CryptCard: Tight security for the mobile work force
Specifically designed for government agencies intent on combating unauthorized access to sensitive and confidential data for its mobile users, Global Technologies Group Inc.'s CryptCard is a standard PC Card that slides into any PCMCIA slot on a notebook computer. Unlike some smart card security solutions, however, CryptCard specifically is designed for enterprise-level use, with tight controls over user permissions and extensive logging capabilities.
Unlike IBM Corp.'s Smart Card Security Kit [FCW, July 19], CryptCard contains a dedicated microprocessor and a special SuperCrypt chip that provide hard disk encryption and password authentication for users. This dedicated processor handles security issues only (user access and event logging, for example), leaving the PC free to handle normal application processing.
There are similarities to IBM's security kit. With both products, your laptop will not even boot without the card installed, making it impossible for anyone to get any information off the hard drive and virtually rendering the notebook useless if it is stolen without the card inside. In addition, users always need to provide the correct password to use the notebook with the card installed.
Also similar to the IBM security kit, CryptCard provides varying degrees of file encryption. There are two basic flavors of encryption with CryptCard: partial and full. Full encryption is the most effective and secure of the two. For our testing, we ran full encryption on the entire hard drive. CryptCard has a number of encryption algorithms at its disposal, including the internationally accepted Data Encryption Standard.
According to Global Technologies, it is possible that full encryption will slow system performance a bit because all data is encrypted when written to the hard disk. Partial encryption is available for users who don't want to risk a slower system, but it is not as secure.
We noticed no slowdown in our system even with full encryption enabled. This relative transparency to the end user is one of CryptCard's best features. Aside from the log-on screen that appears at boot up, causing the loading of the operating system to take just a bit longer, users likely will barely notice CryptCard's presence. It allows operating system features and applications to run normally.
CryptCard goes well beyond the capabilities of the IBM security kit in the restrictions it allows the administrator to impose on users. An administrator can, for example, choose to program a CryptCard to limit a user's access to floppy drives or serial ports in addition to other system functions, decreasing a PC's vulnerability to unauthorized assault.
Another benefit of CryptCard's internal hardware is the storage capability it has for event recording. The recorded events are time stamped and stored, and can be accessed only by an authorized user from a special utility.
Global Technologies provides an optional database management program called CCAdmin (available at extra cost) that can be used for larger deployments of CryptCards. Within the friendly environment of this application, users can assign CryptCards to users, configure CryptCards, maintain an inventory of deployed CryptCards and run reports based on CryptCard information. Again, CCAdmin is completely optional; deployments easily can be handled by using the floppy disks provided with the CryptCards.
If CryptCard is largely invisible to end users, it is, alas, not so unimposing on administrators tasked with installing the device. In fact, installation of the CryptCard is involved, time-consuming and, at times, confusing.
Thorough 112-bit extended keylength encryption (the highest level of encryption CryptCard provides) of our entire hard drive took about an hour to complete. Ultimately, we decided that the end result - a very secure laptop environment - was worth the long wait. We rebooted after the installation and were prompted for the default password, then asked to change it to another of our choice. When we attempted booting without the CryptCard, the system locked.
Uninstallation of CryptCard proved to be much less time consuming and painful, but even this multiple-step process could use some streamlining. For example, we had to edit specific files to remove references to the CryptCard, something a better uninstall program would take care of. But these uninstallation steps were thoroughly documented as well, and our PC environment returned to normal after the uninstallation of CryptCard.
All things considered, CryptCard compares admirably to IBM's security kit, and it is a worthy ally in the growing ranks of smart card-based notebook security solutions.
-- Gray is a free-lance writer based in Washington, D.C. He can be reached at firstname.lastname@example.org.***CryptCard
Global Technologies Group Inc.(703) 528-0500www.gtgi.com
Price and AvailabilityAvailable on the General Services Administration schedule through Harramoor Enterprises Ltd. for $470. Also, CCAdmin, the optional CryptCard database utility, sells for $1,995 for up to a 50-user license. For more information, contact www.harramor.com.
RemarksCryptCard is a security system that protects information on notebook PCs with a PCMCIA slot using high-speed encryption and password access control. CryptCard is compatible with most notebook PCs on the market today, supporting DOS 5.x and Microsoft Corp.'s Windows 3.1, Windows 95, and Windows NT. CryptCard provides incredibly tight security while being virtually invisible to the end user. Installation is lengthy, but documentation on the product is ample, making up for any pains encountered during the install process. Overall, CryptCard is a solid smart card-based security solution for a mobile work force carrying sensitive or classified data on notebook PCs.CCAdmin, the optional CryptCard administration utility, is a convenient way to track and program CryptCards for larger deployments, but it is not required to have the software to administer CryptCards.