Cheap Easy Smartcard Solution for DC Logins?

Discussion in 'Security Software' started by Will, Jan 29, 2007.

  1. Will

    Will Guest

    I'm looking for a quick, cheap, easy smartcard implementation to secure
    Domain Administrator logins to a Domain Controller. Do I have any options?

    We will eventually implement a two factor authentication system probably
    based on Cryptocard. Does this completely do away with any need for the
    smartcards, or does that have added advantages for Domain Controller
    protection given how Microsoft has integrated it into Active Directory and
    you can require certain accounts to use them?
     
    Will, Jan 29, 2007
    #1
    1. Advertisements

  2. Will

    Mr Putz Guest

    About a year ago, I was also in the same boat as you looking for a cheap
    solution to protect my Domain Administrators. I eventually went with
    CRYPTOCard.

    For starters I found a local supplier that provided me with a Keyboard
    with a built in smartcard reader. The Reader is right above the “F5”
    key and stick upwards like a soar thumb. I also found that external
    smartcard readers (not attached to the keyboard) were disappearing due
    to all of the piracy of satellite hacking that is taking place.

    There are two main advantages that I found with Cryptocard. When an
    administrator leaves the PC and removes their smartcard (again it’s
    sticking up like a soar thumb), the PC automatically logs them off.
    The second was that our local administrator has their own account as
    well as domain administrator account (two users). CRYPTOCard allowed
    me to put two tokens on the same smartcard.

    Now with that being said, I did try and use the new Microsoft method of
    using certificates however I found it very hard to integrating them onto
    a 3rd party smartcard.

    Mr. Putz
     
    Mr Putz, Jan 30, 2007
    #2
    1. Advertisements

  3. Will

    Will Guest

    What is the interface between the smartcard reader on the keyboard and the
    host? Does the signal go back by USB, or is it all integrated into a PS2
    connector? I need to share the keyboard between PCs in a server room on a
    KVM switch.
     
    Will, Jan 30, 2007
    #3
  4. Will

    Mr Putz Guest

    Hi Will,

    I have a USB keyboard with an intergrated SmartCard Reader and my KVM
    switch supports USB Keyboard/Mouse interface...

    Mr. Putz
     
    Mr Putz, Jan 30, 2007
    #4
  5. Will

    Will Guest

    Which model keyboard did you get with the smartcard reader?

    Whose smartcards are you using with Cryptocard?

    We are thinking of going with the Cryptocard two-factor tokens for normal
    workstation login and remote access, and possibly requiring the smartcard
    just for ultra sensitive machine logins, such as the domain controller and
    Cryptocard consoles. You are right it would be very attractive to have
    multiple user's certificates on a single smartcard and some way to choose
    between them during login prompt.
     
    Will, Jan 31, 2007
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.