Solved

USB key security for OWA

Posted on 2008-10-27
6
466 Views
Last Modified: 2013-12-04
Hi Everyone,

I'm just wondering is it possible for one to use USB key loaded up with certificate for a "token" like security measure without using smart card to access OWA ?

0
Comment
Question by:jjoz
  • 3
  • 2
6 Comments
 
LVL 3

Accepted Solution

by:
DBT_Support earned 250 total points
ID: 22811648
Is this the kind of solution you are looking for? http://www.authenex.com/authenex-solutions/strong-authentication-for-owa.htm
Authenex 2Factor authentication can be done with a usb dongle, and then the username and password.
Also client side security certificates generated from an internal CA will provide a second factor.
This certificate will need to be loaded into the certificate store, and is not eaily USB portable.
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 250 total points
ID: 22812814
If you aren't looking for 'traditional' smartcard styled USB token access, you could export the certificate (presumably including the private key so they could decrypt files) to file and copy that to a USB token or email it, etc., and then import it to another box (e.g. their home system).  It would stay installed, but would not have the same level of security as a regular smartcard solution which would copy over the public key but keep the private key safe.  Doing it with the export/import method would work fine, but if their home system got compromised then their private key could become compromised, resulting in having to reissue the cert - this would also technically allow someone that had the cert access to decrypt whatever was encrypted with it.  How much this matters is up to your corporate security policy.
0
 
LVL 1

Author Comment

by:jjoz
ID: 22827015
yeah, sort of like that.

i wonder if anyone ever use this http://www.rsa.com/press_release.aspx?id=1575 RSA SecurID® 6100 USB Token for securing the OWA system.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 250 total points
ID: 22830261
That should work fine for housing client certs - this is a smart USB token - essentially a smartcard in a different form factor with a virtual reader instead of a physical one.  Pretty much every smartcard company has added smart tokens to their lineup years ago.  Maybe I misunderstood your initial question - I thought you were looking at attempting a non-smartcard solution meaning using a standard usb flash thumb drive instead of a usb smart token.  

USB smart tokens are pretty neat - try to negotiate a deal with the vendors as most of them have enormous markups on these things - a company I used to test for made them for about 11 bucks and sells them for about 80!  I know they need to make a profit, but I think a 700% markup is a bit extreme.  I would say 30-40 bucks is a decent deal, that's about the price of a standard smartcard.  Its the exact same chip inside - literally - just a different interface.
0
 
LVL 1

Author Comment

by:jjoz
ID: 22836807
yeah,

Paranormastic that's the way i want "would it be possible to secure our OWA using our own USB key ?" that's the question in other words.

but thanks for all who contribute to this thread, now i know that 2-Factor security is possible for securing OWA.
0
 
LVL 1

Author Closing Comment

by:jjoz
ID: 31510216
Thanks for the info.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question