To ensure secure connections for remote users on its wide-area network, an Alberta school district has chosen a two-factor authentication system that combines passwords with security tokens that plug into the Universal Serial Bus (USB) ports of its computers.
Aspen View School Division extends over several thousand square miles in northern Alberta and takes in 13 public schools. With distances of as much as 200 miles between schools, the division chose a wireless wide-area network to tie its facilities together. The network was built as part of a technology overhaul that began four years ago.
Aspen View uses virtual private network (VPN) technology for security both within the network and for remote access. But for the administrators and trustees who can connect to the network remotely, the school division has supplemented this with two-factor authentication.
Ernest Aleixandre, who joined the school division at that time as co-ordinator of technical services, said a password by itself is not enough security, because brute-force attacks and social engineering tactics can break through password protection. So Aleixandre decided on a two-factor system.
As is typical of two-factor systems, the Authenex Strong Authentication System from Authenex Inc. of Hayward, Calif., uses a combination of something the user knows and something he or she has. What the user knows is the password. What the user has is an electronic device Authenex calls an A-key or token, which is about the size of a car key and can be carried on a key chain. The user has to connect this to the computer’s USB port to log on to the network.
If a key is lost, the system administrator can disable it, said Mark Ruch, director of marketing for Authenex, and if someone enters an incorrect password three times running the security system will block further attempts to connect.
Aspen View is using the Authenex system for between 15 and 25 trustees and main-office administrators who have remote-access privileges today, Aleixandre said, and will shortly extend it to school administrators making a total of between 50 and 60 remote users.
Ruch said two-factor authentication has been popular in larger businesses and government for some time, but the cost has been a barrier for smaller organizations. By designing its own chip, he said, Authenex has developed a lower-cost system and is aiming to penetrate markets where two-factor authentication has not reached before.
The tokens start at about US$25 and a complete system for 25 users costs roughly US$2,995, Ruch said, with the cost per user declining for larger systems.
Authenex also recently began offering a system that uses the A-keys to secure access to hard disks, said Ruch.
Tom Slodichak, chief security officer at security firm WhiteHat Inc. in Burlington, Ont., said two-factor authentication is a “”very inexpensive way of adding massive security to a network.””
Many passwords are weak, Slodichak said, and passwords that are harder to break – because they are longer or made up of random patterns of letters and digits – are harder to remember, so users are apt to write them down, which compromises security.
Aleixandre said the Authenex system gives Aspen View security that is streamlined and easy to manage on the server side, yet intuitive enough that users can feel comfortable with it. The system was easy to deploy and staff have no trouble using it, he said.