1st Edition
Mechanics of User Identification and Authentication Fundamentals of Identity Management
User identification and authentication are essential parts of information security. Users must authenticate as they access their computer systems at work or at home every day. Yet do users understand how and why they are actually being authenticated, the security level of the authentication mechanism that they are using, and the potential impacts of selecting one authentication mechanism or another?
Introducing key concepts, Mechanics of User Identification and Authentication: Fundamentals of Identity Management outlines the process of controlled access to resources through authentication, authorization, and accounting in an in-depth, yet accessible manner. It examines today's security landscape and the specific threats to user authentication. The book then outlines the process of controlled access to resources and discusses the types of user credentials that can be presented as proof of identity prior to accessing a computer system. It also contains an overview on cryptography that includes the essential approaches and terms required for understanding how user authentication works.
This book provides specific information on the user authentication process for both UNIX and Windows. Addressing more advanced applications and services, the author presents common security models such as GSSAPI and discusses authentication architecture. Each method is illustrated with a specific authentication scenario.
Security Landscape
Authentication, Authorization, and Accounting
Threats to User Identification and Authentication Rainbow Attacks
Authentication Credentials
Enterprise User Identification and Authentication Challenges
Authenticating Access to Services and the Infrastructure
Delegation and Impersonation
Cryptology, Cryptography, and Cryptanalysis
UNIX USER AUTHENTICATION ARCHITECTURE
Users and Groups
Simple User Credential Stores
Name Services Switch (NSS)
Pluggable Authentication Modules (PAM)
The UNIX Authentication Process
User Impersonation
Case Study: User Authentication Against LDAP
Case Study: Using Hesiod for User Authentication in Linux
WINDOWS USER AUTHENTICATION ARCHITECTURE
Security Principals
Stand-Alone Authentication
Windows Domain Authentication
Federated Trusts
Impersonation
AUTHENTICATING ACCESS TO SERVICES AND APPLICATIONS
Security Programming Interfaces
Authentication Protocols
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Telnet Authentication
HTTP Authentication
POP3/IMAP Authentication
SMTP Authentication
SSH Authentication
Sun RPC Authentication
SMB/CIFS Authentication
NFS Authentication
Microsoft Remote Procedure Calls
MS SQL Authentication
Oracle Database Server Authentication
Oracle Legacy Authentication Database
MS Exchange MAPI Authentication
SAML, WS-Security, and Federated Identity
AUTHENTICATING ACCESS TO THE INFRASTRUCTURE
User Authentication on Cisco Routers and Switches
Authenticating Remote Access to the Infrastructure
Port-Based Access Control
Authenticating Access to the Wireless Infrastructure
IPSec, IKE, and VPN Client Authentication
Centralized User Authentication
APPENDICES
References
Lab Configuration
Indices of Tables and Figures
Biography
Dobromir Todorov
"By the authors providing a 'hacker' perspective, readers will more fully understand the ramifications of having an insecure computer, server, network, program, database and or policy. … [T]here are important discussions of the non-technical kind [of insecurity] like policy, which is too often overlooked in many organizations. … What is most impressive about the book is its outlines of specific exploits and attacks with prescribed defenses. … Coupled with good illustrations and detailed explanations[,] this is a great resource…"
- E-Streams, Vol. 7, No. 9, September 2004
"This is a must-have book for those preparing for the CISSP exam and for any information security professional."
- Zentralblatt MATH 1054, May 2005