[ISN] REVIEW: "Biometrics for Network Security", Paul Reid

From: InfoSec News (isn@private)
Date: Tue Oct 05 2004 - 04:30:26 PDT


Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private>

BKBIOMNS.RVW   20040527

"Biometrics for Network Security", Paul Reid, 2004, 0-13-101549-4,
U$44.99/C$67.99
%A   Paul Reid
%C   One Lake St., Upper Saddle River, NJ   07458
%D   2004
%G   0-13-101549-4
%I   Prentice Hall
%O   U$44.99/C$67.99 +1-201-236-7139 fax: +1-201-236-7131
%O  http://www.amazon.com/exec/obidos/ASIN/0131015494/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0131015494/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0131015494/robsladesin03-20
%P   252 p.
%T   "Biometrics for Network Security"

In the preface, Reid presents biometrics as the cure for all network
security ills.  Given his employment, with a company that sells
biometric systems, this enthusiasm is understandable, if not totally
compelling.

Part one deals with introduction and background.  Chapter one is the
introduction--mostly to the book.  The definition of biometrics itself
is very terse.  Authentication technologies are promised in chapter
two--which starts out by repeating the all-too-common error of
confusing authentication with identification.  Reid then pooh-poohs
passwords and tokens and praises biometrics as strong authentication,
without dealing with the fact that a biometric is the ultimate static
password, or addressing the technologies (and associated error rates)
needed to make biometrics a viable authentication factor.  Privacy is
confused with intellectual property, access control, and improper
employee monitoring in chapter three.

Part two lists biometric technologies.  Chapter four is a disorganized
amalgam of factors generally involved in biometric use and
applications.  Fingerprint features are reviewed in chapter five with
incomprehensible explanations and unclear illustrations.  Attacks
against fingerprint technologies and systems are raised--but are
usually dismissed in a fairly cavalier manner.  Similar examinations
are made of face (chapter six), voice (seven), and iris (eight)
systems.

Part three looks at implementing the technologies for network
applications.  Chapter nine compares the four biometrics from part
two, in general terms, and states measures that are rather at odds
with other biometric literature.  Reid makes a big deal out of simple
error rate metrics in chapter ten.  Most of chapter eleven talks about
hardening biometric devices and hardware.  Unconvincing fictional
"straw man" case studies and some general project planning topics are
in chapter twelve, with more of the same in thirteen and fourteen.

Part five, which is only chapter fifteen, casts a rosy-spectacled look
at the future when all of security will be made perfect through the
use of biometrics--essentially returning us to the preface.

Basically, this appears to be a promotional pamphlet padded out to
book length: it isn't even as good as Richards' article in the
"Information Security Management Handbook" (cf. BKINSCMH.RVW).  The
material will not help you with a realistic assessment of what
biometrics can (and cannot) do, or how to implement it.  The
"Biometrics" text by Woodward, Orlans and Higgins (cf. BKBIOMTC.RVW)
is far superior.

copyright Robert M. Slade, 2004   BKBIOMNS.RVW   20040527


======================  (quote inserted randomly by Pegasus Mailer)
rslade@private      slade@private      rslade@private
Programming today is a race between software engineers striving
to build bigger and better idiot-proof programs, and the Universe
trying to produce bigger and better idiots. So far, the Universe
is winning.                                              - Rich Cook
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Tue Oct 05 2004 - 08:31:25 PDT