Firewalls and similar perimeter protections are, of course, designed to keep out those who are not authorized to access the network while allowing those with proper authorization easy access to the data they need. Naturally, distinguishing the one from the other is critical. That is the purpose of authentication, and usually involves the combination of a username and a password.

Passwords, however, are fraught with problems. Easy to remember passwords are also easily guessed while more complicated passwords, or those that are frequently changed, are hard to remember and end up being written down and thereby compromised. They are also expensive -- the GIGA Group estimates that about one third of all help desk calls are password related.

If a typical help desk annually costs between $300 and $350 per user supported, that equates to more than $100 a year to maintain each user's passwords.

A variety of technologies have been developed recently that are aimed at alleviating these issues, but fall short of the mark by being too technologically complex, too expensive or by simply shuffling the problem to a different set of individuals. CRYPTOCard Corporation has an easy to use, inexpensive and elegant alternative called CRYPTO-Server.

CRYPTO-Server employs tokens to authenticate to a server. It is a single use password system, whereby a new password is generated for each use and will never work again. Users no longer need to know their passwords and so cannot write them down or inadvertently reveal them to others. CRYPTO-Server provides authentication services and logs activity to a log server. It uses an SQL database (MySQL, SQL Server, Oracle, etc.) to hold token information and obtains user information from a Directory Server such as LDAP or Active Directory.

The system comprises several components, including the server itself, CRYPTO-Console, CRYPTO-VPN, CRYPTO-Web, CRYPTO-Logon and CRYPTO-Deploy. There is also a kit for developers who wish to include the CRYPTO technology into their own systems.

The system is administered through the CRYPTO-Console, which can be installed either locally on the server or at remote workstations. With CRYPTO-Deploy, pre-initialized hardware tokens can be deployed through any browser, anywhere. CRYPTO-VPN allows for the integration of the CRYPTOCard technology for VPN access authentication.

CRYPTO-Web puts the technology into either IIS or Apache to protect all or parts of a web site, using strong authentication to secure sensitive information. CRYPTO-Logon replaces the usual static password to protect LAN, PC and thin client access with secure one-time passwords.

There are various tokens available, including a pin-pad token, a keychain token, a USB smartcard dongle, a software token and a smartcard token with either a PCMCIA or a USB reader. These tokens are made from a tough metal alloy, which makes them durable, and have replaceable batteries, giving them a considerable advantage over RSA's SecureID tokens.

This article was first published on EnterpriseITPlanet.com. To read the full article, click here.