Re: USB Tokens

From: Robert Schild (r.schild@ncs.at)
Date: 03/26/03

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #131" 
    Date: 26 Mar 2003 08:33:27 -0000
From: Robert Schild <r.schild@ncs.at>
To: focus-ms@securityfocus.com
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <002801c2f292$51b02300$02fb0ad2@laptopjd>

    Hi Justin,

    we use rainbow ikey USB token for this purpose. (called iKey)
    You can use them for userauthentification (OS-Domain-Logon) and for
    various encryption tools and programs. (secure e-mail, VPN, harddisk/file-
    encryption, etc.)
    They use a PIN for 2-factor-authentification just like smartcards, and
    have a high level of security!.

    For a safety Windows-Logon the "Authention"-Logon-Suite is a very good
    tool. A SSO (Single-Sign-on) is also included + a tiny file-encryption
    (available end of April) - the Authention Logon and SSO is still available.
    (OS: WinNT, Win2K, WinXP)
    Features:
    - Logon with the USB-Token only (GINA-Replacement) and/or the alternate
    use of the standard-logon-procedure(user/passwort).
    - Forced-Logon to the domain.
    - automatically locking of the workstation or user after detaching the
    token.

    For better file-encryption, DriveCrypt has a good performance and strong
    algorithms (up to 1344bit symetric key encryption!) There is also a
    additional tool available, called DriveCrypt Plus Pack, for encryption of
    the whole harddisk (including the OS-Partition) and Pre-Boot-Protection
    (PBP)

    With these tools you get a perfect desktop-security-solution.

    btw.: there is no need of certificates an a token, but you can use it a
    well.

    Links:
    rainbow-usb-key: http://www.rainbow.com/ikey/index.html
    DriveCrypt: http://www.drivecrypt.com
    Desktop-Protection (Authention, DriveCrypt, iKey):
    http://www.ncs.at/desk_sec/index.html (german language only)

    hope that helps.

    Cheers
    Robert 

    -- 
Security Solutions for corporate networks
http://www.ncs.at
>Has anyone used/developed/know of an application that can secure the OS =
>authentication (GINA) by using a standard USB token with say a =
>certificate on it.
>
>EG I have a 32Mb USB token with a certificate and when windows boots you =
>insert the USB token into the workstation and enter a password to unlock =
>the certificate.
----------------------------------------------------------------------
Get serious about enterprise anti-spam management.
SurfControl E-mail Filter for SMTP & Exchange
leverages multiple layers of technology to defeat
spam with accuracy. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfmsl1
  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #131"