Features

You might find it strange to see Novell Netware (essentially a network operating system) included in a group test of two-factor authentication products. But we are discussing secure access to information and services from both local and remote access points. We are also discussing effectively managing user profiles and administering security policies accordingly.

This USB token offers two-factor authentication that has been considered from many perspectives, including that of the user.

We've reviewed this product before, (albeit a slightly earlier software revision), but make no apologies for including it as a solid two-factor authentication solution.

AssureAccess is access management software that provides application security for J2EE/Javabased web, portal and web services applications as well as securing traditional web servers.

Cams is designed to control access to web and J2EE application server resources. Resources protected by Cams can reside on the corporate intranet, an extranet, or the internet, and they can be a document, a web application, or almost any other application, data, or even a device.

Citrix MetaFrame Password Manager provides SSO to applications running in a Citrix MetaFrame Access Suite environment and non-Citrix environments.

Entrust GetAccess is a web access control solution that provides web portal security and identity management. It supports a variety of authentication methods including passwords, certificates, tokens and biometrics. It provides flexibility for the rules enforced for user passwords as well as maintaining password histories.

eToken Enterprise provides a more cost-effective solution than SSOs to the problem of users having a different login credentials to Windows networks and the web based resources they use.

The Digipass pack product from Vasco is perhaps less of a product in the accepted sense and more of a security philosophy – the philosophy in question being that of dynamic, one-time password creation using portable tokens.

The ECHOsystem from Fizians Inc. is certainly different. It uses audio to transmit the equivalent of a dynamic password across the network for user authentication purposes.

Entrust is known for its expertise in managing and securing digital identities, and the Entrust USB token is a two-factor authentication product worthy of the company's reputation. The token is based upon the Rainbow Technologies iKey 2032 device, a proven product.

ActivCard knows how to provide products for review – they sent us software kits for Windows, Mac, Linux and Solaris, complete with manuals and supporting literature.

This was complemented by three smartcard readers, a PCMCIA reader, USB tokens and smartcards.

This is a comprehensive and flexible product upon which may be built an equally comprehensive access security model. It is scalable and facilitates the management of both local and remote network access within various environments and, if required, across multiple authentication servers.

To many employees, the RSA SecurID tokens are a familiar sight, as is the procedure for logging in to a TCP/IP network using a onetime dynamic password technique embodied by this approach.