SF101 User Authentication - ITPro

Going back to the CIA Triad from SF101 Core Security Principles - ITPro, in order to make sure information is confidential, available, and has integrity, authentication is the core process to verify users. It is also the first step of the Authentication Authorization Accounting (AAA) framework.

User Authentication Definition

[i] User Authentication) - (definition:: A process that verifies a user attempting to access services and applications are who they claim to be) - (subject:: Cybersecurity

User Authentication Example

Typically, authentication is done by providing some form of credential, such as a username and password, passkey, biometrics, and more.

A general overview of this process and what it looks like is:

This can be broken down into three key steps:

Identification: The user provides their claimed identity in the form of a username or account name.
Authentication: The user provides proof of their identity in the form of a credential (biometric, password, code)
Authorization: Once the user's identity is verified, the system determines which resources and actions the user is permitted to access or perform.

In the above diagram, you can see that the authentication process requires support from a database. In general, there are two main models for implementing authentication, Centralized Authentication and Decentralized Authentication.

Centralized Authentication

Centralized Authentication Definition

[i] Centralized Authentication) - (definition:: User accounts and credentials on a network are stored and managed in a central database or directory.) - (subject:: Cybersecurity

Centralized Authentication Example

Users authenticate against this central authority from multiple devices or systems. A good example is Active Directory in a Windows environment.

Centralized authentication is more scalable and easier to manage compared to Decentralized Authentication.

Decentralized Authentication

Decentralized Authentication Definition

[i] Decentralized Authentication) - (definition:: Each system or device on a network maintains its own local user database and authentication mechanism.) - (subject:: Cybersecurity

Decentralized Authentication Example

Users must have accounts and credentials on each individual system they need to access. This would be like local user accounts on a standalone Windows computer.

Compared to Centralized Authentication, decentralized authentication is generally better in smaller standalone environments.

Authentication Factors

There are three main types of authentication factors:

Knowledge-based: Something that you know (username, password, PIN, security questions)
Possession-based: Something that you have (Security token, smart card, mobile device)
Inherence-based: Something you are (Biometrics like a fingerprint, facial recognition, iris scan)

If you use multiple of these factors, that is Multi-Factor Authentication (MFA). If you use two, that is Two-Factor Authentication (2FA). This provides a stronger layer of security than a single factor.

Authentication Protocols

There are a variety of protocols and standards. I'll touch on a couple now:

New Technology LAN Manager (NTLM): Default authentication mechanism in Windows
Kerberos: A centralized authentication protocol used in Windows domains
Remote Authentication Dial-In User Service (RADIUS): A client-server protocol for remote access authentication
Terminal Access Controller Access Control System Plus (TACACS+): A remote access authentication protocol
Extensible Authentication Protocol (EAP): Used extensively in wireless networks.