Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.2  Authentication

Previous Topic/Section
1.2.7  Mutual Authentication
Previous Page
Pages in Current Topic/Section
1
Next Page
1.3  Non-Essential Services and Protocols
Next Topic/Section

1.2.8  Biometrics

Biometrics provides authentication based on something you are (physiological) or something you do (behavioral), not something you know, such as a password.

Currently the most popular biometric mechanism involves software that measures how long you hold a key on a keyboard and the speed at which you type. This keystroke-analysis software would be an example of a behavioral biometric device, which works because your typing style is almost as unique as a fingerprint. It is popular because it is non-intrusive (as opposed to “hold still while the laser scans your eyes”) and also the least expensive option. Other behavioral biometric options include voice recognition and signature scanning. See also section 5.1.1.2 for more information on biometrics.

Physiological biometric options include fingerprint scanning, iris or retinal scanning of the eye and, as visitors to some Disney theme parks have experienced first-hand, various types of hand-scanning. APC has brought the fingerprint scanner to sub-$50 USD levels59.

Different biometric identification mechanisms are appropriate for different situations – when authenticating employees, citizens, and customers – and not all may be perceived as acceptable in all situations (do your customers really want to be authenticated at your site with their fingerprints?)

Biometrics

Biometrics provides authentication based on something you are (physiological) or something you do (behavioral), rather than something you know, like a password. An example biometric technique would be fingerprint scanning.


For more information about biometrics, at a management overview level, including discussions of privacy and the uses of biometrics in various vertical markets, see the book Biometrics60 by Nanavati et al.

To Encrypt or Not To Encrypt? That is the Question

What types of authentication are in use on your network? Don’t forget to look into the types of dial-up networking (PPP) and web application authentication used. Why are those important? They may not encrypt passwords as strongly as your network logon, or not encrypt them at all. Experience says users like to re-use the same password in multiple places. What if you’ve taken care to make sure your network logon does not involve transmitting a password across the network … but an in-house web application frequently does exactly that, and some hackers will use the same password for your network and that web application?



 __________________

59. http://www.apc.com/products/family/index.cfm?id=246

60. Nanavati, Samir, Michael Thieme, Raj Nanavati, Biometrics, John Wiley, October 2002. http://www.nerdbooks.com/item.html?id=0471099457

Previous Topic/Section
1.2.7  Mutual Authentication
Previous Page
Pages in Current Topic/Section
1
Next Page
1.3  Non-Essential Services and Protocols
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.