Part of your network design for the U.S. Navy project will include a design of a plan that focuses on authentication issues. The overall design will be for a network that includes Windows server active directory and Unix servers. Discuss authentication methods that could be used in this environment. Do you think that biometrics could be useful for this situation?
Outline your ideas in a 3â€“5-paragraph posting. Study the postings of at least 2 other classmates, and respond to them with comments and questions. Ask for clarifications of their ideas if necessary.
Authentication not only is important for computer devices but as well as physical security. Authentication methods will be used in the U.S. Navy project and will be required, continuously run, and be prompt users throughout the entire time being logged onto a device and the network, also being required to enter the facilities. When you are not physically around your computer or device it will be locked to ensure non-authenticated and unauthorized users do not have access to the network through your device. Both authentication and authorization work hand in hand, thus making both to be required for the project. Authentication will occur before authorization but is equally important.
The only way to log onto the computer itself and access the building and its facilities would be having proper CAC (common access card) access. The principal of the CAC is to enable physical security and network security. In addition to having a personal identification number, also has two-factor authentication loaded with digital signatures and data encryption authentication. Once you get up from your workspace you would remove your CAC from the device and the only way to unlock the computer is to re-insert your credentials. Another user may log onto the same device as you are on, however they will not have access to any of your files as each CAC has a profile that acts as new login sessions so that work history from yourself does not reflect to their view.
Since users will be using a VPN within the Navyâ€™s project remote authentication will be utilized as well as the previous methods. Methods that will verify the users on VPNs include password authentication protocol (PAP) shiva PAP (SPAP), challenge handshake authentication protocol (CHAP), Microsoft CHAP (MS-CHAP), and extensible authentication protocol (EAP). Users also may be authenticated using a remote authentication dial-in user service (RADIUS) or the internet authentication service (IAS).
Biometrics can be another means of authentication within the project being implemented with PINs and CACs. Biometric methods include fingerprints, voice pattern samples, face recognition, or retinal scans all of which can be helpful but not the only authentication method implemented to access the network and verify your access. This method is highly accredited due to the unlikely-ness of another individual having the same iris patterns, finger prints, or even facial characteristics.
Shinder, D. (2015, July 31). Understanding and selecting authentication methods. Retrieved from https://www.techrepublic.com/article/understanding-and-selecting-authentication-methods/
The United States Navy has the ability to use both system UNIX and Windows on their servers. UNIX and Windows have two different authentication methods to verify itâ€™s users to determine access to whatever resources are needed.
Window server authentications for the active directory will use Domain controls, Kerberos protocol, LDAP, integration of DNS and a global policy for user authentication.
If you plan on using biometric authentication for windows this would be in my opinion a better option. Biometrics is a more valid authentication process because it will help to identify a user directly on their personal traits or attributes. It is usually implemented to help secure a system that is obligated to high consideration because it is necessary to secure sensitive information. Examples of this would be retina scans, fingerprints and palm prints. Some more complex systems will work on voice and facial recognition.
Biometrics aid in the prevention of unauthorized access due to it being more efficient and easier for a hacker or unauthorized user to crack a text oriented password, individual attributes cannot be duplicated which in turn make it almost virtually impossible to break. Using this provided an extremely high security system with multiple security measures, and this being the Navy, its imperative that security is of the upmost importance.
UNIX is the most secured system because of the strong command base. UNIX uses /etc/passwd, /etc/group, and /etc/shadow for user authentication. Using UNIX provides an extra layer of security and safeguarding of highly classified information. UNIX can also be biometric based. Some advantages of biometrics are that you no longer need to remember a password, no issues of having to carry a key such as token key, all characteristics are unique to that one specific individual.