The Ethical Hacker Network

eth3real

Full Member

Offline

Posts: 130

SmartCards

« on: April 25, 2008, 11:14:30 AM »

Just picked up a Smart Card reader and a few cards.

Apparently trying to program smart cards for use in a Windows Domain is freaking ridiculous, so I was wondering if anyone has had any luck with this either in Windows or Linux? It's really just for personal use and practice right now. After I have a good understanding of how they work, how to program them and implement them effectively, I may use them in the office.

Thanks!


	Logged

Jess Hires
MCP, C|EH

eth3real

Full Member

Offline

Posts: 130

Re: SmartCards

« Reply #1 on: May 22, 2008, 01:45:08 AM »

I guess there isn't much of a standard for implementing smart cards in any environment. Tongue

Does anybody have a success/failure story about implementing smart cards?


	Logged

Jess Hires
MCP, C|EH

jimbob

Sr. Member

Offline

Posts: 297

Re: SmartCards

« Reply #2 on: May 22, 2008, 04:15:08 AM »

The problem with smartcards is, while they are technically more secure than passwords users have a tendancy to leave them inserted in the machine. I don't know if this alone has slowed their adoption, most likely cost is the main factor.

I've not heard of anyone using smartcards for anthing other than thin clients. I think the Sun Ray thin client used smartcards so you could plug in and see your desktop from any terminal. I too would be interested in hearing from anyone else who has implemented this technology.

Jimbob


	Logged

ChrisG

EH-Net Columnist
Hero Member

Offline

Posts: 1008

Re: SmartCards

« Reply #3 on: May 22, 2008, 10:36:27 AM »

you can integrate smartcards into AD but i dont think it is as simple installing one application. there are card readers/software, certificate management, getting the certificates/tokens on the smart cards. its been done though. i think microsoft has some documentation on it.


	Logged

...tests i took go here...

http://carnal0wnage.blogspot.com/

eth3real

Full Member

Offline

Posts: 130

Re: SmartCards

« Reply #4 on: May 22, 2008, 01:30:10 PM »

I know a little bit about implementing it in Windows, but I haven't been able to do the whole process. You're right, it does require a certificate authority, etc., but it is difficult. I was having problems with the smart cards I bought. Something about not having a driver for the type of smart card I had, though I had no problems with the driver for the reader.


	Logged

Jess Hires
MCP, C|EH

JobMatchNow

Newbie

Offline

Posts: 24

Re: SmartCards

« Reply #5 on: June 12, 2008, 09:34:15 AM »

I have seen some installed at the military recruiters office.


	Logged

g00d_4sh

Sr. Member

Offline

Posts: 293

Re: SmartCards

« Reply #6 on: June 16, 2008, 05:05:23 PM »

My office has been 'moving toward' them for about... 3 years now. We have to purchase new keyboards with "smart card" reader strips along the top. And our new doors are supposed to have them as well. Due to other more prioritized things.... 3 years later and we don't have a single smart card reader actually being used in the office. But... we have them around for IF we ever do use them. Wink

I'd be interested in hearing anyone's personal experience in implimenting them too, since I will probably be the one who has to do it.


	Logged

"Bad.. Good? I'm the guy with the gun"

apollo

Newbie

Offline

Posts: 35

Re: SmartCards

« Reply #7 on: June 16, 2008, 09:16:36 PM »

As far as using smart cards for Two-Factor Authentication(TFA), unless the smart cards are being used for things like code-signing, X of Y authentication where a certain number of people have to be present to do something, or encryption, I prefer the key-fob method. RSA and a number of others implement token based authentication where you are required to enter both your pin and a token value which changes periodically in order to authenticate. These types of technologies are implementable cross platform and can tie into things like VPN's and radius fairly easily.

For things like file encryption, smart cards/USB Keys are really neat. Combining with two factor authentication with certificates allows for the encryption/decryption keys for files/file systems to live with you. I like the USB token idea better because if your company is devoted to the solution it's less likely to be left at the office because it's required to check email from home. The only caveat is, make sure that your PKI implements a key recovery agent for EFS/Bitlocker if you use a solution like that because people will lose these things.


	Logged

ChrisC

Newbie

Offline

Posts: 4

Re: SmartCards

« Reply #8 on: June 18, 2008, 01:04:48 AM »

g00d_4sh: I'm not sure how much experience you have with smartcards or various solutions pertaining to them.

While I have not deployed and implemented a solution within my company, I can say we have reached the pilot stage and we are more or less awaiting management approval...

I have found that Gemalto is a very good company to work with. Our goal was to utilize smartcards for network log on, local log on for VPN users, and physical access with our existing access card system. In other words they needed to be contact and contactless smartcards. I contacted Gemalto and they were very diligent in finding an appropriate solution, even going as far as creating a custom card for our particular environment so we didn't have to update our physical access readers (they have a great relationship with HID) - it's also worth mentioning Gemalto cards are natively supported on Vista.

If you have any more technical questions, don't hesitate to private message me, or post here for the benefit of all members.

Chris


	Logged

g00d_4sh

Sr. Member

Offline

Posts: 293

Re: SmartCards

« Reply #9 on: June 18, 2008, 12:47:49 PM »

ChrisC, thank you very much for your reply. My organization is a bit on the 'slow' side on many things. We are going to have to impliment the cards due to mandates from Wash DC though eventually. The cards/system from Gemalto, do you know off hand if it meets with HSPD-12 compliance?


	Logged

"Bad.. Good? I'm the guy with the gun"

ChrisC

Newbie

Offline

Posts: 4

Re: SmartCards

« Reply #10 on: June 18, 2008, 02:32:47 PM »

g00d_4sh, no problem - glad to help.

There are many variations on the cards that you can get from Gemalto, to suit certain needs.

Your best bet would be to identify the requirements that are needed and begin your search based on your set of requirements. But just a quick look using:

http://www.google.ca/search?hl=en&q=site%3Agemalto.com+%2B+HSPD-12+compliance&meta=

Hit quite a few pages, so I think you're in luck. It's important to remain vendor neutral and maybe I haven't been. So another great company is Giesecke & Devrient - http://www.gi-de.com/ - I'm sure they can suit your needs also.

It should be noted based on you mentioning you're in the US, that Gemalto was the underlying card used in the Department of Defense Common Access Card initiative.

I meant to address jimbob's comment earlier - there is a big concern regarding people leaving their cards left within the device. There are a few ways to combat this, first a directive control can be used such as policy, and measured with spot checks. Unfortunately this isn't a preventative measure in nature - only detective. That's why we opted to use our cards for physical access as well. They can only get around the building with their card.

Chris


	Logged

Pages: [1] Go Up

« previous next »

ChicagoCon 2008f

ChicagoCon 2008f

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!

ChicagoCon 2008f

ChicagoCon 2008f

ChicagoCon 2008f Support EH-Net by Buying all of your Amazon items using the search bar above. Try CBT Nuggets Free!

ChicagoCon 2008f

ChicagoCon 2008f

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!