Arcot for VPN Update Avoids Hardware Hassles
Authentication is the weakest link in VPN security, forcing administrators to weigh the importance of cost, ease of deployment and strength of security.Authentication is the weakest link in VPN security, forcing administrators to weigh the importance of cost, ease of deployment and strength of security. Public-key infrastructure provides a robust and scalable authentication option, but the security of the remote users private key becomes paramount. Password protection for private keys, although inexpensive and easy to deploy, is also an easily corrupted security measure. Meanwhile, hardware such as tokens or smart cards are expensive and difficult to deploy. Arcot Systems Inc. lets administrators wave goodbye to these problems with Arcot for VPN 1.2, an update of its authentication software that requires remote users to provide a PIN and a software container called the Arcot ID to authenticate their identity to a virtual private network and Arcots RADIUS (Remote Authentication Dial-In User Service)-based server. With its low cost and minimal deployment overhead, Arcot for VPN is a sound investment for VPN deployments of any scope.
The Arcot ID is protected by a bait-and-switch technology called Cryptographic Camouflagesort of a VPN honey pot, if you will. Cryptographic Camouflage protects the private key within the Arcot ID from offline brute-force or password list attacks by generating numerous false-positive PIN results. Whereas an attack against a password-protected system reveals one plausible result (the correct PIN), an attack on the Arcot container yields thousands of plausible PINs, enticing intruders to interactively log in with incorrect information, thus instigating a user lockout.