Security

Tech Tip: Learn the benefits of smart card technology

Here are some of the benefits of smart card technology.

By Mike Mullins

Whether you're trying to control physical or network access to a system or facility, you have three basic options for access control:


  • Something you know—a username and password or PIN
  • Something you have—a secure access card
  • Something you are—the field of biometrics, such as fingerprint scans, retina scans, voiceprint analysis, etc.

If you only depend on the first basic method to defend your network, you're leaving it wide open to any password hack. It could be as simple as sniffing your wire to capture a username and password transmitted via clear text, or it could be as difficult as stealing the Security Accounts Manager (SAM) file from your domain controller—or even stealing passwords through social engineering.

One of the latest standards in secure access is secure ID cards, also known as smart cards. Given enough time and computing power, hackers can and will obtain your passwords. That's why you should consider implementing smart cards, which boost access security.

Secure access

By incorporating smart card logon access control to your network, you eliminate a username/password compromise as a potential point of entry. In addition, deploying smart card logon to your network offers the following benefits:

  • Positive identification: You verify users by photo identification when issuing their account.
  • Strong authentication: Most smart cards use a nonreversible encryption algorithm to transmit user token requests and deliver the user access token through similar security.
  • Nonrepudiation: Because of the physical and logical requirements, a person can't deny participation in a network transaction.
  • Secure certificate mobility: By placing user certificates on the card, they remain on the card after user logoff.

ActivCard tops a very short list of vendors that support several operating systems, including Red Hat Linux, Mac OS X, Solaris, Windows 98, Me, NT, 2000, and XP. This includes authentication for the applications that run on these platforms and Web-enabled applications.

Secure identity

Smart cards are an enhancement to Public Key Infrastructure (PKI) certificates. From your certificate server, you can generate user certificates to verify a client's identity. However, the private key for these certificates ends up on the hard drive of the system the client uses to access the secure content.

By transferring that private key to a physically mobile device, such as a smart card, you have a secure, mobile identity certificate that clients can safely use for network access and document or e-mail signing, regardless of where the access point originates.

In addition, the current generation of smart cards allows you to easily create and manage access policies through roles for different users and groups.

Limitations

If you want to deploy 100-percent mobile security throughout your enterprise, be prepared for the up-front costs in labor and hardware. You need to install smart card readers on all of your mobile platforms, such as laptops and PDAs.

Don't forget that you must develop a strategy for installation on your users' home PCs. If your network configuration doesn't support a total conversion to the change in secure access, you must still maintain the existing username/password structure.

Furthermore, remember that most public systems at hotels, airports, and internet kiosks won't have a smart card reader attached to the terminal.

Final thoughts

Smart card technology is becoming the authentication standard for enterprise networks. Your organization can gain significant cost savings if you remove its dependency on antiquated username/password logins.

We all know that users write down or forget complex passwords. Stop relying on users to defend your organization's network. Let technology do the job for you.

Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.

Editor's Picks

Free Newsletters, In your Inbox