Network Computingwww.networkcomputing.com

	Issue TOC Print full article Print this page Download as PDF E-Mail this URL Flame the author     In this article Introduction It's All About Risk A Risk-Based Policy Executive Summary Cost Factor Gotchas Make Your Case Online Only: Password Woes? Look to the User Epoll Results

Your security toolbox probably contains a raft of products and technologies, from antivirus software to VPNs, but unless all of them are applied in a thorough, consistent manner--in other words, according to your organization's security policy--consider yourself sunk.

When it comes to keeping tabs on users and their rights to data resources, think AAA: authentication, access control and accounting. An effective policy defines acceptable forms of authentication based on users, resources, locations, time of day and other factors. First, know who is seeking entry. Then define where they can go and when they can go there. Finally, make sure you know what they do while they're there.

That's a tall order, so we set out to find a unified authentication-management package that would let us enforce a uniform, graded authentication policy across multiple applications and user directories. Also key were support for strong passwords, biometrics, tokens and digital certificates and thorough logging so we could track users. We gathered BioNetrix Systems Corp.'s BioNetrix Authentication Suite, Novell Modular Authentication Service, and Secure Computing Corp.'s SafeWord PremiereAccess. After throwing unsynchronized user directories with a hodgepodge of authentication policies at the three entries, we gave our Editor's Choice to Secure Computing's solution because it provided the most solid policy definition and the best all-around feature set.