Computers, networks, and software are the heart and soul of the IT world today. Because of the availability of those systems, they are very vulnerable to malicious attacks and activity. It is of upmost importance that an organization takes security seriously and takes the proper measures to protect their systems. They can do this through a number of different ways, but one area of focus is through the authentication process and the related hardware and software to go along with it.
Identification and Authentication
Authentication is the process of the system or program recognizing the user and granting them access, which has been predetermined by access controls. It begins with two major parts; Identification and Authentication. Identification is the process in which the system recognizes the user and gives them access according to Abstract object that are controlled by the administrators of the files and systems. Privileges will be granted based on their user account having been verified. This process is usually a user ID. The system recognized the ID and knows the access right and privileges of that individual that have been verified.
The Authentication begins once the user account ID has been identified. This is the process in which the user credentials are actually verified, meaning the specific attributes of their specific user account and authenticated and verified to make sure the access rights are correct. This process uses a password or some sort of credential such as, a PIN, Certificate, or ticket. The system needs to authenticate the identity of the user by verifying their credentials. (Todorov, 2011).
Authentication can be completed by a system in many different ways. As explained earlier, a simple password or form of identifying the person specifically is used a front line authentication method. This is also known as a Single Sign-on Authentication method. Within the front line there is more to the process. Client authentication uses a Key Distribution Center (KDC), which has two parts; an authentication server (AS), and Ticket-Granting Server (TGS). This process of Authentication uses an encrypted key from the user in which the AS is able to identify them and grant access by sending the ticket form the TGS, Authenticating the user. Once the person has been identified and the session ticket has been granted, certificates are used to identify the access rights. The certificate is a digital file that is sent as an attachment to a message. This process is essential to verify the file came from a trusted source. The certificate can contain a public key as well, which will authenticate the data for current and future encryption and decryption from that specific source. (Conklin & White, 2012,).
Design Considerations The design of an authentication is based off the company scope and system needs. A company should consider all the risks associated with their current system through a risk assessment. From there they should evaluate the different types of authentication. The basic types are: Single Sign-on, Two-factor, Multi-factor. These identify the different steps of authentication that are needed to grant access to a user. Once the sign-on has been established the company must determine the best method for processing the authentication. They could use Biometrics, such as fingerprints or retinal scan. Something from the individual that is specific to only them. A company can use a digital certificate, tickets, or tokens to authenticate their users.
A two-factor sign-on or multi-factor will use more than one of the above authentication processes. When the company decides the structure they want, they need to assess how many sign-ons they want, based on the importance of authenticating. For example: a simple user account would general have an Identification and single authentication. A sign-on to a server that houses sensitive information will most likely require at least a two-factor sign on. A company should determine the authentication method based on the needs and type of information that access grants permission ("Exploring Authentication Methods: How To Develop Secure Systems", 2014).
Data Back-up and Storage User access is a big part of securing data, however there are other factors involved in securing data within the authentication process. Once a user has access the systems needs data integrity as well as storage capacity to make sure the data is secure and available to the user when they need it. Disasters do happen, not always, but it is important for a company to have a plan in place with specific protocols for Disaster recovery in case of catastrophic technological even or natural disaster. A disaster recovery plan (DRP), defines in case of a disaster, what specific resources, processes, organizations, and people are involved. It defines the roles of all of those involved so they know exactly what they are supposed to do, how to do it, and what resources to use to execute the DRP. The DRP will have the necessary steps and process involved for each individual to fully restore the systems, data, and network prior to a disastrous event. Categorizing the different roles is important because in some cases there needs to be a focus on a specific area before another to have effective disaster recovery. There are five main areas of criticality of the DRP.
1. Critical: is the highest level. This includes aspects such as systems that are essential to business function based on the scope of the business.
2. Necessary for normal operation: are processes or systems the company can service temporarily without, but they should be restored as soon as possible. The company cannot go more than 30 days without this step.
3. Desirable: level DRP are not needed immediately, but will optimize performance and ability for their company to meet the scope and mission. The company can survive without this step for more than 30 days.
4. Optional: are things that are not necessary whatsoever and not essential to business function
5. Consider Eliminating: have no discernable purpose for the business function and were not utilized.
A Business Continuity Plan (BCP) is essential to the DRP. The DRP and BCP are similar. Some organization will use one or the other, but most will use both synonymously to ensure the focus is specific to the needs of the company. The BCP focuses on the continued operations of the business with not just disasters, but any event or regular, every-day operations. The DRP focuses on the recovery and rebuilding once a disaster has occurred.
Not only does the company have to worry about disasters or major disruptions, they have to worry about the minor things, which can lead to bigger things. All events and any kind of attack should be considered in contingency plan. This plan includes the processes and protocols the company will take against specific threats. Things like viruses, data breach, and network interruptions. The contingency plan is important because it is much more likely to need than the BCP or DRP.
