Print
Close Window
From: www.itworld.com
Network security begins at home
January 12, 2001 —
Everyone knows the importance of network security in the corporate world. But in many ways, the risk to the home office is even greater. While the company LAN supports a fixed group of employees and is protected by IT professionals, home networks often mix remote workers and family members; corporate drives, files and resources with personal ones. And since teleworkers often double as home network managers, they need to fend off threats from outside as well as inside the network.
The standard network log on challenge -- asking for user name and password - provides a fair level of comfort. But since home network security is often lax, it's probably not enough. Say your first grader wants to log on, but forgets her user name and/or password. She might borrow her older brother's username and password and log on as he, which in turn grants her access to his personal files, and a different level of Web access. Or worse, she heads for your corporate system, logs on as you (since your password is posted on the monitor) and deletes crucial system settings while attempting to launch the browser.
In a small office, the job of implementing security controls often falls to the small business owner or manager. In addition to fending off invasions from the outside, it's imperative that specific rights be granted to specific users. The administrator/business manager will need access to employee records and payroll files, but the data entry clerk or sales person shouldn't even see such folders on the network. An effective method of authentication helps assure that only persons authorized to log on to the network can actually get into the network.
Security schemes use one or more of three elements - what a user knows (password, user name, etc.), what a user has (physical security key, smart card, or a different access device), or what a user is (physical identification, often referred to as biometrics). Several new products relying on the latter two provide the additional security home networks need. Most are designed for use on a single workstation, but network versions are often available.
USB Keys
The same way your house and car keys open your door or unlock your car, USB keys plug in to your computer's USB port to obtain access. When you plug in the key, you're prompted to enter a unique password or personal identification (PIN). If the password and the key match, you're authenticated. If you remove the key, access is revoked. If someone borrows your key, unless they know the password or PIN, it's probably nearly impossible to gain access.
SmartID ($35) from Griffin Technologies LLC and Rainbow Technology's iKey 1000 ($45) each employ a user's PIN number, software, and the physical key to gain system access. The iKey is available now and includes support for Windows 2000 Professional; SmartID is expected to ship in January.
While the USB key makes good sense, the design calls for a hub. Most desktop computers have USB ports in the back, where they're hard to access. A hub that brings additional USB ports to the front of the computer makes the key insertion easy, and also simplifies the addition of such other USB devices as keyboards, scanners and printers. Four-port hubs are available from DLink, Xircom, Inland Pro and Hawking Technology, priced from about $30. Hubs that provide additional ports or even serial or parallel ports are also available.
Biometric Devices
Many "what the user is" biometric products also are gaining a presence. To grant system access, these verify your identitty by checking a unique physical attribute, typically a fingerprint. However, thumbprint scanners, retina or iris scanners, even face readers or voiceprint systems are being developed.
During set-up, the biometric device first reads the user's fingerprint, for instance, that it uses for authentication. This may involve more than one pass, in order to adjust for any variations in the reader. It also might involve more than one biometric (such as a scan of each finger, so that a user can be verified using any finger on the "mouse" hand). The biometric data may be stored in various ways - as a reproducible data file on the client computer, or as a value that must match a "template" generated by the reader device.
Fingerprint scanners ($120 to $200) from KeyTronic are available now, either incorporated into the mouse and keyboard, or as standalone devices. Siemens offers the fingerprint reading SiemensID mouse ($150). Ethentica is putting the final touches on the Ethenticator 2500 ($99), which plugs into a USB port.
A thumbprint-scanning device, the BioLink U-Match mouse ($120) from BioLink Technologies International connects to the PC via a PS/2 port, and draws power from the serial port. Upon set up, a template of the fingerprint is created, encrypted, and stored on the network. During authentication, the print is read and encrypted, then matched to the set of unique prints on file in the authentication device.
By month's end, Iridian Technologies is expected to ship the Authenticam ($300 per unit), an optical device that scans the user's iris (the colored part of the eye) to grant network access.
Log me on
Single sign on software allows the system to remember usernames, account names, passwords, and other identification challenges that users encounter when logging on to secure Web sites. With it, you only log on once - identifying yourself to the system. Once authenticated, sign-on to other sites, or even to the company network, can be performed automatically.
The single sign feature is sometimes bundled with security products. For instance, BioLink offers the BioLink Home Administrator, which includes a Umatch mouse, desktop protection software, a Password Broker (which performs single sign on) and NetNanny software. NetNanny works with the Umatch mouse, identifying which user is logging on, and blocking sites restricted by the administrator.
Some Websites also support the use of encryption keys. Banks and financial institutions may use your unique key to authenticate you, instead of employing user name and password for authentication. In cases requiring the highest level of security, your key may also be used to encrypt and decrypt data sent between your office and the bank.
Biolink Technologies International -- www.biolinkusa.com
Iridian Technology -- www.iridiantech.com
Griffin Technologies -- www.griftech.com
Ethentica, Inc. -- www.ethentica.com
Rainbow Technologies -- www.rainbow.com
Keytronic -- www.keytronic.com
Siemens, Inc. -- www.siemens.com
Network World