| Creating a secure KVM environment |
| Monday, 12 December 2011 00:00 | |||
|
Raritan looks at how to provide a safe KVM environment While many organizations have employed smart card identification to enhance their physical security infrastructure, KVM (Keyboard, Video & Mouse) system users in particular can benefit greatly from the two-factor authentication that a smart card inherently provides to the logical realm (access to software and application systems on servers). However, whereas a physical security system that incorporates smart cards is straightforward to implement, logical security using PKI-based authentication (Public Key Infrastructure) incurs very specific practical obstacles during implementation in a data center, network operating center, lab or any facility that relies on a KVM system for efficient operation. While smart card readers themselves are inexpensive, 1-to-1 mapping of card readers to server hardware neutralizes many of the efficiencies that a high-density server environment with few user touchpoints provides. IT managers thus face a difficult decision: greater security or greater convenience.
Before the modern server boom, most computer rooms employed a keyboard and monitor for each server – a 1-to-1 mapping. But KVM switching technology later eliminated this inefficient deployment, allowing one set of keyboard, monitor and mouse peripherals to be deployed to many servers at once. By extending its peripheral set to include smart card readers, modern KVM switches with smart card capabilities can allow data center managers to enjoy the best of both worlds: greater security and greater convenience. The use of integrated PKI and smart card authentication infrastructure for strengthening user identification credentials is growing worldwide. Driving the demand is an increased need for greater physical security along with the requirement for stronger authentication of individuals accessing networks, often referred to as “logical access control.” For logical access, smart cards provide additional security to organizations that require multifactor authentication without hampering user convenience. Managing employee credentials for physical access to facilities and logical access to IT infrastructure can be burdensome and expensive – even simple tasks such as password resets and reminders can incur nontrivial costs in a large organization. Smart cards provide a form of identification that can be used to secure both physical and logical access while combining other business benefits. Thus, many organizations have employed secure, portable and multipurpose employee badges to enable an efficient and cost-effective identity management system. A sound understanding of the business processes and goals within an enterprise is a key to the most successful implementations of smart cards. A pioneer in the adoption of smart card infrastructure is the United States Department of Defense (DoD), which has 3.8 million smart card users as a result of its Common Access Card (CAC) program1, an initiative motivated by HSPD-12. This presidential mandate intends to achieve improved physical and logical security of Federal defense employees and contractors worldwide by requiring extensive implementation of smart cards in the DoD. On the server side, special middleware deployed on each target server communicates with the card reader and the authentication infrastructure that’s in place. The middleware is essentially a “go-between” that utilizes various specifications (such as PC/SC and x.509) and supports PKI certificates – enabling the use of smart cards for a wide variety of desktop, network security and productivity applications. Additionally, a driver compatible with the card reader must be running on each target server. Compatible drivers are typically provided as a standard component of the server’s operating system. Reader manufacturers also provide drivers as a download on their respective web sites.
|
