Page 236 - DCAP311_DCAP607_WIRELESS_NETWORKS
P. 236

Wireless Networks




                    Notes          Finally, the view of authentication architecture that is presented here falls on the more
                                   comprehensive and complex side of the various design approaches. It certainly is not required
                                   for all organizations to implement all of the identified capabilities, but can serve as a reference
                                   to each implementation project to support evaluation of required capabilities, and assess how
                                   they should be implemented—although some complex enterprise environments might require
                                   this level of meticulous planning and design in order to deliver an effective identity-assurance
                                   infrastructure and proficiently safeguard important data.
                                                 Figure 14.5: Strong user Authentication Architecture Components
























                                   Source: http://msdn.microsoft.com/en-us/library/cc838351.aspx#_Architectural_Perspectives
                                   However, regardless of how simple or complex each implementation might be, it is necessary
                                   that security policies and authentication systems be applied homogeneously to all user-contact
                                   surfaces.
                                       !

                                     Caution An inconsistent implementation across the entire operational architecture could
                                     expose  certain  loopholes  for  attackers  to  exploit;  and,  sometimes,  these  can  include
                                     nontechnical areas, such as administrative processes, instructions for call-center customer
                                     service reps, and so on.

                                   14.1.6 Emerging Megatrends Developments in the Online User-
                                   Authentication Space

                                   Several  emerging  megatrends  also  influence  developments  in  the  online  user-authentication
                                   space. Let's discuss both their impacts and how they are related to strong user-authentication
                                   concerns.
                                   1.   Cloud Computing: From a user-authentication perspective, moving data into the cloud and
                                       integrating cloud-based services should be implemented with the same level of overall
                                       effective authentication strength as the enterprise perspective of authentication architecture.
                                       However, organizations have significantly less control over the authentication strengths
                                       of the interdependent cloud-based services of their counterparts/partners. For example,
                                       whether via identity federation or delegation, the overall security posture of the resulting
                                       interconnected architecture can be compromised if the integrated services themselves have
                                       comparatively lower-strength authentication systems in place.

                                       The  same  is  true  for  SaaS  (software-as-a-service)  providers,  as  extra  attention  must  be
                                       focused on ensuring appropriate  levels of authentications  strengths  for different user



          230                              LOVELY PROFESSIONAL UNIVERSITY
   231   232   233   234   235   236   237   238   239   240   241