Biometrics for Network Security

A very good and readable book about biometrics for network security. Note the network security part - the coverage is limited to systems that can be used in an everyday business environment. The book could be read by just about anyone, although it does help knowing a little bit about biometrics to start with. There are basically two main parts - the first one describes the different biometric technologies and their strengths and weaknesses. The second part discusses actual testing and deployment using real life examples of what to do and what not to do. I would certainly recommend this book to anyone who is actually going to implement a biometric system. Just knowing how the biometrics work is not enough to have a successful deployment. If you want to know the full details of how different biometric algorithms work, this book is probably not for you. The level of detail is just what you would take away from reading the detailed description, which I actually liked. I would recommend this book to anyone interested in network security.

This book is meant for just about anyone who has any interest in biometric security. The geek speak is minimal and the examples are those which just about anyone with network experience can understand. In essence, it's meant to be read by anyone from the network administrator to the CIO. Each chapter deals quite well with the various biometrics including the options by which each biometric can be measured, the types of variances that can be expected, how each biometric can be spoofed, and how spoofing can be thwarted. I'm not going to go into any great detail on them because that's the purpose of the book, but I found it fascinating to learn how many different kinds of authentication can be done. Facial biometrics alone have three different authentication methods from which to choose! The book also goes into the statistics of using biometrics and how to determine various acceptance and rejection rates as well as accuracy rates. This section is clearly for the mathematically adept, but it was an interesting read - for me anyway. The last several chapters of the book deal with the preparation and roll-out of a biometric security model - defining the business need, developing a proof of concept, inviting vendors, preparing proof-of-concept, rolling out the pilot project, and finally rolling out the project itself. For anyone with management experience or anyone who is familiar with project planning, these sections are for the most part a reiteration of common sense; however, for someone who has never performed to extravagant a project these chapters are a good foundation. This book is not light reading, but it doesn't require a Masters degree to understand either. It's a good balance of technical information and real-world examples and usage. Fortunately, the author avoided the I'm trying to impress you language that too many other technical authors attempt to employ in order to increase their self-esteem. There are a few things about this book, however, that made it difficult at times for me to read without rolling my eyes. One is the section about return on investment. When it comes to network security, you really cannot place a dollar value on security; and associating "investment" with "security" is truly a misnomer. "Security" is an insurance policy meant to prevent loss, whereas "investment" is meant to gain wealth. With security, you pay for it even when you don't need it for no reason other than having it there for the unlikely time when you do need it. That is an expense, not an investment. I had a very difficult time accepting the author's comparison between why one type of security had a higher ROI than other. What really irritated me about this book, however, is the author's continual pushing throughout the book of user right to privacy and user acceptance of a security system. Being the employee of a company is a privilege, not a right. When you voluntarily accept employment by a company, you are bound by their rules and their

Even though I am well aware of the problems of "simple" passwords, quite frankly I have no choice but to use them. Like nearly everyone else, keeping even a small number of strong passwords in my mind is close to impossible and I rarely remember them. Most people in this situation write them down and place them near their terminal, effectively rendering the strong password weaker than the simple one. Since the lack of an appropriate password ceases your activity on that system, it is a case where the cure of strong passwords is probably worse than the disease. The best solution is to have a single sign-on system, where one data point is used to grant access to all computer systems. In this environment, the use of a biometric, or unique characteristic of our bodies as a logon authentication mechanism is very attractive. Clearly, it is most unlikely, although not completely impossible, for anyone to be without a particular biometric. Furthermore, in certain circumstances, our society is comfortable with using biometrics as an identifier. The fingerprint has been accepted as evidence in a court of law for decades and DNA is regularly used to overturn convictions and set the innocent free. While biometrics is not yet a mature technology, the purpose of this book is to examine the current state of the art, describe how they can be used and the weaknesses still present in the technology. There are some problems with the use of biometrics, some are technical, others are social and some are biological. In this book, the biometrics most commonly considered for authentication are examined and the problems detailed. The biometrics covered are fingerprints, face recognition, voice analysis and blood vessel patterns in the iris of the eye. Face recognition and voice analysis are the two most susceptible to biological changes. People age, some faster than others and as that happens, their face changes, sometimes rapidly and dramatically. There are some people whose face changes a great deal even from day to day depending on how much sleep they got the night before. We have all experienced a situation where we meet someone we have not seen for a few years and do not recognize them. Temporary illness can also alter a voice, rendering the voice recognition mechanism ineffective. These situations of a false negative would be difficult to avoid, unless the authentication data is periodically updated. Fingerprints and patterns in the iris are the most permanent. However, they also have their problems. To get a precise fingerprint, the hand has to be very steady and most people in the United States equate the taking of fingerprints with a trip to the police station. This is a significant social barrier that will delay the implementation of any general identification system. Scanning the patterns of the iris requires close proximity to the sensor and it is necessary for a light to be focused on the eye. Many people are made uncomfortable with the light shining in