1st Edition

Mechanics of User Identification and Authentication Fundamentals of Identity Management

By Dobromir Todorov Copyright 2007
    754 Pages 164 B/W Illustrations
    by Auerbach Publications

    User identification and authentication are essential parts of information security. Users must authenticate as they access their computer systems at work or at home every day. Yet do users understand how and why they are actually being authenticated, the security level of the authentication mechanism that they are using, and the potential impacts of selecting one authentication mechanism or another?

    Introducing key concepts, Mechanics of User Identification and Authentication: Fundamentals of Identity Management outlines the process of controlled access to resources through authentication, authorization, and accounting in an in-depth, yet accessible manner. It examines today's security landscape and the specific threats to user authentication. The book then outlines the process of controlled access to resources and discusses the types of user credentials that can be presented as proof of identity prior to accessing a computer system. It also contains an overview on cryptography that includes the essential approaches and terms required for understanding how user authentication works.

    This book provides specific information on the user authentication process for both UNIX and Windows. Addressing more advanced applications and services, the author presents common security models such as GSSAPI and discusses authentication architecture. Each method is illustrated with a specific authentication scenario.

    USER IDENTIFICATION AND AUTHENTICATION CONCEPTS
    Security Landscape
    Authentication, Authorization, and Accounting
    Threats to User Identification and Authentication Rainbow Attacks
    Authentication Credentials
    Enterprise User Identification and Authentication Challenges
    Authenticating Access to Services and the Infrastructure
    Delegation and Impersonation
    Cryptology, Cryptography, and Cryptanalysis

    UNIX USER AUTHENTICATION ARCHITECTURE
    Users and Groups
    Simple User Credential Stores
    Name Services Switch (NSS)
    Pluggable Authentication Modules (PAM)
    The UNIX Authentication Process
    User Impersonation
    Case Study: User Authentication Against LDAP
    Case Study: Using Hesiod for User Authentication in Linux

    WINDOWS USER AUTHENTICATION ARCHITECTURE
    Security Principals
    Stand-Alone Authentication
    Windows Domain Authentication
    Federated Trusts
    Impersonation

    AUTHENTICATING ACCESS TO SERVICES AND APPLICATIONS
    Security Programming Interfaces
    Authentication Protocols
    Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
    Telnet Authentication
    HTTP Authentication
    POP3/IMAP Authentication
    SMTP Authentication
    SSH Authentication
    Sun RPC Authentication
    SMB/CIFS Authentication
    NFS Authentication
    Microsoft Remote Procedure Calls
    MS SQL Authentication
    Oracle Database Server Authentication
    Oracle Legacy Authentication Database
    MS Exchange MAPI Authentication
    SAML, WS-Security, and Federated Identity

    AUTHENTICATING ACCESS TO THE INFRASTRUCTURE
    User Authentication on Cisco Routers and Switches
    Authenticating Remote Access to the Infrastructure
    Port-Based Access Control
    Authenticating Access to the Wireless Infrastructure
    IPSec, IKE, and VPN Client Authentication
    Centralized User Authentication

    APPENDICES
    References
    Lab Configuration
    Indices of Tables and Figures

    Biography

    Dobromir Todorov

    "By the authors providing a 'hacker' perspective, readers will more fully understand the ramifications of having an insecure computer, server, network, program, database and or policy. … [T]here are important discussions of the non-technical kind [of insecurity] like policy, which is too often overlooked in many organizations. … What is most impressive about the book is its outlines of specific exploits and attacks with prescribed defenses. … Coupled with good illustrations and detailed explanations[,] this is a great resource…"
    - E-Streams, Vol. 7, No. 9, September 2004
    "This is a must-have book for those preparing for the CISSP exam and for any information security professional."
    - Zentralblatt MATH 1054, May 2005