Using Smart Cards
Smart cards can have a variety of uses on your network aside from user logons. They can be used for secure logons, application access, general purpose cryptography, and more. Regardless of how you choose to use smart cards, you’ll need to make sure you keep track of them and keep them secure. In the next few sections, I’ll give you some tips for effectively using smart cards.
Secure Logon
Smart cards are an effective means of user identification, but as a physical factor, they can be lost or damaged. Deciding to use smart cards in your organization means committing to physical management of those cards. Here are some tips for making smart card management easier:
Make sure your users have an easy, fast way of reporting lost or damaged smart cards.
Provide your helpdesk or other organization with the means to quickly disable lost cards by revoking their certificates in your PKI. Exactly how you accomplish this depends on what PKI solution you’re using. With a Windows Server 2003 certification authority (CA), you simply open the Certification Authority MMC snap-in from any authorized client, right-click a certificate to revoke it, and then publish an updated certificate revocation list. For detailed instructions on how to complete this task, see the “Revoking Issued Certificates” section in Chapter 9.
Ensure that your users can quickly obtain replacement cards. Keeping a supply of cards on hand in each of your company’s offices, for example, provides faster service than ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.