Updates
Latest Tweet
What's New?
Check out for latest innovation, a computer based training video collection
Like this Page
Biometrics for Network Security (Prentice Hall Series in Computer Networking and Distributed Systems) Review by John L. Berger
A very good book with a lot of information.
This book is meant for just about anyone who has any interest in biometric security. The geek speak is minimal and the examples are those which just about anyone with network experience can understand. In essence, it's meant to be read by anyone from the network administrator to the CIO.
Each chapter deals quite well with the various biometrics including the options by which each biometric can be measured, the types of variances that can be expected, how each biometric can be spoofed, and how spoofing can be thwarted. I'm not going to go into any great detail on them because that's the purpose of the book, but I found it fascinating to learn how many different kinds of authentication can be done. Facial biometrics alone have three different authentication methods from which to choose!
The book also goes into the statistics of using biometrics and how to determine various acceptance and rejection rates as well as accuracy rates. This section is clearly for the mathematically adept, but it was an interesting read - for me anyway.
The last several chapters of the book deal with the preparation and roll-out of a biometric security model - defining the business need, developing a proof of concept, inviting vendors, preparing proof-of-concept, rolling out the pilot project, and finally rolling out the project itself. For anyone with management experience or anyone who is familiar with project planning, these sections are for the most part a reiteration of common sense; however, for someone who has never performed to extravagant a project these chapters are a good foundation.
This book is not light reading, but it doesn't require a Masters degree to understand either. It's a good balance of technical information and real-world examples and usage. Fortunately, the author avoided the I'm trying to impress you language that too many other technical authors attempt to employ in order to increase their self-esteem.
There are a few things about this book, however, that made it difficult at times for me to read without rolling my eyes.
One is the section about return on investment. When it comes to network security, you really cannot place a dollar value on security; and associating "investment" with "security" is truly a misnomer.
"Security" is an insurance policy meant to prevent loss, whereas "investment" is meant to gain wealth. With security, you pay for it even when you don't need it for no reason other than having it there for the unlikely time when you do need it. That is an expense, not an investment. I had a very difficult time accepting the author's comparison between why one type of security had a higher ROI than other.
What really irritated me about this book, however, is the author's continual pushing throughout the book of user right to privacy and user acceptance of a security system.
Being the employee of a company is a privilege, not a right. When you voluntarily accept employment by a company, you are bound by their rules and their regulations. I found it somewhat arrogant of the author to push user acceptance and user rights to privacy as a strong consideration of whether or not a particular security measure should be implemented.
Yes, efficiencies need to be taken into account. The security method must be efficient, effective, and provide the adequate amount of security. If the security is too cumbersome to be effective or if the security is simple but doesn't provide the security that other methods provide, then the security plan should be rethought.
However, a user's right to privacy and acceptance of a security method are non sequitur. The employee has only those rights that the employer gives to him as per the terms of hire and continued employment. The employer is within his rights to alter or remove all rights to privacy as is necessary to protect the company.
Overall, however, the book is quite good. A security method that does what it's supposed to do is priceless. You can't put a value on it. But if you're looking to harden your network, you could do a lot worse than lay down the money for this book, just as long as you recognize that you are responsible for implementing network security as you - not griping employees - see fit.