CryptoCard takes the pain out of passwords
System eases administration tasks and supports portable devices
- By Patrick Marshall
- Oct 04, 2006
Seat belts won't save lives if you don't use them. Likewise, network security systems won't be secure if employees tape their passwords to keyboards.
Flexibility and convenience are essential for an effective security system. Those qualities are the biggest selling points of CryptoCard's authentication system.
We last looked at the CryptoCard system a couple of years ago. At that time, we found it to be an inexpensive and easy-to-implement authentication system that offers an unusual degree of platform flexibility. Those judgments stand.
Crypto-Server 6.4 relies on two authentication factors: tokens and personal identification numbers. One major advantage of Crypto-Server is that it supports many different tokens. Administrators can assign users smart cards, a credit card-sized keypad, a keychain token or a USB dongle. In addition, you can assign a software token, which is especially useful for connecting personal digital assistants. Be aware that employees can only use software tokens to access the network through specified desktop clients.
Because the system controls network access via a token that generates a random password everytime a user logs on, users aren't under pressure to change passwords. And administrators can rest assured that no one can intercept passwords during transmission over the network. Instead, users confirm the PIN on a specific device without transmitting it to the CryptoCard server.
Crypto-Server can integrate with other resources. Available software lets administrators extend Crypto-Server's use to controlling access to local-area networks, virtual private networks, Web servers and other security systems.
We were especially impressed by Crypto-Server's support for several operating systems. It supports Microsoft's Windows 2000 Service Pack 4 and 2003 Service Pack 1 servers, in addition to Red Hat's Enterprise Linux, Novell's Suse Linux Enterprise and Apple Computer's Macintosh OS X Tiger servers. Crypto-Server integrates with Microsoft Active Directory, Lightweight Directory Access Protocol and Open Directory for user data storage and works with all the major remote access servers.
In the past two years, developers have significantly enhanced Crypto-Server in several areas, especially ease of administration and support for portable devices.
We found the system much easier to set up on the client and the server, and the new CryptoCard Console, the system's administrative module, is an easy-to-use utility for managing tokens.
We also like Crypto-Server's new support for disconnected laptop computers. When your laptop is off-line, it is still protected by Crypto-Server authentication. Someone can perform as many as 100 log-ons before needing to reconnect to the CryptoCard server.
CryptoCard has also made it easier for those who need to provide static passwords to access the network. Administrators can configure the Crypto-Server log-on procedure to automatically perform static operating system log-ons after authentication by the CryptoCard server.
Finally, Crypto-Server has added support for software tokens for Research in Motion BlackBerry mobile devices, which means BlackBerry users can access the network without the need of a separate token.
Our only major gripe is that there is a need for products such as Crypto-Server. In a perfect world, we wouldn't need to spend time and money securing our networks. In the meantime, Crypto-Server offers a surprisingly simple and convenient solution for end users.
Patrick Marshall is a freelance technology writer for GCN.