 |
|
| technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
WebFort secures traffic with software
|
(IDG) -- Many challenges face those trying to provide strong, two-factor security authentication to users accessing sensitive information via the Internet. The most popular solutions today for two-factor authentication (which is based on something you have and something you know) are SecureID or smart cards. But these require expensive hardware tokens to be distributed to users.
A much simpler and less expensive way to provide authentication is via software, and that's where WebFort, from Arcot Systems, comes into the picture. WebFort is a new software-based technology that provides cost-effective two-factor authentication via the Web, and is ideal for securing e-commerce. For highly sensitive intranet applications, you might still want to use hardware authentication, but for Web applications WebFort is a great choice that can fit almost any architecture. I'm very enthusiastic about WebFort's capability of serving this security need, and its potential looks terrific; I give it a score of Excellent.
| MORE COMPUTING INTELLIGENCE |
IDG.net home page
|
| An introduction to security and authentication |
| Authentication in Windows 2000 |
| Mobile Insights into security |
| E-BusinessWorld |
| Reviews & in-depth info at IDG.net |
| TechInformer |
| Year 2000 World |
| Questions about computers? Let IDG.net's editors help you |
| Subscribe to IDG.net's free daily newsletter for IT leaders |
|
Search IDG.net in 12 languages |
| News Radio |
Fusion audio primers
|
|
Computerworld Minute
|
Arcot's new technology, Cryptographic Camouflage, is the key component of WebFort and protects a user's private key, the "key to the kingdom" in the world of PKI (public key infrastructure). Normally an encrypted message can be decrypted by exhaustively searching the key space. When the result is a readable message, the correct key has been found. Cryptographic Camouflage confuses this scenario by having a readable message result from any key in the key space. Thus hackers must attempt to access the system with the key before knowing if it is the correct one. This unique approach sounds, in theory, more secure than current cryptographic implementations. Time will tell if this holds up in practice.
WebFort can be integrated with any of the major CA (certificate authority) products and ODBC-compliant databases on the market. Two-factor authentication is provided through a user-selected PIN (personal identification number) and an ArcotCard software token. The ArcotCard stores the user's private key and an X.509 Version 3 digital certificate. The private key is encrypted by the PIN.
There are three main components of WebFort: the Personalization Station, the WebFort Server, and the WebFort Proxy. The Personalization Station comprises several services. The main function of the Personalization Station is to provide the administrative interface used to create and administer ArcotCards. This Web interface is very elegant and easy to use. The Personalization Station also contains the Roaming Service, which is arguably the best part of WebFort. The Roaming Service allows users to access their ArcotCards from any machine connected to the Internet.
If the administrator enables roaming, the ArcotCard is retrieved from the Roaming Server each time the user accesses the system. If roaming is not enabled, the user downloads the ArcotCard onto the local machine and uses it there. The Personalization Station also contains the Broadcast Service, which lets multiple WebFort servers communicate with each other, and the Registration Authority (RA), which allows WebFort to talk to the CA.
The second main component, the WebFort Server, contains the Authentication Server. This server processes all authentication requests and logs all events in case past transactions need to be reviewed. The WebFort Server also contains the Web Server filter, which allows a Web server to use WebFort for authentication. WebFort currently supports Microsoft Internet Information Server (IIS) and Netscape Enterprise Server. The WebFort Server also contains the Access Control Server, which can specify which URLs each user can access and store this information in the Access Control List database.
The third main component, the WebFort Proxy, contains the Authentication Proxy. This proxy redirects requests to the Authentication Server and allows extranet partners or other business locations access to the Authentication Server.
I looked at WebFort running with Microsoft's Certificate Server and Access Database. I found the installation procedure to be very quick and simple. I created several cards, enabling roaming on some, and used the cards to access Web sites.
I would recommend this product to someone looking to implement strong authentication via the Web. WebFort is very scalable, cost efficient, and flexible; it can be modified to fit almost any architecture.
If you are authenticating users via an intranet and are protecting highly sensitive or confidential information, I would suggest staying with the more time-tested hardware solution. But at a starting price of $15,000 with few additional costs, WebFort is a great way to start securing those Web applications. I rate its value as excellent.
RELATED STORIES:
New tools thwart Webjackers
November 2, 1999
Symantec bundles safe surfing tools
October 19, 1999
Is the e-commerce boom fueling security holes?
April 26, 1999
Better Business Bureau joins online privacy fray
March 19, 1999
RELATED IDG.net STORIES:
Novell offers multiple-level security authentication
(Network World)
Exodus offers new security services for dot-coms
(IDG.net)
Mobile Insights into security
(InfoWorld.com)
Vendors see digital ID as mobile commerce boost
(IDG.net)
Signed and delivered: An introduction to security and authentication
(JavaWorld)
Aventail centralizes authentication tasks
(InfoWorld.com)
Authentication in Windows 2000
(Windows Tech Edge)
Intel offers doctors online authentication service
(IDG.net)
RELATED SITES:
Arcot Systems
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.