MCTS 70-680: Smartcards

Smartcards can be used in Windows 7 for authentication and access control. They can also be used with other 3rd party systems for single sign-on that is the same Smartcard can be used for many different systems. This video looks at how a Smartcard work, combining it with other authentication systems and group policy settings that can be configured for use with Smartcards. What is a Smartcard A smartcard is a card with a small micro chipped embedded on the card. The chip is capable of holding information likes keys. The difference between a Smartcard and USB storage is that the Smartcards is capable of doing a small amount of processing. This means items like keys never need to leave the card. To remove the chip from the card is extremely difficult and the process will often destroy the chip. Signal Sign-On Signal sign on is when the one Smartcard is used to access many different systems. This could include the building access, access to Unix based systems and can even used with BitLocker. BitLocker is a system that encrypts your hard disk. Using a Smartcard you could have access to the BitLocker drive controlled by the SmartCard. Without the Smartcard access to the BitLocker drive is not possible. So using a single Smartcard could grant access to the office, logon to the network and decrypt the hard disk of your computer. When Signal Sign-on is implement well, the user should only have to enter in or use their Smartcard once to gain access to everything on the network. Mutli Factor Authentication This is when multiple authentication systems are combined together. Generally these are divided up into 3 categories. These are something you have, something you know or something you are. Something to have is an item you have that provides access. Examples are a Smartcard, token or proxy card. Something you know is a password, pin or privacy question like your date of birth. Something you are is finger print, hand and eye scanners. When you use two or more of these authentication systems together it is referred to as multi factor authentication. Two authentication systems used together is often called two factor authentication and three factor is often called three factor authentication or simply just multi factor authentication. Smartcard with PIV Personal Identify Verification (PIV) is a standard used with Smartcards. If you have a Smartcard that supports PIV the Smartcard will work in Windows 7 without the need for additional software. Without PIV, you may need to install additional software from the manufacturer to use and configure the Smartcard. Smartcard Protocols The main protocol that is used with Smartcards is Tunnel Layer Security (TLS). This is often used with EAP or PEAP written as EAP-TLS and PEAP-TLS. Group Policy The settings from Smartcards can be found in Computer Configuration\Polices\Windows Settings\Security Settings\local polices\Security options Interactive logon: Require smartcard When configured this will mean that a Smartcard is required to login to Windows 7. Without the Smartcard, the user will not be able to login to Windows. Interactive logon: Smart card removal behaviour This setting will determine what happens when the Smartcard is removed from the computer. This can be configured to no action, lock workstation, force logoff and disconnect if a remote desktop services session. See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for are always free training videos. This is only one video from the many free courses available on YouTube.