Software Enables Two-Factor Authentication for Apache

A Canadian cryptographic software vendor on Monday announced a new two-factor authentication solution designed specifically for the popular Apache Web server.

CryptoCard Corp.s Crypto-Server 6.2 enables administrators to use virtually any form of two-factor authentication to log into their Apache servers through a browser interface. Software tokens, hardware tokens and smart cards all are supported by the new release.

With enterprises moving more and more of their applications to the Web, Web server administrators now have an unprecedented level of control over the health of corporate networks. Using two-factor authentication to positively identify administrators on log-in and enforce policies regarding who can manage which applications can be key to the security of those applications.

Apache is an open-source Web server and is by far the most popular one on the Internet, with nearly 70 percent of the Web server market, according to numbers compiled by Netcraft Ltd., an Internet services company in Bath, England. By comparison, Microsoft Corp.s IIS Web server owns about 21 percent of the market.

Administrators can manage any number of Apache servers from Crypto-Servers Web interface and can import their companies user lists from any LDAP directory. In order to log in to protected servers, an administrator activates his token, enters his PIN and then uses the one-time password that the software generates to access the servers.

/zimages/6/28571.gifClick here to read eWEEK Labs review of Crypto-Server.

“Our goal is the regulation of log-in through the network, the VPN or whatever way you come in,” said Malcolm MacTaggart, president and CEO of CryptoCard, based in Ottawa. “There are more and more applications on the Web these days and they need to be protected.”

Crypto-Server 6.2 also includes Crypto-Web, a component that enables administrators to set strict access-control policies for sites hosted on Apache and IIS servers, controlling who can access what content down to the page level. Crypto-Server 6.2 is available now and pricing starts at $499 for a bundle that includes the server, tokens and a license for five users.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.