Page 634 - StudyBook.pdf
P. 634

618    Chapter 11 • Operational and Organizational Security: Incident Response


                could access. It just goes to show that even when you think everything is
                being done right, human error can make your efforts pointless.

             Biometrics

             Passwords are one of the most effective methods of preventing unauthorized access
             to a system.A password can be a collection of letters, numbers, or special characters
             (or a combination of same) that verify the proper person is using an account.
             However, this is not the only method of validating that a person has the authority
             to access a computer, network, or location.
                 Biometric authentication uses the physical attributes of a person to determine
             whether access should be given.These include fingerprints, voice patterns, facial
             characteristics, and scans of the retinas or iris in the eye. Measurements of patterns
             and characteristics of what is scanned are compared to a previous scan that is stored
             in a database. If the comparison matches, authentication is given and the person has
             access to an area or system.
                 To understand how biometrics works, say you have been hired by a company
             and need access to a secure area.Your fingerprint is scanned and converted into a
             digital form, which is then stored in a database.This digital measurement is used as
             the basis for your access. Now, when you need to access the secure area, you put
             your finger on a scanner by the sealed door.The fingerprint is scanned, and again
             turned into a digital format. Points on the fingerprint are compared to those stored
             in the database. If these match, the door will open. If not, access is denied.



              EXAM WARNING

                  Remember that biometric authentication is based on physical character-
                  istics. While any number of factors can be used to authenticate an iden-
                  tity and authorize access, biometrics always uses biological
                  measurements (metrics) as the method of proving an identity. Biometrics
                  offers a greater level of security than many other types of authentica-
                  tion, but this does not mean it is foolproof. There are methods that can
                  be used to fool biometric authentication, so biometrics should not be
                  the only level of protection in an organization.












          www.syngress.com
   629   630   631   632   633   634   635   636   637   638   639