java and ActiveX code,
. .
. .
and logging software to audit network traffic. In addition, these vendors have made moves to
. .
improve the interoperability of disparate firewalls with other security solutions. For example,
. .
. .
Raptor Systems' firewall has built-in interoperability with tokens and authorization servers from
. .
Security Dynamics.
. .
. .
. . The broadest effort of firewall vendors is to establish architecture and an API standard. This would
. .
allow firewalls to become the security management console for enterprise, capable of integrating
. .
. . and controlling the security operations of multiple third party solutions. The most aggressive effort
. .
to date is from CheckPoint, whose OPSEC architecture supports major existing standards such as
. .
. .
IPSEC, LDAP, etc., and offers API support for multiple solutions such as access control, address
. .
translation, virus scanning, and activity monitoring
. .
. .
The most important implication of these firewall developments is that security solution providers
. .
. .
will need to interoperate with the APIs of dominant firewalls, or incorporate the latest firewall
. .
products into their systems.
. .
. .
. .
Security Market: Identification and Authentication Importance
. .
. .
. .
Identification and authentication measures are enterprises' first and most important line of defense.
. .
. . If a device is able to identify users reliably, and bind users to that device for the period of use, the
. .
task of providing overall authorization, privacy, integrity, and accountability protection is much
. .
. . easier.
. .
. .
Since client devices (PCs, NetPCs, laptops, PDAs) are now distributed further from physically
. .
secure environments, networked to increasingly critical enterprise resources, and carry crucial
. .
. .
information, local device security has become an important concern for companies of all sizes. As a
. .
result, superior device and local-level solutions will experience fast market development. Markets
. .
. .
for network-level, certificate-based solutions are developing more slowly due to lack of acceptance
. .
and emerging standards. Eventually, integrated local-level and certificate-based identification
. .
. .
systems will emerge to provide stalwart identification and authentication security across the
. .
Internet.
. .
. .
. .
Since individual laptops and corporate PCs are vulnerable to theft and unauthorized use, local
. .
identification controls are of immediate importance. Currently, most computer systems utilize only
. .
. .
basic passwords to identify users to PCs. Resourceful users easily defeat these measures; passwords
. .
can be overheard, electronically intercepted, guessed, and bypassed during the boot process.
. .
. .
If local identification measures are tied strongly to local access control, vulnerable laptops and PCs
. .
. .
are useless to criminals except for their hardware value. In addition, by reliably identifying users
. .
. . locally, it becomes easier for the network servers to authorize users to access a variety of
. .
information and application resources.
. .
. .
There is a much broader and more powerful variety of mechanisms available to identify users.
. .
. .
These mechanisms might serve as solutions, and can be categorized into three groups based on the
. .
following:
. .
. .
. .
What you know (passwords).
. .
. .
What you have (tokens, smartcards).
. .
. .
Who you are (fingerprint biometrics).
. .
. .
In addition, many solution implementations combine two solutions, commonly labeled two-factor
. .
. .
identification, to provide additional security. The technologies in each of these areas are mature
14
.