Network access controlled via biometrics

Fingerprint readers, a form of biometrics, have been used to protect data and endpoints, but now IT is using the security technology to control network access

Fingerprint scanners, a form of biometrics, have been in use for the past few years to keep laptops locked and data secured, but a handful of vendors are finding new, inventive uses for the Matrix-like high-tech gadgetry.

In some cases, biometrics makers are offering their wares to companies that want to use fingerprint readers to control who gets onto the network and which applications they can access once they are scanned in. Vendors like Shimon Systems and DigitalPersona are leading the charge for fingerprint scans as a means to protect the network from unwanted users.

Shimon Systems makes Bio-NetGuard, a tool that is designed to control access to the wireless LAN. Shimon CEO Baldev Krishan said that security concerns and weak authentication and encryption tools, especially when using WEP, have prompted many networking pros to avoid wireless. While WPA has solved the encryption side, user authentication remains a concern.

According to Krishan, Bio-NetGuard provides a RADIUS server that is extended with fingerprint matching for secure authentication of users on WPA-secured WLANs, providing fingerprint-based access control to the network at the access point level. Essentially, Bio-NetGuard prohibits unauthorised users from gaining access to the WLAN by not allowing unrecognised users onto the access points.

"Before you get onto the network, we know who you are," he said, noting that many network access solutions verify the identity of the equipment being used, not the user.

Before a user can connect to the wireless LAN, Bio-NetGuard uses a fingerprint for authentication. It is a DSP-based device that works with WPA-compliant access points such as models made by Cisco, D-Link, NetGear and Linksys. It also supports a variety of fingerprint scanners, either embedded on laptops or added on as peripherals.

The device, roughly the size of a deck of cards, plugs anywhere on the network. Users are enrolled using three fingers, and up to 250 users can be stored. Bio-NetGuard also lets users log onto the network from any machine enabled with a fingerprint scanner.

"You can be anywhere on any machine," Krishan said.

Recent studies show that roughly 15% of laptops were shipped last year with fingerprint readers embedded. This year, Krishan said, that will double to about 30%.

"Fingerprint sensors are now getting very common for laptops," he said.

Another company using fingerprint readings to control network and application access is DigitalPersona, which offers biometrics software and hardware to control network access.

George Skaff, DigitalPersona's marketing vice president, said fingerprint scanners can not only lock down the network but also reduce the costs and time devoted to password loss and replacement. He said tokens and smartcards can provide a level of value, but they can be costly to manage and risky if lost or stolen.

"You can use a fingerprint to log into the network wherever you are," Skaff said, adding that -- based on fingerprints -- IT can control who accesses which applications and from which devices and locations they can have such access. Also, an audit trail can show who accessed what and when.

"Inside the firewall, you have to use your fingerprint reader to log in," he said.

According to a recent study by DigitalPersona and the Business Performance Management Forum, 73% of respondents said password security has become an issue over the past year, and 77% said a network breach resulting in some sort of data loss would be critical or disastrous. The study also found that password sharing among users is a frequent problem that can lead to further security issues.

Of those surveyed, 28% have fingerprint readers in notebooks and desktops, while 80% said they plan to spend either the same amount of money or more on biometrics solutions as in the previous year.

Skaff said that companies "are increasingly concerned with the misuse of passwords amongst colleagues and the growing danger of internal and external threats to the network."

Other key findings the study uncovered include:

  • 80% of IT and security teams said security compliance and governance were important, but less than half have any formal system or policy in place to create an electronic audit trail.
  • 68% of executives said network passwords have been exchanged between colleagues.
  • 60% said they or someone within their organisation had given a network password to a co-worker, while about two-thirds of participants said 25% or more of employees have access to information that could compromise the company if lost, stolen or exposed.
  • 40% said half or more of the employees can access information using passwords, smartcards or tokens.

Despite the findings, less than half of respondents with fingerprint biometrics available are using the technology.

"While respondents acknowledged they have laptops with embedded fingerprint readers, we found that many of these point solutions are not being utilised," Skaff said. "Companies are looking for enterprise server-based authentication solutions that enforce policies and manage the client software for these notebooks."

Don Long, senior director of information systems and technology for White Castle, the national hamburger chain, said the company doesn't use fingerprint biometrics for network access per se but instead uses it to control who can get into which applications.

Using DigitalPersona, White Castle can avoid the hassles of lost or shared passwords. Long said the fast food industry is notorious for high turnover, and with 12,000 employees and 400 restaurants, White Castle is no different.

According to Long, most applications within the company are set up in such a way that when an end user tries to access them, he is first asked for identification either by name or date of birth; from there, the user is asked to prove identity with a thumbprint scan. If he is authorised to use that application, access is granted. If not, access is denied.

"Passwords don't work really well for us," Long said. "People don't remember them, they get shared. We've had bad luck with keycards too; they get lost or forgotten at home."

He said that White Castle tried using electronic signatures for access but quickly realised that forgery was a possibility. For the past few years, biometrics have been standard within the company.

"It's a great authentication tool," Long said. "It's enabled us to do a lot of things without passwords."

Read more on Network security management