Device Integrity Protection - Protecting Tokens and Smart Cards
While SecureDoc performs an invaluable service ensuring that data is protected by encryption, and that user access to SecureDoc-protected devices is locked down and governed by permitting only specific users to authenticate at Pre-Boot, there are other risks that any security-conscious organization should be aware of and include in its overall security design.
Protecting Tokens and Smart Cards
The use of Tokens and Smart Cards (or similar physical objects used in authentication) presents some requirements for common-sense rules for their use and protection, in order that they can provide the greatest protection strength possible against intrusion into whatever they are protecting.
The great potential benefit of the use of Tokens or Smart Cards in securing a SecureDoc protected device is that, without the Personal Identification Number (PIN) that unlocks the Tokent or Smart Card, there can be no access to the "secret" information within that will subsequently unlock the SecureDoc-protected computer.
If the Token or Smart Card is unavailable, there are no passwords or other credentials normally that can be used to access the device, because its access has been defined as requiring the use of a Token or Smart Card.
In the case where Tokens or Smart Cards are used to authenticate to a computer or other device, normally these will have some means of authenticating to the token or smart card itself. This is normally through a PIN (Personal Identification Number), or similar password-like item of secret information known only to a legitimate user.
As a natural consequence, users should ensure that the means of authentication - whether it be a password, or PIN - is never written down or stored together or in an insecure place that could be accessed by a potential intruder.
Such a scenario would readily provide an intruder with both the Token/Smart Card and the PIN that unlocks it, making easy an attack the device intended to be protected and completely nullifying the value and heightened security that the use of Tokens and Smart-Cards offer.
Precisely the same rule any security-conscious IT Specialist would define to ensure that computer users do not leave their machine password on a sticky note adhered to their monitor applies here.
The Token or Smart Card's security integrity must be maintained, such that only a legitimate user can securely provide the unique PIN that unlocks the Token/Smart Card. This in turn releases to the SecureDoc-protected device the certificate or other "secret" information that will finally unlock access to the SecureDoc-protected device.