EUR 46,09
  • Tous les prix incluent la TVA.
Il ne reste plus que 2 exemplaire(s) en stock (d'autres exemplaires sont en cours d'acheminement).
Expédié et vendu par Amazon.
Emballage cadeau disponible.
Quantité :1
Authentication: From Pass... a été ajouté à votre Panier
Vous l'avez déjà ?
Repliez vers l'arrière Repliez vers l'avant
Ecoutez Lecture en cours... Interrompu   Vous écoutez un extrait de l'édition audio Audible
En savoir plus
Voir cette image

Authentication: From Passwords to Public Keys (Anglais) Broché – 1 octobre 2001

Voir les formats et éditions Masquer les autres formats et éditions
Prix Amazon Neuf à partir de Occasion à partir de
"Veuillez réessayer"
EUR 46,09
EUR 39,75 EUR 15,26

Offres spéciales et liens associés

Descriptions du produit

Présentation de l'éditeur

This is the first comprehensive guide to authentication: making sure your users are who they say they are. Leading security consultant Richard Smith reviews every option for authentication, from passwords to biometrics, and virtually every application scenario -- offering practical guidance on choosing the best option, implementing it, and managing it. Smith begins by introducing the authentication landscape, explaining how today's authentication options have evolved from yesterday's timesharing systems, and showing how to estimate the prevalence of successful attacks. He presents detailed coverage of passwords, password selection, and the human issues associated with password-based authentication. Other key topics include: authentication for laptops and workstations, encryption, cryptographic keys, PIN numbers, biometrics, tokens, Windows 2000's Kerberos implementation, public and private keys, SSL, certificates, and more. For all network and security professionals.

Quatrième de couverture

Computer access control is an ongoing challenge. Left to themselves, computers tend to treat one user no differently than another. Computers use authentication to confidently associate an identity with a person. Authentication: From Passwords to Public Keys gives readers a clear understanding of what an organization needs to reliably identify its users and how different techniques for verifying identity are executed.

Authentication is one of the basic building blocks of security. To allow a computer system to distinguish between legitimate users and others, most sites give passwords to authorized users. Unfortunately, just as car thieves have found ways to defeat sophisticated locks and alarms, computer hackers are always finding new ways to circumvent password systems. The good news is that organizations now have available to them a broad range of alternatives to passwords, and a variety of ways to make passwords safer. A well-designed authentication system allows users to prove their identities conveniently and gain access to the network without threatening the safety of the organization.

The first of its kind, Authentication describes the entire range of authentication methods used today. It examines situations in which certain techniques fail and points out ways to strengthen them. Network professionals, designers, developers, administrators, planners, and managers will find in these pages the authentication strategy to protect their valuable systems. Through diagrams and examples, the author thoroughly explains the technical concepts behind authentication, focusing on existing, off-the-shelf solutions to security problems.

Authentication highlights real products and solutions. If you are a network professional searching for the how and why of computer authentication, this is the book that will help you prevent unauthorized access on your network.


