The Monterey Software Group (408.253.1778) has enhanced its SAFE/3000 HP 3000 security solution to support CRYPTOCard enhanced user authentication tokens. SAFE/3000 is an access control and auditing product that now can use the credit card- sized token shown here to enforce secure identification and authentication of users across public networks, the Internet, corporate intranets or telephone dial-up connections to HP 3000s.
The biggest advantage to using token cards is that they take another tool -- network monitoring software -- away from the corporate hacker. Monterey's Lee Courtney says that "traditional static passwords are easily intercepted by any user with a PC running appropriate network software. Eavesdropping on network traffic is inexpensive and easy to accomplish." Considering that more than 80 percent of hacking is done from inside the enterprise, cutting off such network hacking can improve your security significantly.
Courtney says that this password problem on HP 3000 servers can even extend to connection of dumb terminals. RISC-based HP 3000 terminals are hardwired to a Distributed Terminal Controller (DTC), which in turn communicates to the server over a network connection. The DTC uses the network to transmit all terminal traffic, including logons and clear-text passwords to the server.
The CRYPTOCard generates random passwords to ensure that a password is only transmitted over the network once. For every new login, the token generates a new random password known only to the token and the server. Since only the token and server know the 64-bit DES encryption key used to generate the random password, an unauthorized user eavesdropping on the network cannot predict what password will be used next. Any passwords a hacker might grab over a network are useless.
CRYPTOCard tokens offer portability, an extended lifetime with user changeable batteries and tamper prevention through a Personal Identification Number issued with each card. Both SAFE/3000 and CRYPTOCard are available for export outside the United States. The server software starts at $2,995, and tokens start at $60 per token. A free PC-based tutorial and HP 3000 demo software are available.