SEOMining SEOMining

Safeguard Network  «Prev  Next»
Lesson 8 User and server authentication
Objective Explain how user and server authentication is used to provide network security.

User and server authentication

A principal feature of network security is user authentication, which ensures that only authorized people can access protected data. For example, how does your credit card company know it is you trying to access your online credit card statement? In turn, how can you verify you've reached the credit card company's actual Web site and not a fraud's? User authentication is a system that meets that challenge by typically involving a check of the user ID and password.
Because of changes in individuals' access needs (as a result of hiring and resignations, for example), a user authentication system must be continually maintained in order to:
  1. Set up access for new users
  2. Delete former users

At the same time, a user wants to be sure that sensitive data sent to a server, such as a credit card number, goes to the intended destination. The process that ensures sensitive data goes only to the intended receiver is called server authentication.

Root certifications and server certificates

The certificate authority creates keys by assigning each user or server a certificate that can be exchanged at the authority's certificate server for a public key. The figure below illustrates user authentication by means of this key creation process.
User Authentication by an SSL-enabled Server
User Authentication by an SSL-enabled Server

The MouseOver below illustrates the process of server authentication:
Server authentication
Server Certificate Authority
In the next lesson, you will learn about the different security requirements for the Internet, intranets, and extranets.