A user remotely located must be first authenticated before accessing the network or Intranet of an organization. The authentication procedures must be built into the firewall applied to the network or Intranet for the security measures. The procedures to validate remote login or access have been described in the following lines along with their comparison and features:
1 Using UNIX password for authentication The password without encryption is open to all over the network or Internet. Hence, authentication practising UNIX password may most likely lead to eavesdropping of the password over the network or Internet because the password is not encrypted before being sent. This type of system is not suitable for authentication of remote login.
2. Using IP address for authentication Packet-filtering types of firewalls commonly use IP address for authentication of data. They apply a set of already defined procedures over each received packet before routing to the desired destination. Each packet received is examined for the pre-established rules to determine the access validity to the requested network or only for some available services on the network.
For example, an authorized user may login to the network. However, he may be allowed to use only certain services or server on the destination network. This is achieved by filtering the packet for certain addresses or packet types.
The major disadvantage of this type of authentication procedure is that the IP address authenticated by firewall system or network to be accessed may fall into wrong hands. Consequently, undesirable user or hacker may pretend to be the actual user or hack the network by getting access through the authenticated IP address hacked as explained above.
Packet filtering technique enables the network to determine the type, protocol, source and destination addresses for unauthorized access. This is the one major advantage of this technique.
- Using one time password for authentication In the above two procedures, we have witnessed some loose ends, which need to be tied up. In case of password authentication, the password remains unencrypted and therefore susceptible to be hacked. Access to a network by some undesirable person may be avoided if the password is validated only once to login to remote network. Different passwords are transferred over the network for each and every login. The authentication system involving this feature can assure the highest security of all types. It is evident that even if a hacker acquires the password, he cannot login to the network with that password.