Last week we showed how a virtualized desktop environment can help reduce IT costs, improve end-user flexibility and at the same time lay the foundation for improved IT-security. In the fifth and last article in our series about security and virtual desktop environments we will take an in-depth look at how smart card-based login can further improve the security.
How PKI and smart cards work
As security challenges increase for companies and organizations, qualified solutions based on the combination of PKI and smart cards have made huge inroads. By combining technology, processes and standards, PKI offers:
- Authentication – strong asymmetrical two-factor authentication
- Non-repudiation – proof of the integrity and origin of data through digital signing
- Integrity protection – prevents unauthorized interception of communication
- Confidentiality – only authorized recipients can access the information
Two encryption keys are directly linked to the sender of the information (a person, an IT service or an application) and the recipient. The information is guaranteed to be free from interception, so-called man-in-the-middle intrusions, and cannot be read by anyone other than the intended recipient. This allows information to be exchanged over a fundamentally insecure network such as the Internet, without the risk of unauthorized views.
Another cornerstone of PKI is that authorized users need to be able to clearly identify themselves for the system and the services available, while providing information on their unique encryption keys. This is handled by individual, personal certificates, which contain information about the user and its public key. The certificate is preferably stored on a smart card and is mathematically linked to the private key on the card. The private key can only be used by someone who knows the card’s PIN code. Smart cards are small and completely mobile and, unlike a computer hard drive, they can easily be brought along when the user is leaving the workplace. Combining different features on the card, such as key-card entrance, personal ID and follow-me printing increases the incentive for employees to actually take the card with them when they leave their computer.
The user logs in to the IT environment with a combination of a smart card and a PIN code. This gives “two-factor authentication,” a combination of two things: information from the user with something that they physically hold. By combining two-way SSL, two-factor authentication, and the use of smart cards with hard certificates, PKI and smart cards offer one of the strongest alternatives for a secure IT environment on the market.
Net iD Enterprise from SecMaker
Net iD Enterprise from SecMaker is the market’s most qualified software for handling smart cards and certificates. Net iD Enterprise offers full support for authentication, encryption, and digital signing, and is one of the IT sector’s strongest and most user-friendly security solutions.
Net iD Enterprise is based on open international standards and documented interfaces. This ensures that the solutions perform optimally regardless of platform or operating system: Windows, Linux, Novell NetWare, Mac OS X, Microsoft Terminal Server or Citrix. Standardized application interfaces enable the integration of Net iD Enterprise with applications and services, such as MS Active Directory, VPN solutions, web applications,and business support systems: EMR systems, POS systems, etc.
All in all, this means that Net iD Enterprise can be integrated with virtually any target environment without costly and time-consuming customizations.
Net iD with Citrix® XenDesktop™ and Citrix® XenClient
The modular architecture of Net iD Enterprise also enables customization to a virtual environment. Just as operating systems and applications can be virtualized and managed centrally while at the same time made available to each individual employee, the Net iD client software can also be virtualized. The client software is decoupled from the physical workplace and the smart card reader, and is run as a virtual client in a central server in the company’s data center.
This means that Net iD Enterprise can be used to great advantage to strengthen security in virtual environments. The client doesn’t need to be installed on the local PC, thin client or handheld device. Instead, the card reader is emulated through virtual channels via PC/SC to the server and all applications and features that are normally offered on the local client are available in the virtual environment.
In addition to the improved security through PKI in combination with smart cards, Net iD Enterprise integrated in the virtual Citrix environment offers a number of features that can be activated to improve end-user usability such as Single Sign-On and support for Automated processes and Session roaming.
To conclude, Net iD Enterprise and smart cards add value to the virtualized Cixtrix-environment by offering strongly improved IT security and by introducing a number of user-friendly features that improve usability for the organization’s end users in a modern, mobile working environment.
The article is the last in our series about smart card-based security in virtual deskop environments. You can also download the complete series as a whitepaper: Security and virtual desktop environments.
SecMaker is the Nordic region’s leading supplier of smart card-based security solutions to companies, public agencies and organizations. If you want to know more about smart card based IT-security you are welcome to contact us.