|
Posted by Jesper [MSFT] on January 12, 2006, 12:27 pm
If you were Registered and logged in, you could reply and use other advanced thread options
There are some third-party units that provide network logon, like Digital
Persona's devices. You can get requirements on the devices directly from
Digital Persona (http://www.digitalpersona.com). As for remote login and use
by multiple users it is something you should investigate with them.
Generally, we do not consider that fingerprint readers do not provide
sufficient security at this time to be used in enterprises. There are
various issues with fingerprints, but the overriding one has been all the
ways they have been foiled in the past, such as gummi bears, removable
fingerprints, freon, etc. Further, a fingerprint is an identifier, not an
authentication token. There is a subtle difference, and in some cases it is
not that relevant, but what it means is that should the system somehow get
compromised what you need to revoke is an identity, not an authentication
token. Understandably, revoking fingerprints poses certain OSHA challenges.
If you want a multi-factor authentication solution a better one is usually
smart cards. The infrastructure for smart cards is built into the operating
system already. All you need are some cards and readers and if you go with a
solution like the Safenet IKey (http://www.safenet-inc.com/) you do not need
the readers either.
A third option is a one-time password approach like those from Verisign
(http://www.verisign.com/products-services/security-services/unified-authentication/index.html)
or RSA (http://www.rsasecurity.com). Those require no additional hardware,
but do require software updates to all systems involved, which smart cards
may not need.
Hopefully this helps.
Jesper
--
Please do not send e-mail directly to this e-mail address. This address is
for newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
> Hi there,
>
> We have a Windows 2003 standard server acting as Domain and file server.
> We
> also provide a hotdesking facility in which hotdesk users do not need to
> logon to network. All they need an IP address to use Internet and their
> own
> email client.
>
> I have a couple of questions with regards to Fingerprint readers and they
> are as follows;
>
> Does the Fingerprint readers supports network login? If yes then what are
> the requirements?
>
> Can you assign/reassign Fingerprint reader to multiple users?
> How do you accommodate remote login to network/PC?
>
> Any other issue you are aware of?
>
> Your help and input on this matter would be greatly appreciated.
>
> Many Thanks
| 
XML site map