|
No system is complete without powerful management tools.
A RADIUS server can be used to manage
a user list or proxy on to an existing user database. Passwords
are now recognised as being very insecure. However, one time
passwords using hardware or software Tokens
are totally secure and ensure that only authorised users gain
access to your systems. Digital Certificates
go one stage further as not only does the server vet the user
but the user also vets the server for authenticity. What about
protecting the data that leaves the network and is carried
around the world on laptops. KeyDrive
Pro is a laptop hard disk encryptor that uses a USB Key
to release the encrypted data.
Securing Remote Access
The best way to control and manage dial-in, VPN and secured
Web site access is with a RADIUS Server. RADIUS stands for
Remote Access Dial In User Service. It is often referred to
as an AAA server highlighting it's 3 main functions:
- Authentication is the process of vetting the user to permit
or deny access. This may use a simple ID and static password
or one time passwords using tokens. It may use existing
network ID's, a completely separate database or a combination
of both.
- Authorisation determines the rules governing an individual
user or group of users. It determines what servers and services
are visible as well as setting session timeouts, password
change policy etc.
- Accounting provides a detailed record of all activity.
This can be used for traffic analysis or fed into a billing
system.
Funk Steel Belted RADIUS is the
leading commercial RADIUS server which can manage the busiest
network whilst providing the most flexible data organisation
available today.
back to top
Strong Authentication
The need to protect data has been with us from the earliest
days of computing. The simplest security method depended on
a password. Unfortunately, this method is open to abuse. People
have bad memories so how often have we found the post-it note
on the screen advertising the 'secret' password. Hence the
need for strong two-factor Authentication. This is based on
something you know ie a Personal Identification Number (PIN)
and something you have, which could be a physical token or
software installed on the remote PC. The two leading products
are RSA ACE/Server and PassGo
Defender
back to top
X.509 Digital Certificates
We all use Public Certificates every time we go to a shopping
Web site. The Certificate is used to initiate the Secure Sockets
Layer (SSL) HTTPS encryption process that protects our credit
card transactions. A Private Digital Certificate offers a
powerful security mechanism. You run your own Root Certificate
Authority (CA) and issue your own Certificates to your VPN
Gateway and VPN Clients. When the user connects to the VPN
the two certificates are compared and only clients with your
certificate will be granted access.
Although a Root Certificate Authority is one of the main
building blocks of a sophisticated Public Key Infrastructure
(PKI) system it can simply be installed as a point solution
for VPN. Microsoft Windows
2000 Server contains a high specification CA within the
operating system. The accompanying Option Pack adds further
functionality.
back to top
Securing Notebook Data
Your mobile workers are frequently on the move. A laptop
can be left unattended inadvertently or even stolen. You have
visitors to your office you cannot be with them all the time
they are on the premises. Opportunities for sensitive data
to be 'stolen' abound. How different it would be if you could
lock that data away in such a fashion that only the key-holder
could unlock it. With Key
Drive Pro from Secure
Technology you can achieve this degree of security
back to top
|
