Network Computingwww.networkcomputing.com

Authentication Tools

Posted by John H. Sawyer on January 28, 2005

Tags: ActivPack,  PremierAccess,  Steel-Belted Radius,  ActivCard,  Active Directory,  Biometrics,  Funk,  Global authentication,  Hardware token,  LDAP,  Lucent,  NavisRadius,  Novell,  Password,  RADIUS,  Secure Computing,  SecureLogin,  Single sign-on,  Smart card,  Strong authentication,  Three-factor,  Token,  Two-factor,  Authentication,  Data Networking & Management,  Data Protection,  Enterprise Identity,  Internet Authentication ,  Other,  Single Sign-On,  Software,  Software and Web Development,  Unified Communications & VoIP

Channel: Data Protection, Networking & Mgmt, Other, UC & VoIP

Read On Fortifying Your Network-Access Control Using AD for Linux Authentication Survivor's Guide to 2005: Security Developing a Compliance-Driven Framework How to Configure Access Controls With Active Directory Remote Access Security Single Sign-On Still Stinks Goose Eggs iPass Buys Device 'Fingerprinting' for Secure Remote Access

The Haves

All the products we tested except Novell's Nsure SecureLogin rely on RADIUS as their primary authentication mechanism, with a tie-in to LDAP and AD. Novell allows the choice of e-Directory, AD or any LDAP directory and stores credentials for RADIUS authentication against another server. All let us build various levels of custom interaction for our users. With any of these products, you can enforce authentication policies that are as strong as your organization demands and your users can bear.

If secure authentication is your only concern, any of these products is likely to meet your needs. We found significant differences, though, in how easily they let us build custom scripts, their flexibility and the extent to which they support authentication-process management. In addition, there's one area in which the products clearly differ: Secure Computing and ActivCard provide token-based authentication systems that offer additional authentication services on a global basis. Lucent, Funk and Novell provide global authentication systems that may include token-based authentication. It sounds like mere wordplay, but there are significant variations between the approaches. One important point of contention is when you're considering whether to give tokens to all your users, or just to those with high-value privileges--"C-level" officers and network administrators, for example. A global-authentication system that allows for tokens will offer more flexibility in how the non-token users authenticate. If every user is going to get a token, though, a token-based system is likely to cost less than a general authentication system with token support.

In terms of purchase price, Lucent came in at the low end, with a single-server implementation supporting 500 simultaneous users at $1,000, and a 2,000 simultaneous user version at $4,800. Funk's Global Authentication version of Steel-Belted Radius cost $10,000 as tested, though the vendor offers versions priced at $4,000 to $20,000 and says one server will support as many as 20,000 users with its native database.