Security Spotlight: Biometrics
Although they are the focus of a great deal of hype and hope, biometrics also represent interesting technology to help boost network and system security. Basically, a biometric device is one that uses some measurable item or element from a person attempting system access to permit or deny such access. Thus, voice prints, thumb-, finger- or hand-print scans, retinal scans, facial scans and so forth all constitute valid, available biometric technologies.
You’d think that biometric technology would be pretty much unbreakable, but it’s always smart to remember that no single physical technology is enough to guarantee strong security. (See Bruce Schneier’s outstanding discussion of this topic in “Homeland Insecurity” at http://www.theatlantic.com/issues/2002/09/mann.htm). But when used in a multi-factor access-control environment (with passwords, pass phrases, questions based on pre-screened questionnaires and so forth), biometrics can help solve the problem of remembering the physical element. (Since presumably what’s being scanned is part of the person who’s attempting access, they should always be ready for scanning.)
The expense involved can range anywhere from several hundred dollars to several thousand dollars, depending on what’s being scanned. This generally means that expensive scanners are used as part of physical access controls to locked-down sites or rooms, whereas less expensive scanners might be used on individual computers.
For more information on biometrics, the Connecticut Department of Social Services has put together a great collection of pointers to papers and overviews on biometrics in general and on currently available biometric technologies. (See http://www.dss.state.ct.us/digital/ditutor.htm).