Authentication is the procedure through which a user or a device or a service (or application) provides sufficient credentials to satisfy access requirements to another service, application, or system.

User Authentication Strategy:

·         Prepare and plan for Strong User Authentication

·      Educate line of business application owners to use standard OS and directory protocol authentication and avoid application custom authentication.

·         Use PKI product for digital certificate service and RMS product for license servic

·         Keep Password logon as temporary authentication method for problematic road warriors

·         Use Kerberos V5 as authentication protocol

·         Use Smartcard/PIN two factor authentication, and evaluate USB Tokens, Wireless Smart Card, Biometrics, TPM authentication

 

Application/Service Authentication Strategy:

·         Use Managed Password (strong password and changed by application itself), Hash, or Software Token for system account

·         Evaluate TPM as long term solution for application/service authentication

 

Device Authentication Strategy:

·         Use EAP-TLS machine cert in conjunction with user smart card cert for wireless LAN access

·         Use Windows Vista (with Network Access Protection feature at server side) for wireless Corpnet LAN connection

·         Use Windows Mobile 2005 (with software cert authentication) for wireless phone device email synchronization

·         Evaluate TPM as long term solution for device authentication