CryptoCard Solves the Security vs. Convenience Dilemma


It's a fact: The more secure the network, the more inconvenient the access becomes for end users. Best practices often force administrators to use complex password and security schemes that become more and more cryptic as time passes. While that process may help to ensure security, there certainly are undesirable side effects that, over time, will weaken the system.

For example, advanced security systems often lead to added demand on help desks as users call regarding password issues. The major complaints consist of forgotten or lost passwords or other troubles logging on to a system.

Some users undermine the whole process by writing down passwords and pasting them on their desk or screen, while other users store critical or confidential data to non-secure media. That creates a catch-22 situation, where administrators further tighten security to protect data while end users strive to find ways to make system access easier.


FRANK J. OHLHORST
Technology Editor

The end result is often a decline in overall end-user satisfaction as complaints against restrictive security practices increase.

What's more, most products and services on the market have their shortcomings. For example, biometrics solutions offer easy authentication but often lack mobility because the devices are attached to a specific machine. Keycards, while portable, can be easily lost and require an available card reader.

The answer to the security vs. convenience dilemma comes in the form of smart-card, token-based security. Security vendor CryptoCard aims to leverage smart-card and token-based security concepts to meet the needs of administrators as well as end users by providing a secure, yet easy-to-use method to access sensitive data.

In short, CryptoCard provides a token-based security solution that combines a time-sequenced key with a user ID and PIN. To access a machine or system, users are required to have two elements: something in their possession (a smart card or token) and something they must know (a PIN or password). Authentication requires both of those elements, which guarantees security in all but the most extreme circumstances. CryptoCard calls this methodology Secure Password Technology (SPT). End users' lives are simplified; all they need to know now is a single PIN to completely access all network resources.

CRN Test Center engineers took a close look at the CryptoCard solution, which consists of software and various hardware elements.

On its simplest level, CryptoCard's software allows users to utilize a hardware token with an assigned PIN to gain access to a network or PC. CryptoCard offers several hardware token options, including a smart card that fits into a PC Card-based reader or USB smart-card reader, as well as a calculator-style hardware token and a keychain-style hardware token. CryptoCard's breadth of options should suit most any needs.

The foundation of the product lies within the CryptoAdmin 5.32 software suite, which integrates into a network's existing security layer. The suite is comprised of an authentication server, authentication agents and VPN authentication plug-ins. Test Center engineers found installation and management quite intuitive when used with Microsoft Remote Routing Access Server. A RADIUS server is needed to use the product, which CryptoCard bundles in if one is not already available.


CryptoCard CryptoAdmin 5.32

Once the software is configured, user management becomes a simple process of assigning a particular SPT token to each individual. Again, users can utilize a smart card, which can be the easiest way to log in when a smart- card reader is available, or a hardware token.

CryptoCard sent two different hardware tokens for review,a dongle-style keychain unit and one that resembles a credit card-size calculator. Both provide the same functionality. Each unit creates a temporary token in the form of a seven-digit number; the end user combines the number with assigned login information to access the network.

The calculator-style hardware token offers an additional level of security, as users must enter a PIN before receiving the seven-digit token.

Regardless of which method is chosen for authentication, solution providers will find that there will be a measurable increase in security practices and a significant reduction in help-desk calls for password issues. Most deployed solutions will consist of a combination of elements. Users who only access the network from a specific machine will be better served by a smart card, and the PC Card-based reader can extend that security to notebook computer users.

Users who access network resources remotely and from numerous systems will be better served by a hardware token-based solution, with the calculator-based hardware token slightly more elegant, if less convenient, for most users.

When it comes to balancing security against convenience, CryptoCard provides all of the key elements to successfully meet a variety of security needs without overly complicating the security process for end users and administrators alike.

CHANNEL PROGRAM SNAPSHOTS
> CRYPTOCARD CRYPTOADMIN 5.32
PRICE: Starting at $99.99 per user
WARRANTY: 5 years
DISTRIBUTORS: 4Front, Burwood Group, Charon, Stalwart Systems group, Sword & Shield
TECH RATING:
CHANNEL RATING:

CHANNEL OVERVIEW: While it has worked informally with solution providers in the past, Ontario-based CryptoCard began creating an official channel program in June 2003. Details of the program are still being decided, but it will include marketing funds, rebates, a demo program and online technical training.

Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.