David Hill

Network Computing Blogger


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

WWPass: Only The Just May Pass the Authentication Test

Security has many facets, but the one that is most familiar is the username/password authentication process that allows users to login to a protected application or Website. For some, that may simply seem to be an inconvenience, but the authentication process helps reduce possible security exposures.

However, WWPass has introduced a solution that can make authentication a little easier by getting closer to a single sign-on, where a user does not have to remember many user IDs and passwords. More importantly, it lessens the risk of security exposure with its attendant negative consequences.

The WWPass authentication process is straightforward: When accessing a Web site that normally requires a username/password combination for authentication, the visitor uses a WWPass PassKey, which in a hardware instantiation may take different form factors, such as a USB-enabled dongle or a smartcard, as the credential that identifies him or her to the Web server. Note that the Website has to have software that makes it WWPass-enabled.

Behind the scenes, however, a sophisticated authentication management process takes place. A multi-lateral authentication process takes place among the authentication-managing application on the Web server and WWPass data storage, which has the necessary application-specific information, but does not store user identities or associate users with their applications (a security precaution that is a must) and the user. Hence, WWPass acts as the intermediary between both the Web server and the user. The Web server may also require a password, but while the user supplies a password common to all applications and data to WWPass, WWPass intercedes with the Web server to provide an application-specific password or other more application-relevant credential (e.g. – an account number of software license expiration date).

WWPass’ business model derives its revenues from application or data providers that use the company’s authentication solution. The service provider is charged according to the number of authentications with WWPass technology. End users do not pay (unless the service provider passes along the charges), and a service provider may very well provide a PassKey for free. Note that one PassKey is all that is needed for multiple applications. Think of the WWPass PassKey as user authentication for the masses across an almost limitless number of applications, whereas RSA SecureID is focused on user authentication for enterprise applications.

Three factors for authentication currently exist: 1) something that a user knows, such as a password or PIN number, 2) something that a user possesses, such as a smartcard, ATM card or password token, and 3) something a user is, which is typically based upon biometrics, such as a retinal scan or a fingerprint. A multi-factor authentication approach is recommended, but, practically speaking, two factors — something that a user knows and something that a user has — are likely to be the two that most companies utilize. Although a biometric approach (such as a fingerprint scanner) can be useful if multiple people access the same biometric device (such as entry to a data center or laboratory), that approach has, so far at least, not received a lot of traction among individuals. Note that a combination of username/password is still considered one factor.

The security gurus and powers-that-be have decreed multi-factor to be essential to maximize data privacy and security. A simple illustration might suffice. Would you want to be able to access money at an ATM using only your card (which might be stolen) or by entering your PIN alone (perhaps with account number or other information)? The answer should be a resounding, “No!” Having both factors is critical. Even while nothing is perfect — cards and PIN numbers have obviously been stolen — a two-factor authentication is still far more secure than just one factor. If lost or stolen, that fact can be reported, the old credential deactivated, and a new credential put in place.


Page:  1 | 2  | Next Page »


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers