Implementing Biometric Security
by John Chirillo and Scott Blaul
414 pages, $45
User authentication is the bulwark of your infosecurity implementation, but standard eight-character passwords may not be up to the task of protecting your network from anything but the most casual attackers. There are alternatives to this aging standard, such as biometrics.
Unfortunately, Implementing Biometric Security is a field guide that has gone astray. While John Chirillo and Scott Blaul include everything you need to know about biometric tools, needless pages of source code and product-specific padding poison its focus.
What Implementing Biometric Security does well is provide a good overview of biometric solutions. Most chapters are devoted to specific technologies, such as fingerprint, handprint or iris scanners. The discussions adequately cover the basics of each approach, from outlining the situations for which the tools are suitable to basic theory and accuracy statistics. In fact, one of the most valuable things about this book is that it collects information about each technology's accuracy, reliability and optimal environments into one volume. Disappointingly, the authors avoid direct comparisons between the different technologies.
Chirillo and Blaul discuss how to select the best biometric technology for specific organizational needs. They offer a case study based on a fictional pharmaceutical research firm. Although the scenario shows some of the challenges inherent in even a small biometric rollout, it involves a company of just 25 employees. The example is simply too small an organization to extrapolate to the enterprise level.
Fortunately, Implementing Biometric Security includes a good, basic checklist of the things you'll need to consider when selecting and deploying solutions. As an added value, Chirillo and Blaul demonstrate how to use their evaluation spreadsheet (available on the book's Web site) to analyze different solutions.
Regrettably, the book's most notable feature is its padding. In its 414 pages, nearly half are devoted to installation screen shots or Visual Basic sample code. For some unexplainable reason, the authors also included an entire chapter on steganography, which has nothing to do with biometrics.
A substantial portion of the book involves product-specific installation instructions, most of which should be covered in the product manuals. These sections will quickly age as newer software is released.
Implementing Biometric Security is a useful, albeit flawed book. It covers a wide variety of technologies, detailing their strengths and weaknesses, but it lacks focus: is it a technology overview, a product manual or a programmer's guide? You can't really tell what it's trying to be. As a synopsis, though, Implementing Biometric Security makes the grade, providing a suitable review of available biometric options.