Cheap Easy Smartcard Solution for DC Logins?

Cheap Easy Smartcard Solution for DC Logins?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Cheap Easy Smartcard Solution for DC Logins? Will 01-28-2007
Posted by Will on January 28, 2007, 8:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I'm looking for a quick, cheap, easy smartcard implementation to secure
Domain Administrator logins to a Domain Controller. Do I have any options?

We will eventually implement a two factor authentication system probably
based on Cryptocard. Does this completely do away with any need for the
smartcards, or does that have added advantages for Domain Controller
protection given how Microsoft has integrated it into Active Directory and
you can require certain accounts to use them?

--
Will



Posted by Mr Putz on January 30, 2007, 10:51 am
If you were  Registered and logged in, you could reply and use other advanced thread options

About a year ago, I was also in the same boat as you looking for a cheap
solution to protect my Domain Administrators. I eventually went with
CRYPTOCard.

For starters I found a local supplier that provided me with a Keyboard
with a built in smartcard reader. The Reader is right above the “F5”
key and stick upwards like a soar thumb. I also found that external
smartcard readers (not attached to the keyboard) were disappearing due
to all of the piracy of satellite hacking that is taking place.

There are two main advantages that I found with Cryptocard. When an
administrator leaves the PC and removes their smartcard (again it’s
sticking up like a soar thumb), the PC automatically logs them off.
The second was that our local administrator has their own account as
well as domain administrator account (two users). CRYPTOCard allowed
me to put two tokens on the same smartcard.

Now with that being said, I did try and use the new Microsoft method of
using certificates however I found it very hard to integrating them onto
a 3rd party smartcard.

Mr. Putz


--
Mr Putz
------------------------------------------------------------------------
Mr Putz's Profile: http://forums.techarena.in/member.php?userid=21440
View this thread: http://forums.techarena.in/showthread.php?t=668725

http://forums.techarena.in


Posted by Will on January 30, 2007, 2:32 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
>
> About a year ago, I was also in the same boat as you looking for a cheap
> solution to protect my Domain Administrators. I eventually went with
> CRYPTOCard.
>
> For starters I found a local supplier that provided me with a Keyboard
> with a built in smartcard reader. The Reader is right above the "F5"
> key and stick upwards like a soar thumb. I also found that external
> smartcard readers (not attached to the keyboard) were disappearing due
> to all of the piracy of satellite hacking that is taking place.

What is the interface between the smartcard reader on the keyboard and the
host? Does the signal go back by USB, or is it all integrated into a PS2
connector? I need to share the keyboard between PCs in a server room on a
KVM switch.

--
Will



Posted by Mr Putz on January 30, 2007, 4:35 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

Hi Will,

I have a USB keyboard with an intergrated SmartCard Reader and my KVM
switch supports USB Keyboard/Mouse interface...

Mr. Putz


--
Mr Putz
------------------------------------------------------------------------
Mr Putz's Profile: http://forums.techarena.in/member.php?userid=21440
View this thread: http://forums.techarena.in/showthread.php?t=668725

http://forums.techarena.in


Posted by Will on January 31, 2007, 1:02 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> I have a USB keyboard with an intergrated SmartCard Reader and my KVM
> switch supports USB Keyboard/Mouse interface...

Which model keyboard did you get with the smartcard reader?

Whose smartcards are you using with Cryptocard?

We are thinking of going with the Cryptocard two-factor tokens for normal
workstation login and remote access, and possibly requiring the smartcard
just for ultra sensitive machine logins, such as the domain controller and
Cryptocard consoles. You are right it would be very attractive to have
multiple user's certificates on a single smartcard and some way to choose
between them during login prompt.

--
Will



Similar ThreadsPosted
tracing remote logins November 10, 2005, 11:40 am
Easy Start Button August 23, 2006, 4:26 am
Easy question on PKI, 2 level hierarchy design December 4, 2006, 12:13 pm
Offline Root CA: Easy question on step 'Specify CRL distribution points' (newbie, please help) January 23, 2007, 5:51 pm
Spyware solution July 21, 2006, 6:48 am
permanent solution to viruses July 10, 2006, 6:26 am
Looking for Single Sign on (SSO) solution April 9, 2008, 3:06 am
smartcard , IE August 28, 2006, 9:52 am
Re: Advice - solution for a company server September 26, 2005, 10:45 am
Advice - solution for a company server September 26, 2005, 9:50 am

The site map in XML format XML site map

Contact Us | Privacy Policy