Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




:)
2897 posts

Uber Geek
+1 received by user: 98

Subscriber

Topic # 129100 3-Sep-2013 20:14
Send private message

Our 'Security' team is on a rampage at the moment, causing all sorts of strife, throwing the words 'best practice' and 'security risk' around like they're going out of fashion.


I can see where they are heading and our PC's are next. What I want to know is if there is a good card access/Smart card access system that we could implement on a corporate scale? 

Being a corporate, we use Active Directory extensively, so being able to authenticate there is an absolute must. I have seen the odd smart card system around, but haven't looked into it much myself.

I believe WINZ use a smart card system, and plug their cards directly into their keyboards.

Environment:

XP mostly, but rolling out Win7 shortly. 



Our IT/ITS Department is on Windows 7 and will likely be the first people, 'Pilots' if you will, of the given product. 





Create new topic
4993 posts

Uber Geek
+1 received by user: 1327

Trusted
Microsoft

  Reply # 889220 3-Sep-2013 20:17
Send private message

Investigate virtual smartcards in Windows 8 which can easily be integrated into Active Directory

also fingerprint biometrics are built into Window 8.1

or what OSes do you need to support



:)
2897 posts

Uber Geek
+1 received by user: 98

Subscriber

  Reply # 889222 3-Sep-2013 20:17
Send private message

nathan: Investigate virtual smartcards in Windows 8 which can easily be integrated into Active Directory

also fingerprint biometrics are built into Window 8.1

or what OSes do you need to support


Sorry I should have mentioned. 

At the moment we are still on XP, but are rolling out Windows 7 very shortly. 





 
 
 
 


2527 posts

Uber Geek
+1 received by user: 939

Subscriber

  Reply # 889223 3-Sep-2013 20:20
Send private message

Even WinXP Pro can support AD-integrated smartcards. You can even get keyboards with smartcard integration, and you can just slot the card in to log in (or configure them with card + pin/pass).




Windows 7 x64 // i5-3570K // 16GB DDR3-1600 // GTX660Ti 2GB // Samsung 830 120GB SSD // OCZ Agility4 120GB SSD // Samsung U28D590D @ 3840x2160 & Asus PB278Q @ 2560x1440
Samsung Galaxy S5 SM-G900I w/Spark

4993 posts

Uber Geek
+1 received by user: 1327

Trusted
Microsoft

  Reply # 889224 3-Sep-2013 20:23
Send private message

Indeed, you'll have to invest in physical smartcards

you can even get USB card readers that let you store the certs on a SIM so you don't need card readers in everything

do you have a budget or number of users?

1032 posts

Uber Geek
+1 received by user: 75

Subscriber

  Reply # 889245 3-Sep-2013 20:49
One person supports this post
Send private message

And then you you don't need to worry about phishing/remembering/losing passwords, just stealing/remembering/losing cards...

Jon



:)
2897 posts

Uber Geek
+1 received by user: 98

Subscriber

  Reply # 889247 3-Sep-2013 20:49
Send private message

Currently just investigating the options, really.

Lets say for arguments sake and testing purposes, ~100 employees straight off the bat - but if we were to expand it to the whole company, we could potentially be talking about thousands. 

I know they used to have a really POS device here, that was literally a proximity sensor - you walk to your workstation and it unlocked your PC, you walked away, it would lock again. But these devices failed miserably. (before my time)







Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.