CryptoCard Corp.s Crypto-Server 6.1 significantly eases two-factor authentication for Windows networks compared with earlier versions of the product. In eWEEK Labs tests, we used a wide variety of hardware tokens supported by Crypto-Server 6.1 to lock down access to our Windows environment.
IT administrators who are considering strong authentication systems should add Crypto-Server 6.1 to their lists, along with competitors such as RSA Security Inc.s SecureID. In tests, we could completely secure access to our Windows network using USB (Universal Serial Bus) tokens, smart cards, keychain tokens, software tokens and preprogrammed PIN pad cards to generate one-time passwords.
Crypto-Server 6.1 software, and accompanying hardware tokens, became available last month. Crypto-Server 6.1 costs $15,000 for one server; hardware tokens range in price depending on the form factor and number purchased.
Because of the relatively high cost per seat of all hardware-based authentication systems, CryptoCards offering is best for organizations required by government regulation or the high value of company data to get two-factor authentication protection.
Crypto-Server 6.1 hardware tokens are priced at $59 each (when 1,000 devices are purchased), making the hardware a significant price hurdle. And distribution and activation of the hardware tokens add even more to the entire replacement cost.
Crypto-Server 6.1 supports every common token form factor. We used ATM (asynchronous transfer mode)-style smart cards, USB dongles, nifty PIN pads the size of credit cards, and keychain-style fobs.
Crypto-Server 6.1s token battery compartment is user-accessible, and we easily replaced the batteries in our tokens. This seemed like a big advantage over other systems, which seal the battery inside the device to deter tampering.
At least it seemed like a good idea until we pulled out both batteries and only then read the warning on the battery lid that instructed us to change batteries one at a time to avoid locking the unit. Fortunately, we had two PIN pads, so we could continue our tests even though one user account was frozen because wed fried the token.
The Crypto-Console, included with the software-only Crypto-Server 6.1, provides a convenient interface to assign users to tokens. The help system is lacking, however. When we used the Crypto-Console to test one of our keychain fobs, the Crypto-Console indicated (correctly) that we entered the incorrect password from the dongle. When we sought to rectify this situation, we received only a cheery note about what to do when the codes matched.
Crypto-Server integrates with Apple servers and can work with a variety of platforms, including Citrix Systems Inc.s MetaFrame and Microsoft Corp.s Terminal Services.
Senior Analyst Cameron Sturdevant can be reached at email@example.com.