10 Sep 2006

On Day 3: Security

Author: q | Filed under: SMB Nation

The last session of the conference for me is the repeat of Dana”s security seminar. If you haven”t seen Dana”s sessions, you”re really missing something. The main focus of his presentation was on using two-factor authentication. Two-factor authentication is comprised of something you have and something you know. For example, your bankcard – you have the card and you have to know the PIN.

One of the key issues facing small business IT shops is how to manage the administrator passwords for the systems you manage when you have an employee leave the company. If you change the administrator password, you also have to change the password for services that run as administrator, plus change the passwords of any additional admin accounts that may have been created, and this can take a very long time, especially if you have a large number of servers or a lot of turnover.

With a centrally-managed two-factor authentication solution, the need to change administrator passwords is either significantly reduced or eliminated because you can disable the OTP (one time password) for the departing employee in the central system and lock that user out of the systems you manage.

Some vendors who have solutions for two-factor authentication:

www.cryptocard.com (cryptocard) – bill@cryptocard.com ask for starter kit referred by Dana
www.verisign.com (
www.vasco.com (VASCO)
www.passgo.com (Defender)
www.scorpionsoft.com (Anvil)

Dana demoed several implementations of two-factor security on live systems, including a new product from Scorpion Software that adds two-factor authentication to Remote Web Workplace.

One audience question – what about biometrics? Dana pointed out the “gummy bear attack” that ,,gets past fingerprint scanners.

Now for the afternoon activities…

Leave a Reply