Corporations that have strong firewall defenses didn't take long to
figure out that their greatest threat was from employees who log on to
their networks from outside the building.
With laptops, Palms, Pocket PCs, and even cell phones accessing your
enterprise databases from God knows where, you're in for a nasty
surprise one day if you're not using tough authentication measures
before you let those devices communicate. An innocent-looking login
might actually represent a malicious hacker posing as some vice president.
There's a whole new wave of solutions to this problem. Let's first look
at the types of hardware offerings that are currently available:
• Smart cards have been around for years, but are
gaining new life as a way of letting your trusted employees into your
network and keeping hackers out. The devices look and feel like an
ordinary credit card. But they contain sophisticated electronics
that can't be duplicated by script kiddies.
• USB smart tokens are a new way to use smart card
technology. One drawback of smart cards is that most computers and
laptops don't have a slot to insert them. But most computers and laptops,
and even many handhelds, have one or more USB slots. A USB smart token,
about the size and shape of a house key (although thicker), can easily
fit into one of these slots when an employee is out of the office
but needs to log in to your network.
If you want to use USB smart tokens as well as smart cards,
it's possible to combine both worlds. Plugging a small smart-card reader
into a computer's USB port conveniently provides a home for an employee's
smart card.
Authentication on the Fly
All tokens such as these serve at least one primary function. When
someone is trying to log on to your corporate network from a distant
location, what proof do you have that that person is really one of
your authorized users? After all, they might be an intruder who
captured a password over-the-air at a typically nonsecure
wireless cafe.
Tokens handle this problem, not by storing passwords, but with much
more sophisticated security. The process, overly simplified, goes like this:
• Log in. When a user attempts to log in to the enterprise
network from afar, the token — which is plugged into the laptop
or handheld — sends the network a short, encoded string.
• Challenge. The network server, reading the code, sends
back a numeric string that represents a "challenge" that the token
must solve.
• Response. The circuitry within the token is able to
convert the challenge string into a response that only it would be
capable of generating. In combination with other measures, such as
a password known only to the bearer of the token, this authenticates the
person trying to log in, and he or she can then access network resources.
The Latest Tokens from Innovative Players
Numerous parties design and manufacture tokens, but the following
have some of the most interesting new offerings:
• Raak
Technologies (pronounced "rock") specializes in
making it easy for enterprises to obtain 1 to 5,000 smart cards or
USB tokens — pre-customized for each roaming worker —
without requiring your company to program and manufacture its own
secure devices. A name-imprinted T8 USB Token from Raak lists for $64.95
and rapidly declines in price in larger quantities.
• Aladdin
Knowledge Systems offers its USB eToken in two encryption
strengths to suit enterprises with varying needs. The company doesn't publish
a price list, but an Enterprise Starter Kit with 10 eTokens, licenses,
and software for setting up a trial project runs as low as $772, according to
Mike Lang, Aladdin's vice president of channel marketing.
• Athena
Smartcard Solutions recently announced what it calls the
first PC keyboard with an integrated smart-card reader and
Flash upgradability. This will interest those companies that
require the form factor of smart cards — which can hold employee
photos and other ID that a USB token cannot — for their
desk-bound employees who regularly need to prove their identity.
Athena's ASEDrive III KB offers you developmental flexibility without the
need to replace keyboards every time smart-card technology changes.
Conclusion
These are far from the only developments taking place to make remote
computing as secure as in-house computing. The fact that the small SIM
cards found inside all GSM-type cell phones are smart cards has prompted
the formation of the WLAN
Smart Card Consortium. This group — with
heavy-hitting members such as Texas Instruments, Visa, and France's
Alcatel — just last month released version 1.0 of an international
standard to make wireless LANs, such as Internet cafes, secure
for all who choose to use the specification.
When I see the nonexistent security at many wireless access points in hotels,
airports, conference centers, and elsewhere, recommending that you set up
smart tokens to authenticate your traveling workers is a no-brainer.