It is the process by which the user provides his claimed identity to the system and the credential needed to authenticate this identity and the system validate both information provided. If the information is correct then the user gain access as legitimate user otherwise he denied getting access.
What are the common vulnerabilities of I&A?
- Weak authentication method.
- The potential for users (like System Administrators) to bypass the authentication mechanism.
- Lack of confidentiality and integrity for the stored authentication information..
- Lack of encryption and protection of information transmitted over the network.
- User’s lack of the risks associated from sharing his authentication information.
Is I&A different?
- Meaning of each of them is different.
- Methods and techniques supporting them is different.
- Requirement in terms of secrecy and management of each one is different.
- The identity has attributes such as, name, validate date but the authentication doesn’t have attribute.
- The identity doesn’t normal change, while authentication tokens bound to secrecy must be regularly changed.
What is the type of I&A?
- Logon IDs and Passwords
- One Time Passwords, Token Devices
- Biometrics
- Palm
- Hand geometry
- Iris
- Retina
- Fingerprint
- Face
- Signature recognition
- Voice recognition
Reference: ISACA
No comments:
Post a Comment