Within the DRP there needs to be efficient back-up plans for the data to be saved in everyday activity as well as catastrophic or event or disaster. A company must first decide what data and systems need to have back-up. From there they can decide what strategies to use to execute the back-up solutions. These strategies will be based on company scope and they type of systems and data the company uses.
Cost is a big factor of what strategy the company uses to protect and back-up their data. Storage can be expensive, depending on the how much data and what type or storage the company chooses. There are different ways a company can choose to perform back-up.
One of the many types is called an “alternative Site.” This is an off-site storage process based on three types. A cold site is an environment that has the essential environment controls, but has few components. The company would have to move components there for it to be functional. A warm site usually has everything it needs from the controls and components, but needs a main processing computer to be functional. A hot site is a fully functional and fully configured environment that would be available immediately. (Conklin & White, 2012,).

Redundancy is another type of back-up. A form or redundant back-up that is frequently used is Redundant Array of Inexpensive Disks (RAID). Instead of data that is copied to hard a drive disk, the data is copied to multiple disks. RAID is an effective on-site solution for back-up. It provides quick recoverable resources for the company to be up and running after a temporary data obstruction.
Depending on the type or RAID used, the data will be copied in a specific way. RAID 0 will spread data out over multiple disks, so data loss is still a vulnerability. RAID 1 mirrors data onto multiple drives, but is expensive because of all the hardware involved and at least doubling of the hardware. RAID 5 uses three hard drives for disk striping. The difference between RAID zero and RAID five is that RAID five uses Byte correction which allows the systems to keep running when a hard drive goes down. The faulty disk can be replaced without the system going down. When the new disk is installed the information can be reloaded from the virtual hard drive onto the new disk. (Regan, Chapter 14, 2006).
Hardware Devices
These back-up functions cannot be carried out without the help of systems and devices, which are designed to aid in back-up and storage. Beginning with Authentication, There needs to be a system such as Kerberos. Kerberos is an authentication system comprised on an Authenticating Server (AS), and the Ticket Granting Server (TGS), to ensure the authentication is effective over the entire network.
Authentication can also use what is known as a Token, this is device that functions as something an individual possesses and also knows. For example the person would have to use the device to authenticate themselves as well as an ID number or PIN of some sort the on the device. This is a Two-factor authentication device. Some peripherals can be plugged into a computer for Authentication as well. Including, but not limited to; a retinal, badge, or fingerprint scanner.
A RADIUS server and the IEEE 802.1X uses an edge switch, which enables ports in the network to carry authorized traffic, once the Authentication has been established. RADIUS is Remote Authentication Dial-in User Service. It is a remote way for a user to be authenticated. It is client-server protocol that uses a Network Access Server (NAS), usually using a Virtual Private Network (VPN), to establish the authentication. Once the remote access authentication has occurred through RADIUS server, there is a wired connections established using the IEEE 802.1X.
An intrusion Detection System (IDS) is essential to both recovery and back-up because it prevents these events from happening. This system detects, logs, and responds to any suspicious activity as it has been programmed to do. It will log the users and hosts and monitor the activity to make sure the network and hosts are authentic and known. This system required dedicated hardware to support the software it needs to function.
Network Access controls are essential to the authentication process because once the authentication has occurred that access controls come into play. A Network Access Protection program (NAP), should be used to control the administrators and users as well as updates and things of that nature. The system has patches as well as well as Anti-virus protection.
RAID servers and hardware are needed to perform RAID Back-up. These servers house the disk and drives for the RAID to automatically take place. The Server allows for the designated data to go through the RAID process based on the configuration of the RAID that was discussed earlier. RAID servers are specifically designed for back-up and can be an on-site or alternative site solution. (Conklin & White, 2012,).
Conclusion
In conclusion A company needs to have authentication which identifies and then authenticates user access. The process can be carried using single sign-on, two-factor, Multi-factor. Back-up is essential to the authentication process because it secures data integrity for the users. There are different types of back-up alternative site and on-site. RAID is a form of on-site back-up, which uses redundancy to copy data in several different ways, depending on the RAID type. There are many different devices and systems available for authentication, back-up, and storage. Many of which are different servers. These process and devices are essential to the optimization of everyday business function.

References
Conklin, A., & White, G. (2012). Principles of Computer Security: Comp TIA Secutiy + (3rd ed.). Retrieved from The University of Phoenix eBook Collection database.
Exploring authentication methods: How to develop secure systems. (2014). Retrieved from http://searchsecurity.techtarget.com/tutorial/Exploring-authentication-methods-How-to-develop-secure-systems
Regan, P. (2006). Local area networks. Retrieved from The University of Phoenix eBook Collection database.
Todorov, D. (2011). Authentication, Authorization, and Accounting. Retrieved from http://www.infosectoday.com/Articles/Authentication.htm