By Cameron Sturdevant  |  Posted 2004-07-12 Print this article Print

CryptoCard Corp.s Crypto-Server 6.1 significantly eases two-factor authentication for Windows networks compared with earlier versions of the product. In eWEEK Labs tests, we used a wide variety of hardware tokens supported by Crypto-Server 6.1 to lock down access to our Windows environment.

IT administrators who are considering strong authentication systems should add Crypto-Server 6.1 to their lists, along with competitors such as RSA Security Inc.s SecureID. In tests, we could completely secure access to our Windows network using USB (Universal Serial Bus) tokens, smart cards, keychain tokens, software tokens and preprogrammed PIN pad cards to generate one-time passwords.

Crypto-Server 6.1 software, and accompanying hardware tokens, became available last month. Crypto-Server 6.1 costs $15,000 for one server; hardware tokens range in price depending on the form factor and number purchased.

Because of the relatively high cost per seat of all hardware-based authentication systems, CryptoCards offering is best for organizations required by government regulation or the high value of company data to get two-factor authentication protection.

Crypto-Server 6.1 hardware tokens are priced at $59 each (when 1,000 devices are purchased), making the hardware a significant price hurdle. And distribution and activation of the hardware tokens add even more to the entire replacement cost.

Crypto-Server 6.1 supports every common token form factor. We used ATM (asynchronous transfer mode)-style smart cards, USB dongles, nifty PIN pads the size of credit cards, and keychain-style fobs.

Crypto-Server 6.1s token battery compartment is user-accessible, and we easily replaced the batteries in our tokens. This seemed like a big advantage over other systems, which seal the battery inside the device to deter tampering.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.At least it seemed like a good idea until we pulled out both batteries and only then read the warning on the battery lid that instructed us to change batteries one at a time to avoid locking the unit. Fortunately, we had two PIN pads, so we could continue our tests even though one user account was frozen because wed fried the token.

The Crypto-Console, included with the software-only Crypto-Server 6.1, provides a convenient interface to assign users to tokens. The help system is lacking, however. When we used the Crypto-Console to test one of our keychain fobs, the Crypto-Console indicated (correctly) that we entered the incorrect password from the dongle. When we sought to rectify this situation, we received only a cheery note about what to do when the codes matched.

Crypto-Server integrates with Apple servers and can work with a variety of platforms, including Citrix Systems Inc.s MetaFrame and Microsoft Corp.s Terminal Services.

Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel