The use of tokens and token-authentication systems is emerging as an efficient and cost-effective means to maintain security--particularly where remote access is involved. New applications for tokens also are coming into view because they strengthen customer security and allow defined administration boundaries for operators across an organization's network. The interoperability problems of the past are vanishing as vendors adhere to standard authentication protocols and license embedded technology to third-party vendors.
Going Beyond Passwords
In the days of localized, centrally managed systems, passwords were considered sufficient to validate and authenticate users. Over today's distributed and untrusted networks, passwords are sniffed, stolen, shoulder-surfed or too easy for the determined attacker to guess. Enter Strong User Authentication (SUA), a move to develop more secure authentication systems that are not susceptible to the many weaknesses of simple password systems.
SUA augments systems by combining passwords (something secret that you know) with a possession (something you have with you). The most notable SUA systems are token-based and biometric authentication systems.
Biometric authentication systems (using unique biological traits) continue to develop and prices fluctuate as the industry attempts to identify a standard that will guarantee interoperability. (For more on biometric authentication solutions, see "Six Biometric Devices Point the Finger at Security," at www.networkcomputing.com/910/910r1.html and "Buyer's Guide: Biometrically Speaking," at www.networkcomputing.com/1017/1017buyers.html.)
Token-based security systems have been on the market for approximately a decade and have been proven in numerous environments. Options are available for practically any platform--desktop or server--you can imagine. And these systems interface nicely with standardized protocols, including RADIUS (Remote Authentication Dial-In User Service), TACACS (Terminal Access Controller Access Control System) or TACACS+. In fact, many network hardware vendors now provide built-in support for a number of token-authentication services.
Token-based authentication solutions have been engineered to be an easy addition to your network perimeter. Our tests of these products focused primarily on the increasing move to client/server implementations. The goal of these products is to provide strong authentication not only to your perimeter, but to the desktop as well. Our tests revealed that implementation of token-based authentication systems to the perimeter has gotten easier. With this breadth of support there should be little problem in configuring systems to coordinate with your existing perimeter systems. You may even find yourself taking advantage of the built-in RADIUS services some products offer with their servers.
our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at 
REPORTS
ANALYTICS
Follow 
