Page 44 - StudyBook.pdf
P. 44

28     Chapter 1 • General Security Concepts: Access Control, Authentication, and Auditing

             need to obtain another certificate for use on a second system.Additional complexi-
             ties such as lost certificates and the use of shared systems would also apply.
                 With these complexities, mutual authentication is not implemented as fre-
             quently as it probably should be to ensure secure communications. Many security
             implementations such as IPsec or 802.1x as well as others provide the option of
             using mutual authentication, but it is up to the entities implementing the security
             to choose whether or not they will use that option.

             Biometrics

             Biometric devices can provide a higher level of authentication than, for example, a
             username/password combination. However, although they tend to be relatively
             secure, they are not impervious to attack. For instance, in the case of fingerprint
             usage for biometric identification, the device must be able to interpret the actual
             presence of the print. Early devices that employed optical scans of fingerprints were
             fooled by fogging of the device lenses, which provided a raised impression of the
             previous user’s print as it highlighted the oils left by a human finger. Some devices
             are also subject to silicon impressions or fingerprinting powders that raise the
             image. Current devices may require a temperature or pulse sense as well as the fin-
             gerprint to verify the presence of the user, or another sensor that is used in con-
             junction with the print scanner, such as a scale. Biometrics used in conjunction
             with Smart Cards or other authentication methods lead to the highest level of
             security.



              TEST DAY TIP
                  Remember that the Security+ exam is designed to test you on your
                  knowledge of basic security concepts and expects that you have some
                  experience in the IT security field. Before taking the exam, it may help
                  to take some time and think about the various security-related proce-
                  dures, software, and hardware that you have seen or used in the past.
                  Consider things such as your authentication to your e-mail system and
                  think of the access control methods used by the system. Putting the con-
                  cepts we discuss into real-world scenarios that you have experienced will
                  help cement them in your mind and increase your understanding of the
                  concepts.









          www.syngress.com
   39   40   41   42   43   44   45   46   47   48   49