Technology

Computer/network security hinges on two very simple goals:

1. Keeping unauthorized persons from gaining access to resources
2. Ensuring that authorized persons can access the resources they need

Authentication and Security:

Authentication is an absolutely essential element of a typical security model. It is the process of confirming the identification of a user (or in some cases, a machine) that is trying to log on or access resources. There are a number of different authentication mechanisms, but all serve this same purpose.

Authentication vs. authorization:

It is easy to confuse authentication with another element of the security plan: authorization. While authentication verifies the user’s identity, authorization verifies that the user in question has the correct permissions and rights to access the requested resource. As you can see, the two work together. Authentication occurs first, then authorization.

Logon authentication:

Most network operating systems require that a user be authenticated in order to log onto the network. This can be done by entering a password, inserting a smart card and entering the associated PIN, providing a fingerprint, voice pattern sample, or retinal scan, or using some other means to prove to the system that you are who you claim to be.

Network access authentication:

Network access authentication verifies the user’s identity to each network service that the user attempts to access. It differs in that this authentication process is, in most cases, transparent to the user once he or she has logged on. Otherwise, the user would have to reenter the password or provide other credentials every time he or she wanted to access another network service or resource.

IPSec authentication:

IP Security (IPSec) provides a means for users to encrypt and/or sign messages that are sent across the network to guarantee confidentiality, integrity, and authenticity. IPSec transmissions can use a variety of authentication methods, including the Kerberos protocol, public key certificates issued by a trusted certificate authority (CA), or a simple pre-shared secret key (a string of characters known to both the sender and the recipient).