NW_20000601_en_Network Magazine, June 1, 2000_ "Authentication Devices Take On A New Identity"

Strides in cost reduction, scalability, and interoperability are making authentication devices increasingly attractive solutions.

As Internet usage, e-commerce, and remote access technologies enjoy increasing adoption, the need for authentication devices will remain on the uptick. While this can be good news from a security standpoint, it can be not-so-good news from an administrative one. The proliferation of these devices means more elements for the network manager to juggle.

The upside is that these devices are becoming more affordable, easier to install and implement, and easier for the end user to handle…

AUTHENTICATION BASICS

Authentication devices come in a variety of forms. While some of these devices, particularly biometrics, were once considered merely trade-show display items, these systems are gaining credibility as the need for their functionality rises.

Authentication devices include smart cards, tokens, and biometric devices. Despite their differences, there are some common threads among these approaches. One of these is cost. In the past, implementing an enterprisewide authentication device solution often proved too expensive.

As more organizations have begun to roll out such solutions, however, pricing has become less of a barrier.

Other concerns include management, integration with existing systems, and sealability. While it might seem simple to issue a batch of smart cards to users, keep in mind that once the cards are issued, they've got to be managed effectively.

It's also sometimes difficult to find an authentication device-based system that will integrate smoothly with existing systems on the network. Before implementing such a solution, first assess what you already have on the network and how well the authentication device solution you've selected will mesh with your existing infrastructure.

Scalability, a common problem with many distributed network solutions, remains a hurdle for a number of the available authentication device solutions. Some of these schemes work well in limited quantities but begin to lose steam as the number of users increases. It's particularly important for large enterprises to ensure that the solution can expand to fit existing and future requirements.

Finally, there are specific features you should look for. Depending upon the type of authentication device scheme you select, you may need support for Remote Authentication Dial-
In User Service (RADIUS), DES, Triple DES, ipSec, and rxt, just to name a few. Of course, the features you'll need will depend on your network's individual requirements, but you should account for upcoming developments when deciding what functions are necessary in an authentication device solution.

TOKENS

The security token comes in a variety of form factors and designs. Depending on such factors as the security requirements of the network, the characteristics of the user population, and the need for highlevel scalability, tokens are sometimes preferable to smart cards. Tokens come in both hardware- and software-based forms.

VASCO Data Security 's (www. vasco .com) Digipass products include card-based tokens, calculator-style devices, and a device that provides Radio Frequency (RF) and ID card authentication for physical access and network authentication access.

The Vacman Optimum access control server provides for programming/reprogramming of devices, as well as PIN code management. The package also comes with Vacman Programmer I.O, several Digipass devices, and the Administrator Digipass.

ASSESSING AUTHENTICATION

While authentication device technology continues to improve, the various types of devices will be adopted at different rates. In the near term, tokens and smart cards will have the edge on biometric devices because of cost, usability, scalability, and administrative issues.
This doesn't mean you should write off biometrics. At some point, they'll likely become inexpensive and user friendly enough to enjoy widespread adoption, depending on the application. For today's network, however, a conservative approach-one that employs devices that fulfill security needs without placing an undue burden on network managers, administrators, and users-is probably the best route.