Chapter 14. Network-Based Authentication Systems
Any system that is designed to provide services over a network needs to have several fundamental capabilities:
A system for storing information on a network server
A mechanism for updating the stored information
A mechanism for distributing the information to other computers on the network
Early systems performed these functions and little else. In a friendly network environment, these are the only capabilities that are needed.
However, in an environment that is potentially hostile, or when an organization’s network is connected to an external network that is not under that organization’s control, security becomes a concern. To provide some degree of security for network services, the following additional capabilities are required:
- Server authentication
Clients need to have some way of verifying that the server they are communicating with is a valid server.
- Client authentication
Servers need to know that the clients are valid.
- User authentication
There needs to be a mechanism for verifying that the user sitting in front of a client workstation is, in fact, who the user claims to be.
- Data integrity
A system is required for verifying that the data received over the network has not been modified during its transmission.
- Data confidentiality
A system is required for protecting information sent over the network from eavesdropping. Users should have access only to information to which they are entitled.
- Transaction audit
There needs to be some way ...
Get Practical UNIX and Internet Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.