CryptoCard lightens security burden

The weakest link in any security system is generally the people. Employees may tape passwords to monitors or leave their laptops behind on an airplane, and administrators may neglect to update passwords or disable network access for stolen devices.

As long as people are involved, there is no foolproof security system. But CryptoCard Corp.'s Secure Password Technology offers a low-cost and relatively easy way to lighten the security burden on both administrators and end users.

CryptoCard's token-based security system is as easy for end users to employ as an automated teller machine card. And in fact one of its options is to use ATM-like smart cards as the CryptoCard token. Insert the smart card into the smart card reader, enter your personal identification number when prompted and you're in. CryptoCard's PC Card works in a similar way.

But CryptoCard offers other options for accessing the system. Assuming the client software has been installed on a computer, you can employ a hardware authentication token using a keypad for entering PIN information. Alternatively, a key chain device can be used to generate a one-time password for accessing the system. To get one, simply press the button on the token and then enter your PIN for authentication by the CryptoCard server.

These hardware tokens and the smart cards all allow users to access the network from any computer. Of course, if you were using a smart card or a PC Card, the appropriate readers would have to be attached to the computer.

A final option is the software token. Especially useful for personal digital assistants, software tokens can also be used on desktop computers. The one major limitation is that users can access the system only from specific computers they are authorized to use.

The biggest advantage of the CryptoCard system over other token-based systems is that no user passwords are actually transmitted over the network. Instead, the user's PIN activates communication between the local client and the authentication server without passwords ever being transmitted — and potentially stolen during transit — to the server.

That also means end users aren't burdened with the need to frequently change passwords. By default, three failed attempts to enter the correct PIN will result in the token being deactivated and made unusable, but this number can be changed by the administrator.

We also liked that the CryptoCard system can be integrated with other resources. Available software allows CryptoCard to be used for controlling access not only to local-area networks, but also to virtual private networks (Cisco Systems Inc., CheckPoint Software Technologies Ltd., Nortel Networks Ltd. and NetScreen Technologies Inc. VPNs) and Web servers (Microsoft Corp.'s Internet Information Server, Apache Software Foundation's Apache Server, Sun Microsystems Inc.'s Open Network Environment, Citrix Systems Inc.'s NFuse and Active Server Pages/Java Server Pages-based servers). You can even use smart card tokens with other security systems to control access to door locks and other security devices.

We found CryptoCard's administrative module a bit tricky to set up, mostly due to sketchy documentation. But once installed, the module was easy to use. Administrators will find a simple, drag-and-drop interface for managing and tracking token distribution, and the module also allows you to group users, thus making it easier to implement access-based security policies.

If you don't have a Remote Authentication Dial-In User Service server installed, you can use the bundled easyRADIUS Server Module. If you're already using Cisco's Secure Access Control Server, Funk Software Inc.'s Steel Belted RADIUS or Microsoft's Internet Authentication Service, CryptoCard will simply integrate with your existing RADIUS server.


CryptoCard Secure Password Technology

Grade: A-

CryptoCard Corp.

(800) 307-7042

CryptoCard's back-end server, CryptoAdmin, starts at $2,500 for 100 users, and clients (software, key chain token, or smart card and reader) run from $35 to $90.

CryptoCard offers a welcome and easy-to-implement additional level of security for protecting equipment and data.

We installed CryptoCard's administrative module on a Hewlett-Packard Co. Compaq ProLiant ML350 with dual Intel Corp. Xeon 2.2 GHz processors and 256M of system memory running Microsoft Corp. Windows 2000 Server. We tested client software and tokens with an HP Workstation xw5000, a Compaq Evo desktop and a Toshiba America Information Systems Inc. Portege 2010 notebook.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.