How To Raise Your Security IQ

As a leader in digital security, Gemalto designs and manufactures personal devices such as smart cards, SIMS, e-passports and tokens. In addition, it has developed numerous software applications, including the Gemalto .Net SDK, which allows solution providers to incorporate these devices for use in typical business functions.

Using smart cards supplied by Gemalto, as well as a variety of card readers, CRN Test Center reviewers were able to experience a few of the ways solution providers and their customers can use these products.

For a test environment, we worked with a Gemalto product specialist to create a network consisting of three virtual machines running on VMware Workstation. One was a Windows Server 2003 VM configured as domain controller, which also ran Gemalto Strong Authentication Server. The second VM was also Windows Server 2003, this one housing a Microsoft Exchange Server. The third VM was configured with Windows XP to function as a client on the network. Two sets of preconfigured smart cards were provided, each loaded with digital certificates to demonstrate the PKI authentication services supported by Windows.

In our test scenario, reviewers had the domain controller and Exchange server up and running. When the XP client was launched, the standard password prompt was appended to allow for login via a smart card. By simply sliding the card in a USBconnected reader, the log-on prompt was replaced by a request for the predetermined PIN which, when entered, allowed Windows to start normally. This provides a much higher level of security than just passwords because the user must have a physical card in order to gain access. Furthermore, the simple possession of the card is not enough without knowledge of the correct PIN.

After logging into Windows, reviewers launched Microsoft Outlook, which was already set up to connect to the Microsoft Exchange VM. Again, simply sliding the smart card into the reader was enough to gain access to the mailbox. We typed and sent a small e-mail requesting a file from a second user in the scenario and then logged off the computer.

Next, we logged onto the client again, this time using the other user's smart card. When accessing Microsoft Outlook, we were able to read the initial e-mail and reply. Our reply consisted of the second part of the scenario—creating a small spreadsheet in Microsoft Excel, encrypting it, and applying a digital signature to the resulting file. We attached this file to the e-mail sent back to the original user.

When logging back onto the client as the first user, this time reviewers chose to forego the smart card and log onto the system using the standard password method. While this allowed us access to the computer, we were not able to read the encrypted e-mail without first authenticating with the smart card.

The next part of our test simulated a familiar situation that involves logging into a server over a VPN connection. Many users will recognize using a key fob that employs an algorithm to display a dynamic passkey or One Time Password (OTP). The user then enters this code to gain access to the relative system.

Our scenario replaced the key fob with a similarly sized portable smart card reader that generates an OTP each time the card is slipped into it. On our VM client, we accessed the Outlook Web Access page of the Exchange server and were prompted for the standard user name and password, as well as the OTP.

Businesses in sensitive markets such as finance and health care will find many possibilities for compliance using solutions based on these products. Furthermore, when used throughout the business, overhead costs can be lowered and productivity can be increased.

COMMUNITY: Connect with the Test Center at community. crn.com.