Authentication Strategy
Authentication is the procedure through which a user or a device or a service (or application) provides sufficient credentials to satisfy access requirements to another service, application, or system.
User Authentication Strategy:
· Prepare and plan for Strong User Authentication
· Educate line of business application owners to use standard OS and directory protocol authentication and avoid application custom authentication.
· Use PKI product for digital certificate service and RMS product for license servic
· Keep Password logon as temporary authentication method for problematic road warriors
· Use Kerberos V5 as authentication protocol
· Use Smartcard/PIN two factor authentication, and evaluate USB Tokens, Wireless Smart Card, Biometrics, TPM authentication
Application/Service Authentication Strategy:
· Use Managed Password (strong password and changed by application itself), Hash, or Software Token for system account
· Evaluate TPM as long term solution for application/service authentication
Device Authentication Strategy:
· Use EAP-TLS machine cert in conjunction with user smart card cert for wireless LAN access
· Use Windows Vista (with Network Access Protection feature at server side) for wireless Corpnet LAN connection
· Use Windows Mobile 2005 (with software cert authentication) for wireless phone device email synchronization
· Evaluate TPM as long term solution for device authentication
