[unisog] Biometrics for Active Directory Authentication
micheal.cottingham at sv.vccs.edu
Thu Dec 22 20:03:57 GMT 2005
I apologize for not getting back to everybody sooner, we had some
upstream DNS problems earlier in the week.
I have read similar articles, and even tried a few simple things to
bypass the scanners. I tend to agree with Mike. If someone is able to
get that close for that period of time, you have more problems than
someone bypassing a fingerprint scanner.
Southside Virginia Community College
Network Security - Christanna Campus
Mike Wiseman wrote:
>>Keep in mind they're not that hard to fool:
>>I suspect a token-based system, e.g., SecurID, would be far more
>>difficult to defeat, but don't recall seeing any solid, objective
>>research on that.
>Interesting article. But I don't think that a fingerprint sensor is 'easy' to defeat -
>making fingerprint models of an unsuspecting user would require a lot of effort. If one is
>willing to go this far, stealing a hardware token and capturing a PIN using a keylogger
>sounds simpler to me.
>I evaluated the Sony Puppy USB fingerprint sensor (model 810) a while back and was
>impressed by it. It uses electrical capacitance sensing so perhaps this would distinguish
>between a real and fake finger. It also contains a cryptographic chip to do on-board
>functions - so it could be used with an x509 cert which, in itself, provides a high level
>of authentication assurance and can be used without a server component. They're too
>expensive ($200) for my application though.
>Computing and Networking Services
>University of Toronto
>unisog mailing list
>unisog at lists.sans.org
More information about the unisog