REVIEW: Biometrics for Network Security

biometrics-for-network-security-paul-reid-paperback-cover-art

by Paul Reid.  Prentice Hall  252 p.

_____________________________________________________________________________________

In the preface, Reid presents biometrics as the cure for all network security ills. Given his employment, with a company that sells biometric systems, this enthusiasm is understandable, if not totally compelling. Part one deals with introduction and background. Chapter one is the introduction–mostly to the book. The definition of biometrics itself is very terse. Authentication technologies are promised in chapter two–which starts out by repeating the all-too-common error of confusing authentication with identification. Reid then pooh-poohs passwords and tokens and praises biometrics as strong authentication, without dealing with the fact that a biometric is the ultimate static password, or addressing the technologies (and associated error rates) needed to make biometrics a viable authentication factor.

Privacy is confused with intellectual property, access control, and improper employee monitoring in chapter three. Part two lists biometric technologies. Chapter four is a disorganized amalgam of factors generally involved in biometric use and applications. Fingerprint features are reviewed in chapter five with incomprehensible explanations and unclear illustrations. Attacks against fingerprint technologies and systems are raised–but are usually dismissed in a fairly cavalier manner. Similar examinations are made of face (chapter six), voice (seven), and iris (eight) systems.

Part three looks at implementing the technologies for network applications. Chapter nine compares the four biometrics from part two, in general terms, and states measures that ..

Read more: http://seclists.org/isn/2004/Oct/8