Welcome to the Mechanics of User Identification and Authentication Companion Web Site. This system provides access to supplementary materials, network traffic captures, and conference presentations.
The full Table of Contents can be found here. Network captures are available here. Check the topology diagram for the lab configuration.
Our goal has been to provide the readers with a high quality product. Unfortunately, due to the large amount of undocumented information, as well as due to our human nature, we may have missed a few balls — so please check out the errata.
[2009-05-05] Security and Protection of Information 2009, Brno, Czech Republic — Security for Unified Communications
[2008-10-xx] RSA Security Conference Europe 2008, London ExCel — Unified Security for Unified Communications
[2007-10-xx] RSA Security Conference Europe 2007, London ExCel — User Identification and Authentication
Information Technologies are a vital tool for today's business: they provide access to information. Information is an asset and needs to be protected.
User authentication is an important part of an organisation's controlled access to resources; it is so important that if compromised, virtually all other protection mechanisms will be rendered useless. Yet very often there is lack of understanding of what user authentication is, what the goals of user authentication are, as well as what the potential approaches to designing and delivering secure user authentication solutions are. This book presents the philosophy of user identification and authentication and access control in general, and maps many of the popular user authentication technologies to the access control needs of today's organisations.
User Authentication is an essential part of information security. Users authenticate as they access their computer systems at work or at home every day. Yet there seems to be ignorance in regards to why and how they are actually being authenticated, what the security level of the authentication mechanism that they are using is, and what are the potential impacts of selecting one authentication mechanism or another.
There aren't many printed or online resources that discuss authentication technologies per se. The few out there concentrate on either authentication mechanisms provided by specific products or services, or on the theory behind user authentication with complete detachment from industry solutions.
Security Architects and Consultants, Enterprise Infrastructure Architects, Security Engineers, System and Application Developers, IT and Security Auditors, Risk Management Professionals, and University Students and Professors. The book is also valuable for professionals preparing for Microsoft MCSE, Cisco CCSP/CCIE Security, CompTIA Security+ or (ISC)² CISSP exams.