Détails sur le produit

En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles

Commentaires client les plus utiles sur (beta) 7 commentaires
14 internautes sur 16 ont trouvé ce commentaire utile 
Really Enjoyed Reading It! 30 novembre 2001
Par Hugh K. Boyd - Publié sur
Format: Broché
There is no other way to put it -- this is an excellent book. Not only does Mr. Smith give us a detailed analysis of the major authentication protocols that are used in today's IT environment, but he also points out the relative strengths and weaknesses for each protocol. This is really important stuff to know -- all too often the marketing hype for systems such as PKI, biometrics, Kerberos, strong passwords, etc would lead one to believe that each of these solutions offers a bullet-proof approach to authentication security. It isn't to say that any of the protocols covered in this book are inadequate, but it is important to understand how each of them can be subverted so that one can intelligently weigh the risks of compromise before implementing a specific protocol.
Add to that that this is a really enjoyable book to read -- that makes it worth the purchase price and the time to read it.
9 internautes sur 11 ont trouvé ce commentaire utile 
An exciting book on authentication, of all things? It is! 8 août 2002
Par Dr Anton Chuvakin - Publié sur
Format: Broché
An exciting book on authentication, of all things? Is such a thing even possible? Yes, Richard E. Smith proves it by publishing Authentication - a comprehensive guide to all things that authenticate or are authenticated. The book will educate you on more aspects of authentication than you ever wanted to know, but most likely you will enjoy it. As a security professional, I found the author's writing style to be excellent and even entertaining, a clear sign of writing by a true expert on the subject.
Every obscure form of authentication protocol (have you heard of X9.17 lately?) finds its place in a book. Passwords, tokens, biometrics, various authentication protocols are all described and analyzed in great detail, in plain English and with multiple diagrams. Another valuable feature is that for every authentication protocol, the relevant attacks and defenses are outlined in every chapter summary. The attacks which are not covered by existing defenses ("residual attacks") are emphasized at the end as something to watch for. For example, a 'trojan horse' attack to steal authentication credentials is one of them - apparently there is no 100 percent reliable way to stop it.
A chapter on passwords contains several creative ideas to make this ubiquitous form of authentication more effective, simultaneously more secure and more usable. It also answers some interesting password questions. When does it make no sense to enforce a complex non-dictionary password? How random is a random password from a dictionary? Why is a bank PIN of four digits secure enough for the job? When it is better to write a password down? Read the book and you will discover the answers! The book also explains public key crypto systems and their use for authentication (such as PKI).
People issues of security also receive well-deserved coverage in a separate chapter. Various kinds of secrets used for people as passwords are outlined. An interesting discussion on choosing an initial password when providing system access reveals important aspects of this process that few people think about.
For more technically inclined readers, straightforward analysis of complexities of Windows authentication (LANMAN, NTLM, Kerberos) and attacks against it is provided in a "Challenge Response Passwords" chapter. Computer scientists will find some insights on authentication algorithm design patterns. For less technical readers, understanding authentication based on Ali Baba and a cave of treasures will help to sort through the authentication system requirements and peculiarities. Overall, the book (while being targeted at security professionals) contains something for almost everyone interested in how computers tell that whoever is sitting at the console is who she says she is.
Anton Chuvakin, Ph.D. is a senior security analyst with a major security company.
5 internautes sur 6 ont trouvé ce commentaire utile 
Masterful writing and in-depth treatment of the subject 16 avril 2002
Par Mike Tarrani - Publié sur
Format: Broché
I'm in complete agreement with the previous reviewers that this book is easy to read and that it clearly explains complex material.
What I like is the way the author integrates theory, application and the human side of authentication. For example, he makes excellent use of tables to distill and display information, such as summary tables for attacks and defenses that are cross-referenced to each other. This is particularly useful to anyone who is developing security profiles, and the thorough and meticulous way that the author summarizes the information reduces the attack-defense pairings to the essentials.
His clear explanations of authentication methods and their underlying technologies, as well as how they evolved, are among the clearest in print. More importantly, he goes beyond explaining the mathematics behind the protocols by also showing how assumptions can lead to exposures. An example is the 4-digit lock, which has 10,000 possible combinations. At first glance it would seem that you have a 1-in-10000 chance of guessing the combination. However, he goes on to explain that a study showed 50% of people chose a calendar date for the combination, then leads you through the math of showing why you have approximately 1-in-512 chance of breaking the combination on the first try. He uses similar techniques throughout the book, which makes you think in real-world terms. It's his treatment of the people side of the authentication techniques that add to the real-world approach.
I also thought that the chapter on picking PINs and passwords was exceptional. I've written password management policies and procedures for a number of clients in recent years and thought I was an expert. After reading this 37-page chapter I discovered what I didn't know - and it was a lot!
Each chapter is filled with facts that you may have or have not considered, and each is filled with common sense, backed up with the math or technical underpinnings. Moreover, the book complete covers authentication and will get anyone quickly up-to-speed on the basics and many of the finer points. This book is especially important as a resource to anyone who is involved in health care because the material is directly applicable to requirements set forth in HIPAA. It is also essential reading for anyone who develops or manages security in a web- or e-commerce environment because of the dependencies upon the technologies and methods that are discussed in this book. IT security specialists will also find this book to be an invaluable resource, especially the parts that cover password management, social engineering and practical applications of authentication.
1 internautes sur 1 ont trouvé ce commentaire utile 
An Easy to Read and Informative Look at Authentication 12 octobre 2001
Par Timothy Leehealey - Publié sur
Format: Broché
Prior to reading this book it appeared to me as though there was an endless supply of Authentication methods, none of which I could distinguish between in any practical sense. I have talked with vendors of biometric solutions, token solutions, software certificate solutions, and full blown PKI solutions and each one will tell you how there solutions is more secure, scalable, and cost effective then all other methods and until now I have been unable to find an objective and informative source of information as to the strengths and weakness of each product. After reading Richard Smiths "Authentication: From Passwords to Public Keys" I now feel like I have enough information to return to the vendors of these product and distinguish fact from fiction.
In addition to empowering me, believe it or not the book was actually fun to read. I do not have an overly technical background but the book was never over my head. There was enough detail to challenge and expand my current level of understanding but not so much that it bogged me down in technical jargon. Interesting stories littered throughout the book put the technologies in historical perspective and give the reader a better understanding of the evolution of Authentication while at the same time driving the book forward, which ultimately makes it a fairly quick read.
All in all I have to say I was extremely impressed with the way Richard Smith has tackled this subject and would encourage people interested in security or authentication to read "Authentication: From Passwords to Public Keys."
3 internautes sur 5 ont trouvé ce commentaire utile 
Everything you need to know about authentication 17 décembre 2001
Par Ben Rothke - Publié sur
Format: Broché
Authentication is one of the 4 pillars of information security(authorization, confidentiality and integrity being the other three); but very little has directly been written directly on the topic outside of the academic community; until this book.
Authentication: From Passwords to Public Keys is an excellent work that covers all of the direct areas of authentication. Authentication is a huge challenge in that most users would prefer to have their passwords short and easy to remember, which is exactly what a password should not be.
Even if there were a lot of other books available on the subject, Authentication: From Passwords to Public Keys still would be required reading.
Ces commentaires ont-ils été utiles ? Dites-le-nous


Souhaitez-vous compléter ou améliorer les informations sur ce produit ? Ou faire modifier les images?