Key Distribution Schemes
There are a number of authentication and access functions that are widely used to support network-based user authentication. Some of these functions include:
· User registration- Formal user registration and de-registration procedures that are implemented in order to grant or revoke access to the network. · Privilege management- The use of access privileges for users. · User password management- Password management. · User access token management- Allocation of access tokens, such as key-cards, devices, etc. · User authentication for remote connections- Authentication methods should be used to control remote access to the network.
There are many different authentication and access functions but the most important are strong password and username use. Passwords are the easiest or most difficult point of entry into a network. For instance, a weak password can be overcome by using brute force attacks. Strong passwords are not as prone to this issue.
Key Distribution Schemes
Two primary forms of key distribution schemes include:
1. Secret Key Distribution Scheme (SKDS): Assume a special entity in the network, a Trusted Authority (TA) TA chooses a secret key for communicating, and transmits it to parties that wants to communicate
2. Key Agreement Scheme (KAS): Two or more parties want to establish a secret key on their own (Kroenke, 2013).
The are inherent problems in both key distribution schemes. The SKDS approach is efficient but is more centralized and when someone gain entry that should not they now have access to the same information as everyone. The KAS approach is too complex for large networks and this creates considerable problems managing the users.
At my company, the authentication and access control measures should create appropriate access for users based on information needs. This would mean that specific servers, devices, laptops, and applications would only be accessible by the proper user. This can be achieved by using MAC address filtering. When MAC address filtering is used, the access point or router performs an additional check to verify the MAC addresses of each client from its operating system or configuration utility (Laudon & Laudon, 2005). This would provide additional protection against intrusion from wireless users.
Kroenke, D. (2013). Experiencing MIS (4th Edition). New Jersey: Prentice Hall.
Laudon, K. C., & Laudon, J. P. (2005). Management Information Systems: Managing the Digital Firm. NJ: Prentice Hall.