Authentication: From Passwords to Public Keys [Anglais] [Broché]

This is the first comprehensive guide to authentication: making sure your users are who they say they are. Leading security consultant Richard Smith reviews every option for authentication, from passwords to biometrics, and virtually every application scenario -- offering practical guidance on choosing the best option, implementing it, and managing it. Smith begins by introducing the authentication landscape, explaining how today's authentication options have evolved from yesterday's timesharing systems, and showing how to estimate the prevalence of successful attacks. He presents detailed coverage of passwords, password selection, and the human issues associated with password-based authentication. Other key topics include: authentication for laptops and workstations, encryption, cryptographic keys, PIN numbers, biometrics, tokens, Windows 2000's Kerberos implementation, public and private keys, SSL, certificates, and more. For all network and security professionals.

Computer access control is an ongoing challenge. Left to themselves, computers tend to treat one user no differently than another. Computers use authentication to confidently associate an identity with a person. Authentication: From Passwords to Public Keys gives readers a clear understanding of what an organization needs to reliably identify its users and how different techniques for verifying identity are executed.

Authentication is one of the basic building blocks of security. To allow a computer system to distinguish between legitimate users and others, most sites give passwords to authorized users. Unfortunately, just as car thieves have found ways to defeat sophisticated locks and alarms, computer hackers are always finding new ways to circumvent password systems. The good news is that organizations now have available to them a broad range of alternatives to passwords, and a variety of ways to make passwords safer. A well-designed authentication system allows users to prove their identities conveniently and gain access to the network without threatening the safety of the organization.

The first of its kind, Authentication describes the entire range of authentication methods used today. It examines situations in which certain techniques fail and points out ways to strengthen them. Network professionals, designers, developers, administrators, planners, and managers will find in these pages the authentication strategy to protect their valuable systems. Through diagrams and examples, the author thoroughly explains the technical concepts behind authentication, focusing on existing, off-the-shelf solutions to security problems.

Authentication highlights real products and solutions. If you are a network professional searching for the how and why of computer authentication, this is the book that will help you prevent unauthorized access on your network.