Friday, July 25, 2008

Smart Cards, Common Access Card (CAC), HSPD-12 and you...

I was searching the Internets for a sensible article, post, anything on the practical application of smart cards and came up with a lot of technical jargon and solutions but not much practical information for the everyday Joe security guy or admin.  Why should I care?  Well, as logical and physical security technologies evolve, the use of a smart card (and a RFID or GPS one at that) seems quite useful as an access replacement to current technologies.  It would only follow that governments and big business will be soon to follow suit in implementing this technology... so why not start making it simple to understand?  

What are smart cards?

OS Insecurity:  How does your favorite OS deal with these scenarios when CAC authentication is enabled?
  • Remote administration
  • Non-Kerberos or non-PKI authentication
  • Services running as users instead of system
  • Emergency root-level access

Microsoft Windows and Smart Cards
  • A user receives an "Unable to log you on because it is required that you use a smart card" message when the user tries to log on to your Windows XP-based computer by using Remote Assistance
    http://support.microsoft.com/kb/893226

  • How to access a network resource that requires username and password authentication when your user account requires a smart card for interactive logon
    http://support.microsoft.com/kb/834432

  • After you use a smart card to unlock a Windows XP-based computer, you are prompted for authentication when you access resources that require NTLM authentication
    http://support.microsoft.com/kb/939850

  • "Local Policy of This System Requires You to Logon Using a Smart Card" Message Appears When You Try to Log On to the Server
    http://support.microsoft.com/kb/832026

  • A scheduled task that is running under a specific account cannot access a shared network resource in Windows XP
    http://support.microsoft.com/kb/887572

  • Services and scheduled tasks cannot log on if a smart card is not present in Windows Server 2003
    http://support.microsoft.com/kb/889505

  • Dell Identity Management Solutions
    http://www.dell.com/downloads/global/power/ps4q06-20070155-IdentiPHI.pdf

These are some initial thoughts... more to follow...
 
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)