End User Identity Management

Your Internet Connection Is Unique

Internet providers that serve business and fixed residential subscribers assign each account at least one public IP address. This may be done dynamically over dial-up and broadband connections, or statically when the service is first provisioned.

In either case, the public IP address is linked to a specific user or account. If the provider notes malicious traffic or spam from that IP address, they know which customer to notify, block or disconnect.

The same information is used by law enforcement in computer crime investigations, and by copyright holders eager to sue retirees and Internet subscribers for file sharing.

Guest Users Share Your IP Address

Most public access Internet services utilize network address translation. This allows the use of reserved, private IP addresses for each user. The public access Internet gateway (or your own router without network isolation) translates the private IP addresses to one or more public IP addresses.

One result of this function is that all guest Internet traffic uses the public IP address assigned to the business owner. Without further identity management in place, it is nearly impossible to identify which user may be the source of malicious traffic, or is using a compromised computer.

Identity Management Methods

A fundamental concept in network operations is AAA (authentication, authorization and accounting). Examples of AAA are the use of a name and password to log in to a computer domain, or to access the Internet through a dial-up connection.

Implementing AAA in public access Internet systems can be done locally in a subscriber gateway, or remotely through a service provider. In a local environment, user names and passwords can be issued to guests by the business owner or staff, using integrated ticket printers and/or manual configuration entries.

Local administration requires staff training, and human resources that could be used more effectively elsewhere. The process can be integrated with property management systems for lodging properties or campgrounds, but other venues have limited means to positively identify each user.

Some vendors configure gateways to collect email addresses, hardware addresses or both from network users. In practice this is useless—either can be spoofed, and neither provides positive identification.

Service Provider AAA

Outsourcing AAA functions to a service provider eliminates the need for staff training and local administration, and adds value to your Internet service. Visitors create their own login credentials through their web browser, and can use the same name and password at multiple locations.

Positive identification is achieved by authenticating end user credit card information through a secure, encrypted browser connection. The end user private IP and hardware addresses are automatically associated with session start and stop times, for both trouble resolution and accounting.

As a common best practice, implementing AAA can also mitigate claims of negligence or liability against the business owner. When unlawful activity originates from your network and Internet connection, its source can be accurately identified.

[ top ]