January 21, 2000 Web posted at: 10:17 a.m. EST (1517 GMT) by Deni Connor

From...

(IDG) -- Users wanting to consolidate security services or increase network security may want to take a look at software Novell will introduce this week.

Novell Modular Authentication Service (NMAS) lets IT managers establish multiple levels of security that go beyond password authentication. NMAS allows digital certificates, tokens, smart cards and biometric devices - such as fingerprint or retinal scans - to be authenticated to Novell Directory Services (NDS) before granting access to sensitive data on a network.

Novell today uses a two-process authentication method in which users seeking access to the network enter passwords that are encrypted by an RSA security algorithm.

MORE COMPUTING INTELLIGENCE

IDG.net home page

The ABCs of PKI

Diary of a hack attack

Top 10 TCP/IP tools no network pro should be without

IDG.net's network operating systems page

Reviews & in-depth info at IDG.net

E-BusinessWorld

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for network experts

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

A second process allows authentication to an NDS server. NMAS extends password authentication from a "what you know" scheme to a "what you have" (smart card) or "what you are" (fingerprint or retinal scan) technology.

With NMAS, Novell is one of the first vendors to allow multiple levels of authentication to be combined to afford network access. For instance, to access supersensitive data, a user may need to enter a password and use a SecurID-generated token. In contrast, Windows 2000 will only allow single-level authentication through passwords, smart cards or biometric devices, according to Microsoft.

Jim Hurley, an analyst with Aberdeen Group in Boston, says users don't want to increase their security alternatives but want to have the flexibility to employ a variety of security mechanisms. Many companies have already installed biometric devices and smart cards for physical access that are separate from the network infrastructure for remote user access.

"User desire for multiple levels of authentication has been unabated for two years," Hurley says.

Mike Zeiman, IT analyst for Dow Chemical Employees' Credit Union in Midland, Mich., is investigating the use of strong authentication in NDS for his employees and banking customers.

"I continue to see authentication solutions, but they aren't tied to NDS," Zeiman says. "I have applications that are sensitive running on my NetWare and Unix servers. Theoretically, through NMAS and NDS, I could authenticate in various ways to either network."

NMAS configuration is performed via the NDS management utility, ConsoleOne. NMAS will work with token devices from RSA Security, Active- Card and Vasco Data Security, and biometric devices from Indentix and Saflink, among others.

An NMAS starter pack that allows only a single-method logon will be bundled free with numerous Novell products, including NetWare 5.1. A separate Corporate Edition, which allows multiple-method logon, will be available this quarter. Novell declined to specify pricing.