Security with bite: 15 technologies tested

Summary:In this special review, we round up the various authentication devices on the market. From fingerprint scanners, to single sign-on software and biometric technology -- we have the authentication market covered.



In this special review, we round up the various authentication devices on the market. From fingerprint scanners, to single sign-on software and biometric technology -- we have the authentication market covered.


Contents
Authentication vs authorisation
Passwords and token devices
Single sign-on
Smartcards/Proximity Cards
Smartcards (cont.)
Biometrics
Biometrics (cont.)
Digital Certificates/Signatures
Notebook with fingerprint scanner
Vendors
About RMIT

Picture this if you will, some genius bent on taking over the world creates a malicious self-replicating stealth worm that has the power to infect every known PC in the universe via any network medium. Its sole aim is to install itself and remain resident while remaining on the lookout for key bytes of data that, when triggered, capture and send the information back to a series of well hidden previously compromised servers waiting there for the nefarious creator of this super worm to come along and collect the data to misuse in whatever way they see fit.

Organised crime syndicates would love to get their hands on some smart programmer who could make this dream a reality and capture all that juicy data. And what information would they steal -- credit card information? Bank account details and passwords? Username and password lists for multinational organisations? Potentially yes, but all that is really passé these days and the syndicates have moved on.

These days it is all about personal information, most of which is already publicly available on the Internet or in our garbage bins for those who are happy to search enough for it. If someone with malicious intentions can make enough of a personal profile about someone then they have effectively stolen that person's identity, commonly known as identity theft, which when used by unauthorised individuals becomes identity fraud.

Identity theft is nothing new, in fact it has been going on for years. Traditionally, not even associated with electronic crime it was used by people avoiding the law and tax, and claiming benefits they may not necessarily be entitled too. There are fraud taskforces setup by the Federal Police and ATO who investigate identity fraud full time. It is just that now with technology as an enabler it is easier, faster and able to be performed on a much larger and more anonymous scale.

And to complicate matters even more, in the ICT arena, it is not only humans that have an identity but pretty much any object on your network. Therefore there are a whole lot more identities to manage and decide who or which can or can't be authorised access to resources. This is commonly called IAM (identity and access management). The basic premise which must be understood is that authentication is actually quite different from authorisation.

Topics: Security, Hardware, Health, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.