Security with bite: 15 technologies tested

Security with bite: 15 technologies tested

Summary: In this special review, we round up the various authentication devices on the market. From fingerprint scanners, to single sign-on software and biometric technology -- we have the authentication market covered.

SHARE:

Contents
Introduction
Authentication vs authorisation
Passwords and token devices
Single sign-on
Smartcards/Proximity Cards
Smartcards (cont.)
Biometrics
Biometrics (cont.)
Digital Certificates/Signatures
Notebook with fingerprint scanner
Vendors
About RMIT

Single sign-on (aka the Holy Grail)

Single sign-on is taking every existing authentication system used by an individual and changing it to a single authentication technology. So say a user has 12 disparate objects to access via passwords every day, they can reduce that to one password to access all 12.

However, it does mean there is a single point of failure if static passwords are used. But combined with other forms of more secure authentication, such as tokens, smartcards, biometrics, and so on, single sign-on is a very attractive option.

There are two main types of single sign-on concepts. The first is enterprise-wide single sign-on; the second is Web single sign-on or federated (usually via Web interfaces) single sign-on. Enterprise single sign-on is what every company, particularly ICT departments that havee been operating for more than a few years, is trying to pursue. Consider how many applications employees have to log in to every day just to do their work -- accounting systems, stock control systems, operating systems, CRM applications, e-mail systems, intranets, extranets, Internet proxies, even old legacy apps.

Most of these applications are somewhere in the grand scheme of lifecycles, and at the end of the day cannot be replaced in one fell swoop, or indeed ever, with a nice directory compliant application (X.500, LDAP or otherwise).

This is why a middle ground needs to be established to head towards true single sign-on and a balance of smart programming and compliant standards-based applications needs to be achieved.

Vendors, such as Citrix with its MetaFrame Password Manager Access Suite, have taken some of the heartache out of this by developing very powerful tools that enable administrators to capture and set many forms of password controls and even enforce quite complex password policies on legacy applications which never would have had these options in the past, and all without rewriting the application or the interfaces.

Federated single sign-on, however, is where multiple Web sites have an agreement to accept and trust authentication of a user at one Web site and carry it across to the others. This means the user only has to sign in at the first Web site it visits.

Computer Associates has the best of both worlds in both enterprise and federated single sign-on.

It has a truly enterprise-scale directory service in the form of its eTrust eDirectory, which has the options to run with its range of IAM (identity and access management) applications for enterprise single sign-on and with the recent acquisition Netegrity it now has a federated single sign-on product called eTrust SiteMinder.



Vendor Citrix
Web www.citrix.com.au
Phone 02 8870 0800
Technology Single sign on
Model MetaFrame Password Manager Access Suite
Price



N/A



 
Interoperability
Interoperates with virtually every type of sign on application, even down to its command lines interfaces using the screen vectors.


Futureproofing
While still operating around password technology if combined with other forms of authentication such as tokens, smart cards or biometrics, SSO technology becomes quite strong.
ROI  
N/A

Service  
N/A

Rating ½


Vendor Computer Associates
Web www.ca.com/au
Phone 1800 224 636
Technology Single sign on
Model eTrust SiteMinder & eTrust eDirectory
Price 3-year licence (usage, support, and maintenance): eTrust SiteMinder -- AU$23 per user/ per year; eTrust Directory -- AU$10,000 per tier 1 server/ per year
 
Interoperability
Computer Associates, since the acquisition of Netigrity, now has complete solutions to offer SSO for Web and for directory services.
Futureproofing
While still operating around password technology, if combined with other forms of authentication such as tokens, smart cards or biometrics, SSO technology becomes quite strong.
ROI
All products are very well priced and include support and maintenance.
Service ½
Support and maintenance is included for the life of the licence which is excellent.
Rating ½

Topics: Security, Hardware, Health, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • You missed just one new technology

    You should have included in your testing the CAT (Cellular Authentication Token) by Mega AS Ltd (www.megaas.co.nz).

    The is the best Authentication (cost/performance) available today.
    anonymous