Re: Securing VPN connections with token's

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Dave,

Thanks for your detailed info. I have contacted cryptocard and asked some
questions with regards to our setup of providing support to our customers.
One of there engineers has replied to that question but said that the server
software should not be installed on a domain controller. Are you running it
on a member server or the sbs server?

Thanks
Dave

"Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uvcIbTpIGHA.984@xxxxxxxxxxxxxxxxxxxxxxx
> I'll try to answer some of this for you.
>
> We use the USB tokens. I also have a keychain token for myself. Both
> work great. We want to limit the computers people log in from. The USB
> tokens require a little client-side app to do the authentication, which
> prevents users from logging in from airport kiosks or libraries. I use
> the keychain token when traveling, so that if I have to log in from a
> computer without the client software for troubleshooting purposes, I'm not
> prevented from doing so. With that token, all I need is access to be able
> to create a VPN connection from XP. (There would be nothing to prevent a
> user from installing the auth software him/herself, but we trust them not
> to do that).
>
> I have not yet set Cryptocard up for OWA or RWW. I'm preparing for a
> swing migration to new hardware. The old box is running ISA 2000, which
> will definitely not work this way. I'm thinking that once I get to ISA
> 2004, I'll be able to use Cryptocard to authenticate OWA and RWW as well
> as VPN. I'm not 100% sure of that, but I'm pretty confident that
> Cryptocard support will work with me to figure it out. If we can get this
> working, it'll be the first 2-factor auth solution for RWW, which I would
> think would be a good selling feature for them.
>
> I looked at other companies. RSA is very small-business unfriendly - too
> costly, has a 25-license minimum, the tokens expire and need to be
> replaced, and it requires dedicated server hardware to run on. The cost
> of the server and OS alone would easily exceed what I paid for 15
> Cryptocard licenses, without even starting to pay for RSA. Not to quote
> anyone's prices, but last I knew the RSA appliance that's offered as an
> alternative to a standalone server was $4500. Cryptocard's web site
> charges $500 for 5 users, and your reseller may even discount from that.
>
> I looked at Aladdin smartcard tokens using Certificate Services and IAS.
> This has the advantage of being all Windows, configured the way you want
> it. Aladdin makes generic smartcard tokens, so there would be no 3rd party
> proprietary software or hardware involved in this solution. I wanted to
> do this for that reason, but time pressures intervened - there's a
> learning curve for setup, and I already had a trial of Cryptocard
> installed and working. FWIW, the smartcard tokens alone are not much less
> expensive than the Cryptocard tokens, software, and licenses.
>
> Another one I would have looked at is Safeword, made by Secure Computing.
> I would have given this a better look if it had come to my attention
> sooner, but by the time it came up I was 99% of the way there with
> Cryptocard.
>
> I used Authenex for a couple of years. They're great people but I had
> some reliability issues with them. E-mail me directly if you're
> considering Authenex and I'll give you the details.
>
> What made me choose Cryptocard? SBS MVP Susan Bradley referred me to Dana
> Epp's blog. Although I've never met Dana, he has great credibility with
> me because of Susan, so his recommendation in the blog carried a lot of
> weight. His situation is very similar to mine, and he was using Cryptocard
> successfully in his production environment. When I started investigating
> Cryptocard, I found them to be very responsive to my inquiries. When I
> got serious about it, they put me in touch with a support engineer who
> spent a significant amount of time getting me up to speed. They did all
> of this knowing that I could easily have chosen a different solution, but
> by the time I was ready to make a decision, there were just no negatives
> to be found.
>
> Cryptocard will give you a full trial version that you can install to try
> it for yourself. You'll get a software token (maybe more than one) that
> you can use to log in remotely just as you would in production - it just
> installs on the actual client PC rather than on the USB token or whatever.
> If you decide to buy it, you just go through a little procedure to convert
> the trial license to full, and you're in business. Especially if OWA and
> RWW integration is important to you, that would be worth doing to see how
> easy or hard that all is to configure. And when you find out, let me
> know.
>
>
>
>
> "Dave Taylor" <noemail@xxxxxxxxx> wrote in message
> news:uBS8vomIGHA.1876@xxxxxxxxxxxxxxxxxxxxxxx
>> Dave,
>>
>> Thanks for the post this looks very interesting. I've just a few
>> questions that I hope you don't mine answering for me:-
>>
>> What devices are you using?
>> Have you been able to use the pin request on the Remote Web Workspace as
>> well as the OWA page?
>> Did you look at other companies (ie RSA Security devices)?
>> What made you decide to use the cyptocard?
>>
>> Thanks
>> Dave
>>
>> "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> wrote in
>> message news:%23lvTcldIGHA.1132@xxxxxxxxxxxxxxxxxxxxxxx
>>>I use Cryptocard for this. They offer different types of tokens
>>>depending on what you're looking for. I've only been running it for a
>>>few weeks, but so far I've found it very reliable, simple, and
>>>trouble-free. I had a great experience with their support department in
>>>assisting with the initial installation and configuration questions,
>>>which leads me to suspect that if I ever have a problem, I'll be very
>>>satisfied. You can get any quantity of tokens/licenses in groups of 5,
>>>which IMO makes the pricing small business friendly.
>>>
>>> Cryptocard: http://www.cryptocard.com/
>>>
>>> How I found it: http://silverstr.ufies.org/blog/archives/000833.html
>>>
>>>
>>>
>>>
>>> "Dave Taylor" <noemail@xxxxxxxxx> wrote in message
>>> news:us8fGYZIGHA.964@xxxxxxxxxxxxxxxxxxxxxxx
>>>> All,
>>>>
>>>> Does anyone use a 3rd party token to help secure vpn connections into
>>>> SBS Prem with ISA? We are looking at securing a network with this type
>>>> of device and just wondered if anyone has done this with SBS and got
>>>> any pointers.
>>>>
>>>> Thanks
>>>> Dave
>>>>
>>>
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: Securing VPN connections with tokens
    ... I'm running it on a member server. ... > questions with regards to our setup of providing support to our customers. ... >> We use the USB tokens. ... >> I have not yet set Cryptocard up for OWA or RWW. ...
    (microsoft.public.windows.server.sbs)
  • Re: Securing VPN connections with tokens
    ... We use the USB tokens. ... installing the auth software him/herself, but we trust them not to do that). ... I'll be able to use Cryptocard to authenticate OWA and RWW as well as VPN. ...
    (microsoft.public.windows.server.sbs)
  • Re: Maximum Online Transaction Amount....
    ... password systems like cryptocard. ... individual transactions (unless they do a lot of small transactions. ... or so per user and year to get the tokens. ... hopefully verifies your server certificate. ...
    (Security-Basics)