Authentication is the process of giving access to authorized users and denying access to unauthorized users for a particular resource on a server. This might involve the use of a document, password or bio metric details, the user needs to identify him or herself before they are given access. Authentication is a protocol under Logical Access Control Systems and the authentication controls can be embedded within operating systems, applications, add-on security packages, database and telecommunication management systems.
Types Of Authentication
The most frequently used type of authentication are;
- Single Factor Authentication
- Two Factor Authentication
- Multi-Factor Authentication
- Strong Authentication
Single Factor Authentication
This is the process of authorizing a user with only one out of the three categories of credentials. It is the weakest form of authentication which is used by most systems.
Two Factor Authentication
This is the process of authorizing a user or group of users with two layers of security, could be a password and a token or a pin and a one time password. This provides a high level of security which is needed by financial institutions and e-commerce systems.
Multi-Factor authentication is an extra layer of security included in the two-layer security to enhance the security of a transaction.
This is the use of several categories of authentication factors to confirm the identity of a user during a transaction.
- RADIUS (Remote Authentication Dial-In User Service)
- LDAP (Lightweight Directory Access Protocol)
- TACACS+ (Terminal Access C
ontrollerAccess Control System)
- Windows (For stateful NTLM authentication)
- Kerberos Authentication Protocol
- NT LAN Manager (NTLM) authentication protocol
- Secure Sockets Layer/Transport Security Layer (SSL/TLS)
- Digest authentication
Kerberos Authentication Protocol
Kerberos version 5 is the default authentication protocol for windows server 2003, the Kerberos is derived from Greek mythology (three-headed dog) because of its three components which are
- The Identity of network users.
- A server on which clients request services.
- A computer which both clients and server trust. Kerberos does not transmit passwords during the authentication process. This is typically a Windows Server 2003 domain controller on which the Key Distribution Center service is running.
The Kerberos Protocol is required when you need to;
- Accept a clients request for authentication.
- Verify the services the user is trying to request is valid.
NT LAN Manager Authentication
The NT Lan Manager Authentication Protocol is the main authentication type used to enable network authentication for versions of Windows earlier than Windows 2000 such as Windows NT 4. This protocol is used for authentication of all machines between Windows 2000 and Windows NT.
Secure Socket Layer/ Transport Layer Security (SSL/TLS)
Secure Socket Layer is a Windows 2003 server security protocol which utilizes public key technology to provide a secure channel for applications communication of a non-secure network such as the internet.
The SSL works on the OSI Layer and provide encryption/decryption for the following protocols;
The SSL protocol makes it possible to;
- Verify if the server a user is communicating is the actual server and not an intercept.
- Enables the server to verify the user’s identity.
- Ensures data confidentiality between the server and the
Digest Authentication is used to authenticate web applications running Internet Information Services. The Digest Access protocol employs challenge-response mechanisms for applications using HTTP or Simple Authentication Security Layers Communication (SASL).
Trivestgroup is a Nigerian Security Company specialized in Authentication servers and protocols suitable for all organizations. Contact trivestgroup on +234-802-230-6494 or forward a mail to email@example.com for your security risk assessment today.