Information Technology Reference
In-Depth Information
information, either of a logical (network locale) or physical (GPS) nature.
These forms of identification are suitable for integration with other forms
of identification, but they are not sufficient to provide positive identifica-
tion alone. Location-identifying systems include:
• Callback system.
When a user requests network connectivity by
initiating a dial-up telephonic connection, the host modem system
disconnects the requesting connection and then redials a previously
assigned number associated with the requesting identity. Only by
responding to this callback can the user then connect to the network
for authentication and authorization.
• Virtual Private Network (VPN).
An installed VPN client appli-
cation running on the requesting system establishes an encrypted
connection to the requested network and establishes a virtual pres-
ence within the protected network. This connectivity allows secure
encrypted communication over a public network segment, while also
providing identification as a “local” system to other resources within
the protected network segment. Some VPN clients make use of pub-
lic-key certificates in order to digitally sign all communications, pro-
viding an additional identity check for each activity through a “what
you have” identification using the issued unique key.
• Global Positioning System (GPS).
Properly equipped systems can
make use of Global Positioning System data together with public-
key digital signature hashes to provide identification of the current
physical location of the requesting system. Restrictions can be imple-
mented to allow connectivity only to systems identified as being
in designated physical locations. This type of identification can be
problematic if the requester is underground or inside an electroni-
cally shielded physical location and unable to receive signals from
the GPS satellites.
Multifactor Identifi cation
Because each single-factor form of identification has its own strengths and
weaknesses, network environments with enhanced security requirements
may implement multiple types of identification together. As in the case
of the ATM card/PIN combination, multifactor identification systems
are more difficult to bypass through brute-force or counterfeit means.
