Print
Close Window
From: www.itworld.com
Centralized security key
August 15, 2001 —
If placing your authentication and authorization needs into the hands of a third party -- as with Passport or iChain -- is not for your company, an internal system can prove valuable. Although authentication methods can be as simple as a password or as complex as a combination of password, token, and biometrics device, managing all of these methods can be an extremely difficult, expensive, and time-consuming process.
Authentication Suite 4.0 from BioNetrix Systems Corp. provides an authentication management infrastructure that allows an administrator to control authentication methods centrally. This first release of Authentication Suite earned our highest rating of Deploy with its stellar management capabilities and efficiency coupled with its potential to save a company both time and money.
Version 4.0 supports a wide variety of applications and authentication devices, making it flexible and convenient for almost any environment. Currently, Authentication Suite supports most biometric and smart card devices. Future versions will add support for proximity cards and new authentication technologies. Authentication Suite also integrates with policy management applications such as Netegrity's SiteMinder and Securant's ClearTrust, providing the ability to centrally manage both access and authentication policy.
Version 4.0 consists of four major components: Administration Manager, BioNetrix BioServer, Database Manager, and BioNetrix Client. The Administration Manager is the management GUI that allows one or more system administrators to create and manage authentication policies. The Administration Manager can be distributed to multiple administrators and used to remotely manage policy.
The BioNetrix BioServer negotiates the authentication process by comparing the user's authentication template with the authentication data received from the client. The Database Manager communicates with the BioServer and stores all of the information necessary for Authentication Suite, such as users, authentication policies, user templates, and authentication methods.
The BioNetrix client resides on each user's system and communicates with the BioServer to enforce authentication policy. The BioNetrix client can be used to control authentication policy for Windows, Novell Inc., Entrust Entelligence, Web applications, and other third-party applications such as large ERP or financial packages.
For our testing we installed the Authentication Suite on a Windows 2000 Server. The installation and initial configuration process is straightforward, and took us about 45 minutes. For testing purposes, we ran all components on the same server. The first step in the installation process was installing the database. Authentication Suite currently supports Microsoft Corp.'s SQL Server. Support for Oracle Corp. and other databases will be available in future releases.
The BioNetrix software installation uses the standard Install Shield process. During installation, we selected the authentication components we wanted to use for our network. We chose four devices out of approximately 15 available, including the BioNetrix Password, Rainbow iKey, Visionics FaceIT, and SecUGen Biometric Mouse. The installation process installs the necessary drivers and software required to use the devices for authentication. We then associated the BioServer with the database installation and populated the database. This is all done automatically during installation.
The final step in the installation was to define the policy for the Administration account, which administers the BioServer. For this account, we defined an authentication policy that requires a password and either facial recognition or fingerprint authentication.
We tested our Administration account by logging into the Administration Manager using a password and fingerprint. We then imported our Windows domain groups into the BioNetrix server and logged into the system as a domain administrator and confirmed that the proper authentication policy was enforced.
Besides providing an intuitive management interface that makes it easy to configure complex authentication policies using nested "ands" and "ors," Authentication Suite provided excellent reports that showed all authentication policies, successful and failed log-in attempts, and policy assignments.
Authentication Suite also includes a real-time log that shows successful and failed log-in attempts, making it easy to glance at the screen and see the problems. When selecting a record, the log shows the detailed policy associated with the user in question and how each step in the authentication policy worked. This is an excellent resource for administrators who are troubleshooting a user's failed log-in because it will show exactly where the user's authentication process failed.
Authentication Suite 4.0 works within an existing security infrastructure to support multiple authentication types and provides an easy means of changing from one authentication type to another. If your company upgrades from basic password authentication to a smart card, you need to change only the user's authentication policy. For organizations using multiple authentication methods, Authentication Suite fits the bill.
| THE BOTTOM LINE: DEPLOY |
| Authentication Suite 4.0 |
| Business Case: This authentication platform enables central authentication policy management, making diverse authentication schemes an easy and cost-effective proposition. |
| Technology Case: Authentication Suite's client application controls the end-user authentication methods, making upgrading and changing authentication schemes as simple as a click of a button. |
| Pros: -- Intuitive policy management and creation -- Excellent reports -- Easy to install and administer |
| Cons: -- No support for SecurID |
| Cost: Starts at $100 per user |
| Platform(s): Windows NT and 2000; client: Windows 9x, NT, and 2000 |
| Company: BioNetrix Systems Corp. www.bionetrix.com |
InfoWorld