This chapter began with an introduction of simple username/password authentication systems, and continued into various authentication and authorization systems, including RADIUS, TACACS, DIAMETER, and Kerberos. The development of authentication, authorization, and accounting system continued on to the directory-based systems, X.500 and LDAP. Finally, we discussed the wave of the future, identity management.
Proper passwords are an effective first layer in the organization's security policy. It is not difficult to develop strong passwords and change them frequently, but users tend to resist the practice, or else subvert it by writing the passwords down and leaving them where they can be seen. Multifactor authentication schemes, including biometrics, promise to greatly increase the security of networks and facilities.
If the need for increased security is needed, tokens can be added to the login process. This multifactor authentication method adds yet another layer to the defense in depth concept. Other factors discussed included using one-time passwords, Kerberos, and biometrics as a secure means to be authenticated.
Current directory-based login systems offer authentication, authorization, and accounting. As multiple authentication databases merge into federated identity management systems providing single-point login, increasing amounts of private information about users can be incorporated into the login process.