Jerry Chen’s Expanded Definition of Authentication

TO: Prof. Ellis
FROM: Jerry Chen
DATE: 3/26/2021
SUBJECT: Expanded Definition of Authentication

Introduction

As we all know, we are human and unique, and all of us have our own way to understand and learn, as well as the way we definite something new to us. Somehow, the different ways of how we definite something new usually end up having various types of meaning. The purpose of this document is to explore the definition of the term that I chose and make it easier for others to understand regardless of the ways that we learn differently. The term that I am defining for a better understanding is “authentication”. As to further explore the definition of the term “authentication”, I am going to discuss the general definitions from my research sources follow by the context that the item being used in. I am also provided the working definition of the term and how it related to the network security field.

Definitions

According to the author (Ince, 2014), “The process of convincing a network that a person is who he or she claims to be. This follows the process of identification. Devices that are used for authentication include passwords, personal identification numbers, smart cards, and biometric identification systems.” This definition generally shows that authentication is a process to identify the identity before allowing admission to access to something, which the secret word or code needs to be correctly matched with the one that set up by the owner previously, otherwise will get declined by the authentication process.

To have a better understanding of the term “authentication”, the following definition also provided a better sense of what authentication is. According to the authors (Butterfield et al., 2016), “A process by which subjects, normal users, establish their identity to a system. This may be effected by the use of a password or possession of a physical device, e.g. a coded token. In reverse authentication, the object is required to authenticate to the subject, e.g. to establish user confidence regarding the object, before sensitive information is entered into a system.” This definition illustrates that authentication is the process by which the users have to provide the exact credentials they set up previously before they can gain access to their information. The purpose of setting up the credentials is to protect unauthorized access to their information in which needs authentication method get involve to makes it fully effective.

In the book “What is authentication?” by Rosencrance (2018). “Authentication is the process of determining whether someone or something is, in fact, who or what it declares itself to be. Authentication technology provides access control for systems by checking to see if a user’s credentials match the credentials in a database of authorized users or in a data authentication server.” This definition also defines as authentication is the process to identify the identity by asking the users to enter the secure secret word or codes that they set up beforehand. All of these definitions are way similar as they are all defined as authentication is the process to identify the identity by obtaining the right credentials and acknowledged the request if the credentials are matched with the information stored in the cloud or database.

Context

Authentication is widely used in the network security field as it can control who can have access to the credential information within the company in which sort by the role assigned by the one who has that authority. According to the article “Implementation of an Advanced authentication method within Microsoft Active DIRECTORY network services” (Kadlec et al., 2010), “Authentication is the process by which end users identify themselves to a network and customized access capabilities are given based on the role they serve in the organization.” This quote describes the term authentication as best used in the network field. Every organization has its own policy and ranking. Every ranking has its own authority to access certain levels of credential information of the company, where authentication is used in place to identify the accessibility of the employees.

There is another source of reference found to aid in providing more details of the term used in the field. According to Grimes (2019), “The primary reason for authentication is to confirm a subject’s ability to access protected resources (e.g., security domains, files, folders, sites, services). The process determines whether the subject is who they say they are and whether they can prove it.” This quote provided more details to support the previous quote, which proved that the use of authentication in the field is to identify the accessibility of each person who claims to have access to something.

Working Definition

As I am majoring in Computer System and track in networking security, the term authentication is like nothing new to me. I am familiar with this term because it plays a huge role in the networking field. Based on the discussion of the definitions and context of the term used listed above, we can conclude that the main definition of the term authentication is the process to validate the identity. Network administrators always use the authentication method to ensure the safety of the software or systems by validating the users who try to login in by the credentials they enter. Authentication can also definite as simply as the way we unlock our phones, we must enter the right passwords before it allows us to have access to our phones.

References

Ince, D. (2019). A Dictionary of the Internet (4th ed.). Oxford University Press.

Butterfield, A., Ngondi, G. E., & Kerr, A. (2016). A Dictionary of Computer Science (7 ed.). Oxford University Press. https://doi.org/10.1093/acref/9780199688975.001.0001

Rosencrance, L. (2018, May 29). What is authentication? Retrieved March 05, 2021, from https://searchsecurity.techtarget.com/definition/authentication

Kadlec, J., Jaros, D., & Kuchta, R. (2010). Implementation of an Advanced authentication method within Microsoft Active DIRECTORY network services. 2010 6th International Conference on Wireless and Mobile Communications. http://doi:10.1109/icwmc.2010.48

Grimes, R. A. (2020). Hacking Multifactor Authentication. John Wiley & Sons, Incorporated.

Summary of Kandan et al.’s “Network attacks and prevention techniques – A study”

TO: Prof. Ellis

FROM: Jerry Chen

DATE: 3/3/2021

SUBJECT: 500-Word Summary of Article About Network Attacks and Preventions

The following is a 500-word summary of a peer-reviewed article about the type of attack and its prevention in nowadays’ s network. The authors discuss the types of network attacks that currently exist as most of the people or small businesses still didn’t aware of the importance of configuring their network gears, which open their doors to welcoming the attacks. According to the authors, “Any data passes over large number of workstations and routers which sometimes very weak due to organizational structures and their policies which may lead to damages and attacks” (Kandan et al., 2019, p. 2). For network security, there are two types of network securities, such as hardware security and software security. Hardware security is like the defensive system, which is often used in corporations and software security is application-based, which is only for the individual or small firm used. As mentioned by the authors, “if the system is not implemented the proper security methods and control over their network, then there is a way for attacks from internal or external using these techniques” (Kandan et al., 2019, p. 2).  There are some major types of attacks that attackers used most frequently nowadays, such as browser attacks, man-in-the-middle attacks (MITM), and botnets.

Browser attack is the most frequent web browser base type of attack that the attacker uses to hack into the system by adding malware to the browser. Man in the middle attack (MITM) is another attack that the attacker uses to interrupts the confidential data during the transmission process of two victims and access to the data without the awareness of victims. The botnet is a different type of attack, which is the formation of robot and network, and it is one of the main attacks that attacker uses to gather unauthorize confidential data from the users.

The problems always come with solutions, as well as the attack techniques. According to the authors (Kandan et al., 2019, p. 4), there are some preventions which born to prevent users from getting those attacks, such as the prevention of man in the middle (MITM), HTTPS, and the prevention of botnet. To prevent getting MITM attack, the two endpoints should use the higher secure network when communicating and encrypted the transmission by using any encrypt protocol (Radhakishan et al., 2011). HTTPS is the prevention which is uses to protect users from getting browser attacks by providing a higher secure network over the browser by issuing the certificates to only the participating entities and verified at each party before the transmission. Moreover, to prevent getting botnet kind of attack, the user should make sure the intrusion system is up to date and specifically configure the ports or shut down the ports that not currently in use.

As network security constantly changing every day, attackers are always using their tech knowledge to explore new types of attacks to fulfill their purposes. People or small businesses should always configure their network gears and install security software to monitoring the attacks to decrease the chance of being attack.

Reference

Kandan, A. M., Kathrine, G. J. W., & Melvin, A. R. (2019). Network attacks and prevention techniques – A study. IEEE International Conference on Electronics, Communication and Computing Technologies (ICECCT), pp. 2,4. https://doi.org/ 10.1109/ICECCT.2019.8869077

Radhakishan, V., & Selvakumar, S. (2011). Prevention of man-in-the-middle attacks using id-based signatures. Second International Conference on Networking and Distributed Computing. https://doi.org/ 10.1109/icndc.2011.40