Re: Keeping logins secure, Smart Cards?
From: Jeff Gailleur (google_at_ouala.com)
Date: 05/26/04
- Next message: Tiggerbounce13: "Configure Logon Password..."
- Previous message: root: "Re: Exchange Intelligent Message Filter??"
- In reply to: Gary V.: "Keeping logins secure, Smart Cards?"
- Messages sorted by: [ date ] [ thread ]
Date: 26 May 2004 12:41:35 -0700
Hi Gary,
1) autologin vs smartcard.
autologin means that the Windows computer logs automatically when
starting with a predefined username, domain and password. Then the
computer is wide open for everyone. In addition if you force screen
saver use, the user will have to know the password... so you'll end
with a generic password for all the terminals.
With smart card, users have one PIN (personnal identification number)
associated with the card like a debit bank card. It's really secure as
you can eitheir place the windows credential information into it or
even digital certificates for more security.
Conclusion smart is more secure without any doubt. Ask the DoD.
2) depend on the policy of your domain. You can limit 2 login per user
or you can have an unlimited number of simultaneous sessions for the
same user.
3) password login = something you know (the user id and the password)
smart card login = something you know (the PIN of the car) and
something you have (the card) - so it's more secure. No card, no
login. You find a card, but don't know the PIN, no login. This is what
we call a strong authentication.
4) big players: www.axalto.com, www.gemplus.com
small players/integrator: www.activcard.com, www.labcal.com
If you want to avoid smart card readers, you can also use USB token
like www.rainbow.com and others but you cannot put picture on it like
you can put on smart cards !
Be aware that you have to train your support people and put in place
some procedure for lost or stolen smart cards.
Jeff - http://ouala.com
"Gary V." <anonymous@discussions.microsoft.com> wrote in message news:<d09201c43966$d1f1aae0$a301280a@phx.gbl>...
> Some background info, we have a pricing system that sits
> in a warehouse full of "court appointed worker" and they
> touch a picture of the item and out pops a price tag.
> They are not employees but we do have supervisors how are
> in all departments.
>
> Anyways those terminals well be locked down but what
> about login? The user name would be the department but I
> don't want the supervisors to have to remember the long
> passwords and for added security there are no keyboards
> or mice just touch panel monitors. So login is even
> harder. So I was thinking auto login via Tweak XP or
> smart cards that the supervisors would have around there
> neck.
>
> 1st what do you guys think would be the most secure auto
> login or smart cards?
> 2nd say a sup logs one terminal in and then another with
> the same card, can you login same user at the same time?
> If not would I have to go to a department smart card you
> think?
> 3rd never used smart cards and I assume sbs 2003 can use
> them but security wise are they better (more secure) then
> manual login?
> 4th how are your favorite venders for smart cards?
>
> Thanks for your help, suggestions, or your scenarios.
- Next message: Tiggerbounce13: "Configure Logon Password..."
- Previous message: root: "Re: Exchange Intelligent Message Filter??"
- In reply to: Gary V.: "Keeping logins secure, Smart Cards?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
