TechNet Home > TechNet Security > Library > Network Security

The Secure Access Using Smart Cards Planning Guide

Chapter 1 - Introduction

Updated: June 30, 2005

Executive Summary

Administrators are increasingly aware of the dangers that result if they rely only on user names and passwords to provide authentication to network resources. Attackers can guess user names, or use such publicly available information as an e-mail address on a business card to identify a user name. When an attacker knows a user name, the only security mechanism that remains is a user’s password.

Single secrets such as passwords can be effective security controls. A long password of more than 10 characters that consists of random letters, numbers, and special characters can be very difficult to crack. Unfortunately, users cannot always remember these sorts of passwords, partly due to fundamental human limitations.

Research by George A Miller, published in The Psychological Review in 1956, concluded that the human brain has a short-term memory limit of between five and nine random characters, with an average of seven. However, most security guidance recommends at least an eight-character random password. Because most users cannot commit an eight-character random password to memory, many opt to write it down on a piece of paper.

Users rarely show great discretion when they write down passwords, and so provide opportunities for attackers to compromise their credentials. Where there are no restrictions on password complexity, users tend to choose easy to remember passwords such as "password" or other easily guessed words.

Pass phrases are longer passwords that users can remember more easily. Microsoft® Windows® 2000, and later versions of the Windows operating system, supports passwords of up to 127 characters in length. A strong pass phrase such as "I like 5-a-side football!" significantly increases the difficulty for tools that use brute force methods to crack a password and is easier for a user to remember than a random mix of letters and numbers.

Two-factor authentication systems overcome the issues of single secret authentication by the requirement of a second secret. Two-factor authentication uses a combination of the following items:

•	Something that the user has, such as a hardware token or a smart card.
•	Something the user knows, such as a personal identification number (PIN).

Smart cards and their associated PINs are an increasingly popular, reliable, and cost-effective form of two-factor authentication. With the right controls in place, the user must have the smart card and know the PIN to gain access to network resources. The two-factor requirement significantly reduces the likelihood of unauthorized access to an organization’s network.

Smart cards provide particularly effective security control in two scenarios: to secure administrator accounts and to secure remote access. This guide concentrates on these two scenarios as the priority areas in which to implement smart cards.

Because administrator-level accounts have a wide range of user rights, compromise of one of these accounts can give an intruder access to all network resources. It is essential to safeguard administrator-level access because the theft of domain administrator-level account credentials jeopardizes the integrity of the domain, and possibly the entire forest, together with any other trusting forests. Two-factor authentication is essential for administrator authentication.

Organizations can provide an important additional layer of security if they implement smart cards for users who require remote connectivity to network resources. Two-factor authentication is particularly important with remote users, because it is not possible to provide any form of physical access control for remote connections. Two-factor authentication with smart cards can increase security on the authentication process for remote users who connect through virtual private network (VPN) links.

The Business Challenge

Compromise of administrator account credentials on domain-joined computers can jeopardize the integrity of the entire domain, the forest in which that domain resides, and other forests and domains that have trust relationships to that forest. The compromise of remote access accounts can result in the access of sensitive information through dial-up or VPN connections by external attackers.

The business challenge to safeguard administrator and remote access connections is to provide a suitable level of security that does not compromise usability. An organization that implements two-factor authentication to improve security cannot run at optimal efficiency if users cannot access the information that they need to do their jobs. It is of critical importance to balance two-factor authentication against usability.

The Business Benefits

The use of smart cards to secure critical accounts can produce the business benefits that follow:

•	Greater protection for sensitive data. Smart cards reduce the threat of unauthorized access by the use of stolen credentials because the hacker must both steal the smart card and obtain the PIN.
•	Better security for logon credentials. Smart cards use digital certificates for logon credentials, which are difficult to forge.
•	Higher levels of regulatory compliance. Being able to identify that the logged-on user is who they say they are provides greater credibility to monitored logs.
•	Lower probability of repudiation. Smart card authentication reduces the ability of individuals to deny their actions.
•	Better integration with access management systems. Some smart cards also function as key cards to manage physical access, such as controlled door locks to access a physical site and between sectors within the site. The combination of smart card and key card makes it easy to control the exact level of network and physical access for a user or an administrator, and reduces the fear of security compromise.

Who Should Read This Guide

The intended audience for this guide includes technical decision makers, enterprise architects and enterprise security administrators who will plan, deploy, or operate remote access links and network security. Consultants who will in plan, deploy, or operate Windows-based networks should also find this information useful.

The information in this guide applies to organizations of all sizes that require strong identity protection and data access control.

Reader Prerequisites

To understand the solutions presented in this guide, readers should understand and be familiar with the following areas and technologies in Microsoft Windows Server™ 2003:

•	Routing and remote access, which includes VPN components
•	Certificate Services and Public Key Infrastructure (PKI)
•	The Active Directory® directory service
•	Group Policy

This guide covers the Operating and Supporting process model quadrants within the Microsoft Operations Framework (MOF). It also covers the Security Administration and Incident Management service management functions (SMFs) within MOF. For more information about MOF, see the Microsoft Operations Framework Web site at www.microsoft.com/mof.

Top of page

Planning Guide Overview

This guide includes four chapters that focus on the essential issues and concepts required to plan smart card authentication. These chapters are:

Chapter 1: Introduction

This chapter provides an executive summary, considers the business challenges faced and benefits gained if you implement smart card authentication. The chapter suggests the recommended audience for the guide, lists the reader prerequisites, and provides an overview of the chapters and solution scenarios.

Chapter 2: Smart Card Technologies

This chapter outlines the approaches in the use of smart cards to secure critical accounts. It also discusses the essential elements for the two solution scenarios that chapters 3 and 4 cover. Finally, this chapter introduces Woodgrove Bank, which is the basis of the two solution scenarios.

Chapter 3: Using Smart Cards to Help Secure Administrator Accounts

This chapter describes the design considerations required to secure administrator accounts with smart cards. The chapter goes on to examine the issues and requirements for Woodgrove Bank. It discusses the solution concept, prerequisites, solution architecture, and solution operation for the scenario. Finally, the chapter reviews possible options to extend the solution to incorporate the change management process.

Chapter 4: Using Smart Cards to Help Secure Remote Access Accounts

This chapter describes the design considerations for remote access with smart cards. The chapter goes on to examine the issues and requirements for the implementation of secure remote access for Woodgrove Bank. It discusses the solution concept, prerequisites, solution architecture, and solution operation for the scenario. Finally, the chapter reviews how to extend the solution to incorporate physical access control.