The Basics of Authentication in Cyber Security

25/02/2021 14:48:02

Authentication and Authorization in Web Security Gateway


Trust and recognition have been staples of human relationships since the beginning of time, forcing early humans to create ways of identifying each other through the use of signatures, facial features, names, and more recently through the use of documents like official identification and passports. The concept of authentication has become incredibly complicated with the advent and use of the internet in daily life. Administrators sit behind screens, unable to verify the identity of invisible users by sight, name or signature – now they use technology to protect their networks from those with the desire to bypass authentication methods with malicious intent. Let's go through some information on digital authentication in order to learn what works and what doesn't, and how authentication needs to evolve to support our online future.


What is Authentication?

The process of authentication in the context of computer systems means assurance and confirmation of a user's identity. Before a user attempts to access information stored on a network, he or she must prove their identity and permission to access the data. When logging onto a network , a user must provide unique log-in information including a user name and password, a practice which was designed to protect a network from infiltration by hackers. Authentication has further expanded in recent years to require more personal information of the user, for example, biometrics, to ensure the security of the account and network from those with the technical skills to take advantage of vulnerabilities.


What is the history of Authentication?

Passwords were developed and put into use in the 1960's for larger than life computers with multiple users. In the 1970's, Bell Labs researcher Robert Morris learned that it was a bad idea to store passwords in a clear text file. Morris created a cryptographic concept, or hash function, designed to verify the identity of the user without storing the actual password in the machine. Interestingly enough, as a clear indicator of what was to come in the technology industry, Morris created the first ever computer worm, in 1988. In the 1970's, private key cryptography allowed users to maintain one set of information to use to verify their identity when logging into a system, and one set of information to share with the world when using internet – thus giving internet users a face and name on the internet. One-time passwords,public-key cryptography and CAPTCHAs followed, bringing us to today, where we use both MFA (multi-factor authentication) and biometrics.



How does Authentication work with security?

Authentication employs different combinations of data, passcodes, QR codes, passwords, pass cards, digital signatures, fingerprint, retinal, face and voice scans to verify a users' identity before they can access a network. Proper authentication is often provided through a solution like a secure web gateway and deployment of multiple, cohesive security protections and solutions, like next-generation firewall and endpoint protection.


Authentication leads to Authorization

Authentication now gives allowed users access to systems and applications. But there is more! Once the system knows who users are, policies can be applied that control where the users can go, what the users can do, and what resources they can access. This is called authorization. Authorization is important as it ensures that users cannot have more access to systems and resources then they need. This also makes it possible to identify when someone is trying to access something they should not. For example, only giving medical personnel and not administrative personnel access to patient records, ensuring patient confidentiality.


Sangfor IAG – Internet Access Gateway

The widespread necessity of mobile devices in the workplace makes customer and staff authentication and authorization more important than ever. A wide range of devices and complex compliance standards for the storage of user information make it difficult for IT departments to maintain a safe network environment. Sangfor IAG can help organisations improve their user authentication experience with a simple and easy to operate solution.


Sangfor's IAG solution provides authentication via SMS, Portal, Social Media and QR Code. With all these authentication options, there is no need to constantly change your Wi-Fi password and security protocol and protections, as authentication methods are tailored to each specific visitor group . Access polices can be applied to users or user groups to allow access to resources (systems, URLs, working hours, etc.) that they are authorized to use.


As a leading vendor of Network Management solutions, Sangfor's IAG Secure Web Gateway has been listed in the SWG Gartner Magic Quadrant for 10 consecutive years. Sangfor IAG is a superior Internet behaviour management solution consisting of professional internet bandwidth management, application control, URL filters, traffic control, information control, illegal hotspot/proxy control, behaviour analysis, wireless network management and many more features. This solution can truly help you achieve effective web filtering and unified internet behaviour management of all clients in the entire network.



Why Sangfor?

Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor's Security solutions, and let Sangfor make your IT simpler, more secure and valuable.

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2021 SANGFOR TECHNOLOGIES. ALL RIGHTS RESERVED.