Enhancement in information access has necessitated new challenges to users for the fortification of susceptible data and systems resources against emergent number of security risks and theft related issues. Enterprise systems have witnessed breaches and malicious intrusions into network systems. This has raised the standard for security compliance by system engineers as they struggle to protect network vulnerabilities and meet regulatory compliance. With the rising number of data security breaches and the increasing sophistication of cybercrime, protecting access to organization critical data and systems becomes a major necessity.
System gurus comprehend the potential threats posed to their networks and are devising means to cope with those threats and implement sustainable solutions. As businesses strive for transparency, interoperability and mobility, respective corporate networks become susceptible to threats from a third party whose security apparatus is not subject to audits and control mechanism by the system (Altman, 2006). Systems employees are given administrative privileges to enable such individuals perform their administrative duties. Such rights could be compromised by disgruntled employees, contractors, vendors, or temporary workers, thereby allowing critical security services to be inoperable.
Several enterprise systems use Internet filtering tools such as intrusion detection software and firewalls to protect valuable data on their systems, but additional security measures are needed to safeguard the loss of intellectual properties and other valuable data on a system. Most of these companies do not have enforcement apparatus to enforce compliance or to report on suspicious activities (Resencrance, 2004). Phishers are constantly circumventing the two-multi factor authentication scheme by implementing man-in-the middle attacks. Due to this loophole in the enterprise policy security infrastructure, corrective measures to detect and prevent threats from malware, hackers, malicious users, become paramount.
According to Andress (2006), the Federal Trade Commission (FTC) reported that identity theft affected nearly 90 million Americans and cost approximately $173 billion in 2005. Also, Skoudis (2005) found evidence that worldwide identity theft and related crimes could cost businesses about $532 billion in losses by the end of 2010.
Since most end-users and various enterprise clients perform a fraction of their business transactions at their respective local offices, the need for a reliable and secured authentication mechanism cannot be overstated. End-users, who engage extensively on electronic services, complain that passwords have become difficult to remember (Andress, 2006). Most of the systems require password changes every 90 days and this makes it cumbersome to remember which password was used within a given period.
Logon functionalities of user name and password algorithm have been used to grant authentication and authorization into enterprise systems network resources. Although authentication provides system administrators with valuable information about who is accessing the application, users get frustrated remembering user name and logon IDs. Since passwords can be compromised, the urgency for a stronger authentication process becomes paramount.
Solutions to these problems could include the fortification of the Enterprise Network Security platform and the addition of more security layers for a stronger multifactor authentication process. A strong authentication process should include, but not limited to, a device or information that the user possesses. These could include a hardware token or a barometric characteristic or some information or code that the user knows. An example would be a Personal Identification Number (PIN). Other examples might include smart cards or badges.
REVIEW OF THE LITERATURE
Ofir (2005), Lu, Liu, Yu, and Yao (2005), Ryker and Bhutta (2005), Opara (2004), Pescatore, Nicolett, and Orans (2004), and Krim (2003) among others have noted that in the past few years, systems security administrators have seen a decline in recreational hacking, and an increase in commercial hacking. …