Network Security Fundamentals [Electronic resources] نسخه متنی

PC CardBased Solutions

To establish a network environment that is secured in depth, you can add PC cardbased solutions to digital IDs and IDSs. A couple of PC cardbased solutions are available to protect your data in today's challenging network environment. These PC cardbased solutions enable the network administrator to add security to the control of access, identities, software, file storing, e-mails, and so on. Security cards or smart cards, hardware keys and PC card encryption cards are most commonly used. The following sections discuss all three in a little more detail.

Security Cards

Security cards (often referred to as smart cards) are credit cardsized plastic cards embedded with an integrated circuit chip (IC). Smart cards can be used for a broad range of applications and purposes that require security protection and authentication because all the information is stored on the card itself. Once the card is programmed, it no longer depends on external resources. This independence makes it highly resistant to attacks. Functional examples of smart cards are the following:

• Identification cards (including biometrics)

• Medical cards

• Credit and debit cards

• Access control cards (authentication)

All these applications require sensitive data to be stored in the card, such as biometrics, cryptographic keys, medical history, PIN codes, and so on.

Let us now focus a little more on smart card applications in the computer networking environment.

NOTE

Token-based authentication systems usually display numbers that change over time. The authentication systems synchronize with an authentication server on the network, and they may also use a challenge/response scheme with the server. Tokens are based on something you know (a password or PIN) and something you have (an authenticatorthe token).

Token-based authentication systems are increasing in popularity over software-only encryption packages mainly because of the enhancements and add-on functionality that token-based systems offer. Smart cards are seen as a rising trend in token-based authentication. Nowadays, most security functions reside on vulnerable servers. These functions can include boot integrity, file system integrity, public key encryption, key storage, and digital signatures, as you will see throughout the course of this book. By adding smart cards into your security design implementation, some mission-critical security functionality can be performed on the card itself, with significantly greater security protection and lower risk. On the other hand, smart cards are not cheap and can have potential management issues, including the need for replacement and reprogramming.

A good example of porting some of this functionality to the smart card is the protection of the boot sectors on a hard drive of a personal computer. Most users don't even worry about protecting these system areas, although they are exposed and vulnerable to computer virus infection. The basic idea is that during the boot sequence and after the user has been authenticated to the smart cards, the computer requires data from the smart card to complete the booting process. (The smart card is also password protected.) This guarantees system integrity even if the attacker gains physical access to the computer.

Smart card deployment is also used to assure file system integrity. In general for all computer systems, validity of files, such as executable programs, is checked against a checksum. It is in this context that smart cards can be an effective protection mechanism against viruses. The smart card stores the checksum of the executable program or plain data file. When opening or launching the file, the checksum on the card is verified. If the checksum differs, an alarm goes off. This is an efficient way of validating file integrity and works as a complementary solution to virus-scanning software applications, which are scanning for known viruses using well-defined signatures.

Hardware Keys

Hardware keys are best known as software protection elements. They are USB-based solutions. If your company is in the software development business, you are most likely aware of software pirates and hackers trying to gain free access to the software your company has developed in-house. Hardware keys protect software application code and are the first line of a good defense in tackling this threat. Users cannot launch applications without the hardware key that is plugged into the laptop or workstation.

Hardware keys are also used for authentication purposes to protect against unauthorized data access. Lost and stolen laptops endanger data confidentiality and data integrity. Installing hardware keys prevents thieves from breaking into corporate servers via the laptop because hardware keys need to be plugged into the laptop for authentication of the user. The hardware key is small and handy and can be easily attached to a key ring containing other personal keys. Advantages of these solutions include ease of implementation as well as low cost.

PC Encryption Cards

PC encryption cards are available for USB, LPT, COM, RS232, PCMCIA, and (E)ISA. These cards can be attached as peripherals or integrated in almost any computer device. Figure 3-4 shows the setup for data encryption using PC cards. Encryption can be accomplished locally and remotely on the file server.

PC cardbased solutions using encryption cards provide secure file storage and file transmission over a LAN segment, as seen in